EUVD-2021-26721

Malware in sbrugna...

EUVD-2021-8962

Malicious code in bioql PyPI...

CVE-2021-21792

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...

CVE-2021-21790

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...

Denial Of Service (DoS)

qemu is vulnerable to denial of service. A use-after-free flaw in the MegaRAID emulator allows an attacker to crash the QEMU process due to an error while processing SCSI I/O requests in the case of an error mptsasfreerequest that does not dequeue the request object req from a pending requests...

CVE-2021-3392

A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsasfreerequest that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU...

Design/Logic Flaw

A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsasfreerequest that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU...

CVE-2021-3392

A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsasfreerequest that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU...

PT-2021-7357 · Qemu +4 · Qemu +4

Name of the Vulnerable Software and Affected Versions: QEMU versions 2.10.0 through 5.2.0 Description: A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error in the mptsas free request function that does not...

Emulation of Kernel Mode Rootkits With Speakeasy

In August 2020, we released a blog post about how the Speakeasy emulation framework can be used to emulate user mode malware such as shellcode. If you haven’t had a chance, give the post a read today. In addition to user mode emulation, Speakeasy also supports emulation of kernel mode Windows...

NZXT CAM Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-03262)

NZXT CAM is a performance monitoring software for gaming computers from NZXT USA. The software can be used to manage computer performance, temperature, and devices to ensure that the computer is at optimal performance. NZXT CAM 4.8.0 suffers from a Privilege Permission and Access Control Issues...

NZXT CAM 信息泄露漏洞

NZXT CAM is an all-in-one software solution for computer hardware monitoring and management. An information disclosure vulnerability exists in the Privileged I/O Read IRP feature of the WinRing0x64 driver for NZXT CAM 4.8.0. An attacker can exploit this vulnerability by sending a specially crafte...

Kernel update: Virtuozzo ReadyKernel patch 44.0 for Virtuozzo 7.0.6 and 7.0.6 HF3

The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to Virtuozzo kernels 3.10.0-693.1.1.vz7.37.30 Virtuozzo 7.0.6 and 3.10.0-693.11.6.vz7.40.4 Virtuozzo 7.0.6 HF3. Vulnerability id: PSBM-80340 Hard lockups happened when the kernel was processing SAK Secu...

Kernel update: Virtuozzo ReadyKernel patch 44.0 for Virtuozzo 7.0.1 and 7.0.3

The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to Virtuozzo kernels 3.10.0-327.42.0.vz7.18.7 Virtuozzo 7.0.1 and 3.10.0-327.42.0.vz7.20.18 Virtuozzo 7.0.3. Vulnerability id: PSBM-80340 Hard lockups happened when the kernel was processing SAK Secure...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

ioreq handling possibly susceptible to multiple read issue

ISSUE DESCRIPTION Single memory accesses in source code can be translated to multiple ones in machine code by the compiler, requiring special caution when accessing shared memory. Such precaution was missing from the hypervisor code inspecting the state of I/O requests sent to the device model fo...

xen-kernel -- ioreq handling possibly susceptible to multiple read issue

The Xen Project reports: Single memory accesses in source code can be translated to multiple ones in machine code by the compiler, requiring special caution when accessing shared memory. Such precaution was missing from the hypervisor code inspecting the state of I/O requests sent to the device...

Moderate: Red Hat Security Advisory: qemu-kvm security and bug fix update

Updated qemu-kvm packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

openSUSE Security Update : kernel (openSUSE-SU-2011:0004-1)

The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2010-4347: A local user could inject ACPI code into the kernel via the world-writable 'customdebug' file, allowing local privilege escalation. CVE-2010-4258: A local attack...