4288 matches found
CVE-2021-0625
CVE-2021-0625 affects MediaTek’s ccu (camera control processor). The Red Hat/NVD entries describe memory corruption due to improper locking, enabling local escalation of privilege with System execution privileges required and no user interaction. The vulnerability impact is stated as local, with ...
CVE-2021-0625
In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594996; Issue ID: ALPS05594996...
CVE-2021-36097
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions...
CVE-2021-36097
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions...
Code injection
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions...
CVE-2021-36097 Agents are able to lock the ticket without the "Owner" permission
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions...
OTRS 授权问题漏洞
OTRS is an application from the German company OTRS. A service management software. An authorization issue vulnerability exists in OTRS, which arises from a product that allows resources to be locked without Owner rights and can be moved to a queue with rw rights for full control. The following...
PT-2021-21117 · Otrs Ag · Otrs
Name of the Vulnerable Software and Affected Versions: OTRS AG OTRS versions 8.0.16 and prior versions. Description: The issue allows agents to lock tickets without the "Owner" permission. Once a ticket is locked, it can be moved to a queue where the agent has "rw" permissions, granting them full...
OESA-2021-1385 libvirt security update
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: An improper locking issue was found in the virStoragePoolLookupByTargetPath API o...
mysql: Server: Locking unspecified vulnerability (CPU Jul 2021)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...
mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
mysql: Server: Locking unspecified vulnerability (CPU Jan 2021)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...
PT-2021-6407 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.3 Description: The issue is related to the use of memory after it has been freed in the Linux kernel, specifically in the fs/quota/quota tree.c component. This occurs when checking the block number in the...
SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2021:3277-1)
The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3277-1 advisory. - An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the...
SUSE: Security Advisory (SUSE-SU-2021:3277-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-36850
Cross-Site Request Forgery CSRF vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...
CVE-2021-36850 WordPress Media File Renamer – Auto & Manual Rename plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...
SUSE-SU-2021:3277-1 Security update for libvirt
This update for libvirt fixes the following issues: - CVE-2021-3667: Fixed an improper locking on ACL failure in virStoragePoolLookupByTargetPath API. bsc1188843...
PUB-A-171315276
In TBD of TBD, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation...