CVE-2026-8786 Tencent WeKnora Config API Endpoint initialization.go getKnowledgeBaseForInitialization authorization

A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...

Malicious code in extrazip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f58777710463b043a0724ad1d7999807501b56667a10eced314fd036e9303fdf During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

EUVD-2022-43805

Malicious code in bioql PyPI...

kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace

Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...

CVE-2023-53331 pstore/ram: Check start of empty przs during init

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a "pstore/ram: Do not treat empty buffers as valid", initialization would assume a prz was valid after seeing that the buffersize is zero regardless of the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from rtw89 sar performing a meaningless lock assertion check during the initialization phase...

Privacy-Preserving Runtime Verification

Runtime verification offers scalable solutions to improve the safety and reliability of systems. However, systems that require verification or monitoring by a third party to ensure compliance with a specification might contain sensitive information, causing privacy concerns when usual runtime...

AZL-48735 CVE-2024-44995 affecting package kernel for versions less than 6.6.51.1-1

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: pf reset start │ ▼ ...... setup tc │ │ ▼ ▼ DOWN: napidisable napidisableskip │...

EDK2: integer overflow in CreateHob() could lead to HOB OOB R/W

A flaw was found in the CreateHob function in EDK2. An attacker, leveraging a local network, can initiate an integer overflow leading to a buffer overflow. This issue arises during size alignment within the CreateHob function, requiring activation in the PEI phase. Successful exploitation of this...

OESA-2024-1289 iSulad security update

This is a umbrella project for gRPC-services based Lightweight Container Runtime Daemon, written by C. Security Fixes: 在isulad服务初始化阶段，会进行临时文件的正确性检查，如果检查不通过则重新创建文件，在检查与创建之间，存在一个条件竞争问题，攻击者可以通过利用该漏洞进行提权。CVE-2021-33632...

PT-2023-32256 · Eclipse +4 · Eclipse Openj9 +4

Name of the Vulnerable Software and Affected Versions: Eclipse OpenJ9 versions prior to 0.41.0 Description: The issue is related to a denial of service caused by a flaw when a shutdown signal SIGTERM, SIGINT or SIGHUP is received before the JVM has finished initializing. This can lead to an...

VulnCheck KEV: CVE-2022-22071

Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress...

CVE-2022-40530

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase...

CVE-2022-40530 Integer overflow to buffer overflow in WLAN

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase...

CVE-2022-40530

CVE-2022-40530 describes memory corruption in WLAN caused by an integer overflow that progresses to a buffer overflow during WLAN initialization. The issue is documented in Qualcomm closed-source WLAN components and is reflected in multiple sources (NVD/Red Hat/CVE lists); exploitation status and...

PT-2023-13814 · Qualcomm · Snapdragon +171

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption in WLAN due to an integer overflow leading to a buffer overflow during the initialization phase. No information is...

UBUNTU-CVE-2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

IBM Storwize SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)

According to its self-reported version number, the IBM Storwize server running on the remote host is affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A...