4291 matches found
CVE-2022-31622
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs pthreadcreate returns a nonzero value while executing the method createworkerthreads, the held lock is not released correctly, which allows local users to trigger a denial of...
CVE-2022-31621
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dsxbstream.cc, when an error occurs streamctxt-destfile == NULL while executing the method xbstreamopen, the held lock is not released correctly, which allows local users to trigger a denial of service due to the...
CVE-2022-31623
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...
CVE-2022-31623
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...
CVE-2022-31622
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs pthreadcreate returns a nonzero value while executing the method createworkerthreads, the held lock is not released correctly, which allows local users to trigger a denial of...
OpenStack Keystone allows information disclosure during account locking
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking related to PCI DSS features. By guessing the name of an account and failing to authenticate multiple times, any unauthenticated...
SUSE-SU-2022:1832-1 Security update for openldap2
This update for openldap2 fixes the following issues: Security: - CVE-2022-29155: Fixed SQL injection in back-sql bsc1199240. Bugfixes: - allow specification of max/min TLS version with TLS1.3 bsc1191157 - libldap was able to be out of step with openldap in some cases which could cause incorrect...
PT-2022-6784
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a possible kernel memory corruption due to improper locking in multiple functions of io uring.c. This could lead to local escalation of privilege in the kernel wi...
Improper Privilege Management in craftercms
A logged-in and authenticated user with a Reviewer Role may lock a content item...
GHSA-FJ9V-G8FW-VXMF Improper Privilege Management in craftercms
A logged-in and authenticated user with a Reviewer Role may lock a content item...
CVE-2021-23265
Technical details about CVE-2021-23265 are not publicly provided in the supplied documents. The materials confirm a privilege-related issue in Crafter CMS allowing a Reviewer to lock content, but no specifics on affected versions or fix are included. Monitor for updates.
Google Android Information Disclosure Vulnerability (CNVD-2022-42128)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability. The vulnerability originates in monsmcloadsp in gs101-sc/plat/samsung/exynos/soc/exynos9845/smcbooting.S due to improper locking, which can be exploited b...
SUSE-SU-2022:1654-1 Security update for documentation-suse-openstack-cloud, kibana, openstack-keystone, openstack-monasca-notification
This update for documentation-suse-openstack-cloud, kibana, openstack-keystone, openstack-monasca-notification fixes the following issues: - CVE-2021-22141: Fixed URL redirection flaw bsc1186868. - CVE-2021-38155: Fixed information disclosure during account locking bsc1189390. The following...
SSOh-No - User Enumeration And Password Spraying Tool For Testing Azure AD
This tool is designed to enumerate users, password spray and perform brute force attacks against any organisation that utilises Azure AD or O365. Generally, this endpoint provides extremely verbose errors which can be leveraged to enumerate users and validate their passwords via brute...
webkitgtk: Memory corruption issue leading to arbitrary code execution
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution...
NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2022-0002)
The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities: - The Linux kernel before 5.1-rc5 allows page-refcount reference count overflow, with resultant use-after- free issues, if about 140 GiB of RAM exists. This is...
Deprecated safeApprove() function
Originally submitted by warden Dravee in 146, duplicate of 178 related to the use of safeApprove. This is upgraded from a QA report to standalone issue because it correctly described the revert when trying to call safeApprove on non-zero allowance. QA report that only describe safeApprove as...
CVE-2022-28790
CVE-2022-28790 relates to the Link to Windows Service prior to version 2.3.04.1, where improper authentication can allow an attacker to lock the device. The available documents state the patch fixes this by adding proper caller signature check logic. No exploitation details are provided in the so...
CVE-2022-28790
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic...
USN-5399-1: libvirt vulnerabilities
It was discovered that libvirt incorrectly handled certain locking operations. A local attacker could possibly use this issue to cause libvirt to stop accepting connections, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2021-3667 It was discovered that libvirt...