Race condition

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges...

Race condition

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges...

Race condition

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges...

Race condition

A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges...

CVE-2022-42831

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges...

CVE-2022-42803

A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges...

CVE-2022-42832

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges...

CVE-2022-42806

CVE-2022-42806 is a race-condition vulnerability that Apple fixed in iOS 16.1, iPadOS 16, and macOS Ventura 13. The issue could allow an app to execute arbitrary code with kernel privileges, and the NVD assessment indicates a local attack with high impact, requiring user interaction. Mitigation i...

CVE-2022-42832

CVE-2022-42832 is a race condition in Apple OS components. The descriptor states a race condition was addressed with improved locking, and that the issue could let an app with root privileges execute arbitrary code with kernel privileges. Affected: iOS/iPadOS (fixed in iOS 16.1 and iPadOS 16), ma...

CVE-2022-42803

A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges...

ASB-A-235601882

In getSecurityLevel and setSecurityLevel of DrmPlugin.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2022:3727-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3727-1 advisory. - P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests...

PT-2022-5898 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to incorrect locking in the xen-netback driver of the Linux kernel, which can be exploited to cause a denial of service. Recommendations: At the moment, there is n...

PT-2022-6137 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the kfree skb function in the xen-netback driver of the Linux kernel, which is associated with incorrect locking. Exploitation of this issue may allow an attack...

PT-2022-26613 · Apple · Ipados +3

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16.1 iPadOS versions prior to 16 macOS Ventura versions prior to 13 Description: A race condition was addressed with improved locking, which could allow an app with root privileges to execute arbitrary code with kernel...

Contract locking eth

Lines of code Vulnerability details Impact The JB721Delegate contract contains payable functions, but no function to withdraw the ether. This would allow the ether sent to the contract to be unable to be withdrawn. JB721Delegate.didPay JB721Delegate.didRedeem Proof of Concept JB721Delegate.didPay...

Improper Dependency Locking

JetBrains Kotlin is vulnerable to Improper Dependency Locking. The vulnerability exists in the internal function consumerApiUsage of KotlinUsages.kt because all files for configuration ':metadataCompileClasspath' cannot be resolved with gradle dependency locks which allows an attacker to modify t...

Upgraded Q -> M from 236 [1666363743332]

Judge has assessed an item in Issue 236 as Medium risk. The relevant finding follows: ERC721 token can be lost in fillAsk PROBLEM When a user fills an ask order by calling fillAsk, the ERC721.transferFrom method is used to transfer the NFT to the receiver. Should the receiver be a smart contract...

SUSE: Security Advisory (SUSE-SU-2022:3665-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202210-06 : libvirt: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-06 libvirt: Multiple Vulnerabilities - A flaw was found in libvirt, where it leaked a file descriptor for /dev/mapper/control into the QEMU process. This file descriptor allows for privileged operations to happen against th...