1890 matches found
Improper access control
The Trend Micro Maximum Security 2021 v17 consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on t...
CVE-2021-32923
HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...
CVE-2021-32923
HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...
CVE-2021-32460
CVE-2021-32460 affects Trend Micro Maximum Security 2021 (v17). The vulnerability is an improper access control flaw in the installer/console that grants local attackers with existing user access the ability to escalate privileges (up to SYSTEM). The issue arises from incorrect permissions on sen...
CVE-2021-32460
The Trend Micro Maximum Security 2021 v17 consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on t...
UBUNTU-CVE-2021-32625
Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This ...
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This update addresses an issue where certain invalid ECDSA signatures incorrectly passed validation. These signatures provide defense in depth...
GSD-2021-1000019 ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled
ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUGKMAPLOCAL is enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.16 by commit...
UVI-2021-1000019 ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled
ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUGKMAPLOCAL is enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.16 by commit...
CVE-2021-32640
A flaw was found in nodejs-ws. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. Mitigation In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the...
Cross site request forgery (csrf)
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in email protected...
CVE-2021-32640
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...
Trend Micro Maximum Security elevation of privilege vulnerability (CNVD-2021-39046)
Trend Micro Maximum Security is a set of computer security protection software from Trend Micro. The software includes features such as virus detection, malware protection and authentication protection. A security vulnerability exists in Maximum Security that stems from incorrect default...
What is Ping of Death Assault?
Ping of death is a strategy for DoS Denial of Service assault. It’s an attack-type that objectifies the ICMP Internet Control Message Protocol and the TCP Transmission Control Protocol, and is quite possibly the most undermining of all ICMP attacks. The ping of death attack is otherwise called a...
AMSITrigger - The Hunt For Malicious Strings
Hunting for Malicious Strings Usage: AMSI calls xmas tree mode -d, --debug Show Debug Info -m, --maxsiglength=VALUE Maximum signature Length to cater for, default=2048 -c, --chunksize=VALUE Chunk size to send to AMSIScanBuffer, default=4096 -h, -?, --help Show Help " -i, --inputfile=VALUE...
Heap OOB read in TFLite's implementation of `Minimum` or `Maximum`
Impact The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting implementation indexes in both tensors with the same index but does not...
GHSA-24X6-8C7M-HV3F Heap OOB read in TFLite's implementation of `Minimum` or `Maximum`
Impact The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting implementation indexes in both tensors with the same index but does not...
Trend Micro Maximum Security Improper Access Control Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
Maximum Security 安全漏洞
Trend Micro Maximum Security is a suite of computer security software from Trend Micro, Inc. The software includes virus detection, malware protection, and authentication protection.A security vulnerability exists in Trend Micro Maximum Security, which stems from incorrect default permissions in...
PT-2024-11153 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been resolved in the Linux kernel. The problem occurs when creating a control in nvmet alloc ctrl, where if cntlid min is larger than cntlid max of the subsyste...