Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from the cdns3 USB driver’s role switching during recovery. During this process, the resume...

EUVD-2021-6778

Malicious code in bioql PyPI...

A single host can approve a proposal for all other hosts in the Party

Lines of code Vulnerability details Summary A single host can approve a proposal by transferring the host role to dummy accounts and voting again to increment the number of approvals. Impact When a proposal is created in a Party, the number of active hosts is snapshotted in the proposal state...

Cross-Site Request Forgery (CSRF)

github.com/usememos/memos is vulnerable to cross-site request forgery. An attacker is able to add new members with any role, via the user API, which allows the attacker to takeover memos application with HOST role...

CSRF allows attacker trigger admin add HOST user lead to takeover memos application

Description This vuln allow attacker trigger admin submitting a malicious request to create new user with any role. Proof of Concept 1. Attacker create malicious script with csrf payload and upload it to attacker server httpx://attacker.server/csrf.html 2. Attacker send this link to memos admin 3...

memos 安全漏洞

memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to assign a HOST role to a new user...

CVE-2021-1311

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker...

CVE-2021-1311

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker...

Design/Logic Flaw

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker...

CVE-2021-1311 Cisco Webex Meetings and Cisco Webex Meetings Server Host Key Brute Forcing Vulnerability

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker...

PT-2021-1765 · Cisco · Cisco Webex Meetings Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings and Cisco Webex Meetings Server affected versions not specified Description: The issue is related to a lack of protection against brute forcing of the host key in the reclaim host role feature. This could allow a remote...

CVE-2020-3126

vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multimedia files. An authenticated, remote...