Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties through the importStdMd import process in kernel/api/import.go. An attacker can import data from sensitive or unintended local paths and potentially access or expose local files by...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the forwardProxy function. An attacker can access internal network resources, retrieve sensitive data, and potentially obtain cloud metadata or credentials by supplying a crafted URL to the endpoint...

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity via the /api/file/getFile endpoint. An attacker can access sensitive configuration files by submitting mixed-case paths to bypass case-sensitive checks on case-insensitive file systems. Remediation...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the globalCopyFiles function. An attacker can access sensitive files outside the intended directory by supplying arbitrary file paths to the API endpoint. Remediation Upgrade github.com/siyuan-note/siyuan/kernel/a...

EUVD-2016-9500

Malware in sbrugna...

EUVD-2017-0417

Malware in sbrugna...

EUVD-2018-2004

Malware in sbrugna...

EUVD-2016-4403

Malware in sbrugna...

EUVD-2018-1562

Malware in sbrugna...

EUVD-2018-19966

Malware in sbrugna...

EUVD-2020-12253

Malware in sbrugna...

CVE-2023-6176 Kernel: local dos vulnerability in scatterwalk_copychunks

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Linux Linux_Kernel

Bypassing Spectre-BTI User Space Mitigations on Linux Th...

CVE-2020-1377

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability...

CVE-2020-1378

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability...

CVE-2020-1378

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability...

Privilege escalation

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability...

Privilege escalation

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability...

CVE-2020-1378

CVE-2020-1378 is a Kernel Transaction Manager (KTM) / registry KTM log recovery vulnerability reported by James Forshaw (2019–2020) alongside CVE-2019-0959 and CVE-2020-1377. The connected material links it to KTM log processing and recovery of registry state, noting that KTM transaction handling...

Microsoft Windows and Microsoft Windows Server Elevation of Privilege Vulnerability (CNVD-2020-48261)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Microsoft Windows...