CVE-2023-20939

In multiple functions of looperbackedeventloop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the US company Google. Google Android suffers from a security vulnerability that stems from incorrect locking that corrupts memory, which could be exploited by an attacker to cause a local privilege escalation without additional...

Upgraded Q -> 3 from #460 [1677510923458]

Judge has assessed an item in Issue 460 as 3 risk. The relevant finding follows: Lines of code Vulnerability details Impact The safeTransferFrom function on the ClearingHouse is normally used when an OpenSea auction successfully ends and the required ERC20/WETH have been transferred to the...

K16389: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2013-5908 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling. CVE-2014-0401 Unspecifie...

SUSE CVE-2010-0285

gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor...

SUSE CVE-2010-2024

transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/...

SUSE CVE-2013-0383

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking...

SUSE CVE-2013-1506

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking...

SUSE CVE-2013-1521

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking...

SUSE CVE-2013-5770

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking...

SUSE CVE-2014-0402

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking...

SUSE CVE-2014-8131

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service deadlock or segmentation fault and crash via a request to access...

SUSE CVE-2014-8172

The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service soft lockup or system crash via unspecified use of Asynchronous I/O AIO operations...

SUSE CVE-2015-8340

The memoryexchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service deadlock or host crash via unspecified vectors, related to XENMEMexchange error handling...

SUSE CVE-2016-0667

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking...

SUSE CVE-2016-2547

sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service race condition, use-after-free, and system crash via a crafted ioctl call...

SUSE CVE-2016-6786

kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111...

SUSE CVE-2017-12778

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\Roaming\qBittorrent pathname. The attacker must change the...

SUSE CVE-2017-18221

The munlockpagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service NRMLOCK accounting corruption via crafted use of mlockall and munlockall system calls...

SUSE CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...