4287 matches found
CVE-2019-4234
IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416...
Security feature bypass
IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416...
CVE-2019-4234
CVE-2019-4234 affects IBM PureApplication System versions 2.2.3.0–2.2.5.3. The issue is a weakness in the locking feature implementation in the pattern editor, allowing an attacker who intercepts subsequent requests to bypass business logic and modify a pattern to an unlocked state. The NVD entry...
CVE-2019-4234
IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416...
PT-2019-16982 · Ibm · Ibm Pureapplication System
Name of the Vulnerable Software and Affected Versions: IBM PureApplication System versions 2.2.3.0 through 2.2.5.3 Description: The issue is related to a weakness in the implementation of the locking feature in the pattern editor. An attacker can intercept subsequent requests to bypass business...
CVE-2019-2025
In binderthreadread of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...
CVE-2019-2025
In binderthreadread of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...
Input validation
In binderthreadread of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...
UBUNTU-CVE-2019-2025
In binderthreadread of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...
CVE-2019-2025
In binderthreadread of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...
CVE-2019-2025
In binderthreadread of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...
libvirt security update
5.0.0-4.el7 - logging: restrict sockets to mode 0600 Daniel P. Berrange Orabug: 29861433 CVE-2019-10132 - locking: restrict sockets to mode 0600 Daniel P. Berrange Orabug: 29861433 CVE-2019-10132 - admin: reject clients unless their UID matches the current UID Daniel P. Berrange Orabug: 29861433...
IBM PureApplication System pattern editor access control error vulnerability
IBM PureApplication System is a platform system from IBM USA designed for transactional Web and database applications. The system is capable of handling workloads, and all configurations can be maintained and updated from a single console. pattern editor is one of the graphical editors. An access...
Authentication flaw
The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking...
PT-2022-9181 · Gnome +1 · Gnome Shell +1
Name of the Vulnerable Software and Affected Versions: gnome-shell versions affected versions not specified Description: A locking protection bypass flaw was found in gnome-shell, allowing a physical attacker with access to a locked system to kill existing applications and start new ones as the...
Apple macOS kextutil Race Condition Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of kernel...
Denial Of Service (DoS)
Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote authenticated user could exploit a flaw in the Locking component which leads to cause a hang or frequently repeatable crash complete DoS...
Yarn Package Manager Tampering Vulnerability
Yarn Package Manager is a package manager. A security vulnerability exists in Yarn Package Manager, which stems from the program not performing any form of certificate locking and trust management. The vulnerability can be exploited to execute code by replacing the original installation package...
CVE-2019-1732
A vulnerability in the Remote Package Manager RPM subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use TOCTOU race condition to corrupt local variables, which could lead to arbitrary command injectio...
Race condition
A vulnerability in the Remote Package Manager RPM subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use TOCTOU race condition to corrupt local variables, which could lead to arbitrary command injectio...