GSD-2021-1000428 nvmet-tcp: fix incorrect locking in state_change sk callback

nvmet-tcp: fix incorrect locking in statechange sk callback This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.119 by commit...

UVI-2021-1000475 mtd: require write permissions for locking and badblock ioctls

mtd: require write permissions for locking and badblock ioctls This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.233 by commit...

UVI-2021-1000436 mtd: require write permissions for locking and badblock ioctls

mtd: require write permissions for locking and badblock ioctls This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.119 by commit...

GSD-2021-1000475 mtd: require write permissions for locking and badblock ioctls

mtd: require write permissions for locking and badblock ioctls This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.233 by commit...

UVI-2021-1000290 mtd: require write permissions for locking and badblock ioctls

mtd: require write permissions for locking and badblock ioctls This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...

CVE-2021-3567

A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability...

USN-4958-1 caribou vulnerability

It was discovered that the Caribou onscreen keyboard could be made to crash when given certain input values. An attacker could use this to bypass screen-locking applications that support using Caribou as an input mechanism...

USN-4958-1: Caribou vulnerability

It was discovered that the Caribou onscreen keyboard could be made to crash when given certain input values. An attacker could use this to bypass screen-locking applications that support using Caribou as an input mechanism...

Improper Locking in github.com/containers/storage

A deadlock vulnerability was found in github.com/containers/storage in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinite...

Nextcloud: End to end encryption folder locking is not properly protected

I do not see the endtoendencryption app listed here. But since you advertise it big on your website and in communication. And the clients that also support it are covered I assume this is part of the program as well. 1. userA has end to end encryption setup 2. userB wants to annoy userA 3. userB...

CVE-2021-31427

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

CVE-2021-31422

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

AZL-6530 CVE-2021-23133 affecting package kernel for versions less than 5.10.78.1-1

A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctpdestroysock is called without socknetsk-sctp.addrwqlock then an element is removed from the...

CVE-2021-23133

A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctpdestroysock is called without socknetsk-sctp.addrwqlock then an element is removed from the...

Race condition

A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctpdestroysock is called without socknetsk-sctp.addrwqlock then an element is removed from the...

CVE-2021-23133 Linux Kernel sctp_destroy_sock race condition

A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctpdestroysock is called without socknetsk-sctp.addrwqlock then an element is removed from the...

Oracle VirtualBox LsiLogicSCSI Race Condition Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Oracle VirtualBox LsiLogicSCSI Time-Of-Check Time-Of-Use Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Corel Parallels Desktop 安全漏洞

Parallels Desktop is a virtual machine software that runs on Mac computers. An information disclosure vulnerability exists in the Open Tools Gate component in Parallels Desktop version 15.1.5-47309. The vulnerability stems from a lack of proper locking when performing operations on objects. A loc...

RHEL 7 : kernel (RHSA-2021:1028)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1028 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: locking issue in...