6348 matches found
CVE-2021-32773
CVE-2021-32773 affects the Racket sandbox prior to version 8.2. In those versions, code evaluated in the sandbox could cause system modules to erroneously use attacker-created modules instead of their intended dependencies, allowing attackers to control system functions and access restricted faci...
CVE-2021-32773
Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...
CVE-2021-32760
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access t...
CVE-2021-32760
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access t...
DEBIAN-CVE-2021-32760
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access t...
UBUNTU-CVE-2021-32760
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access t...
CVE-2021-32760
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access t...
Racket 安全漏洞
Racket is an open source general-purpose programming language and an ecosystem for language-oriented programming.An access control error vulnerability exists in Racket versions prior to 8.2, which stems from the fact that code evaluated using the Racket sandbox may cause system modules to...
PT-2021-3856 · Unknown +6 · Kubernetes Containerd +5
Name of the Vulnerable Software and Affected Versions: containerd versions prior to 1.4.8 and 1.5.4 Description: The issue is related to a bug in containerd that allows pulling and extracting a specially-crafted container image to result in Unix file permission changes for existing files in the...
CVE-2021-32760
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access t...
CVE-2021-3453
Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage...
Security Bulletin: IBM Security SOAR could allow a privileged user to import non-approved Python2 modules (CVE-2021-29780).
Summary It was possible for a privileged user to import non-approved Python2 modules to create a malicious script. Vulnerability Details CVEID: CVE-2021-29780 DESCRIPTION: IBM Resilient OnPrem could allow an authenticated user to perform actions that they should not have access to due to improper...
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG verification that a kernel module is signed for loading via init_module does not occur for a module.sig_enforce=1 command-line argument.
...
vulhub
This repository is an offensive tool for vulnerability research and exploitation, specifically targeting various web applications and services. It contains a collection of exploits and tools for identifying and exploiting vulnerabilities in software and systems. The primary vulnerability targeted...
多款 Lenovo 设备 安全漏洞
Lenovo Desktops and Lenovo ThinkPad are both products of the Chinese company Lenovo.Lenovo Desktops are desktop computersLenovo ThinkPad is a portable computer.Lenovo Desktops are desktop computers and Lenovo ThinkPad is a portable computer.Lenovo Desktops are desktop computers and Lenovo ThinkPa...
isf
This is an Industrial Exploitation Framework ISF repository, a Python-based framework for exploitation and testing of industrial control systems ICS. The framework is similar to Metasploit and is designed to be used for penetration testing and vulnerability assessment of ICS devices. The reposito...
FindObjects-BOF - A Cobalt Strike Beacon Object File (BOF) Project Which Uses Direct System Calls To Enumerate Processes For Specific Loaded Modules Or Process Handles
A Cobalt Strike Beacon Object File BOF project which uses direct system calls to enumerate processes for specific modules or process handles. What is this repository for? Use direct systems calls within Beacon Object files to enumerate processes for specific loaded modules e.g. winhttp.dll,...
Oracle Auditing Part 3: Unified Auditing
This is the third, and last, article on the topic of Oracle auditing. It is relevant to Oracle 12c only. With Unified Auditing, Oracle simplified the task of auditing activities in a modern database environment, and rather than having to learn multiple methods, patterns, and techniques for both...
DEBIAN-CVE-2021-35039
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIGMODULESIG, verification that a kernel module is signed, for loading via initmodule, does not occur for a module.sigenforce=1 command-line argument...
UBUNTU-CVE-2021-35039
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIGMODULESIG, verification that a kernel module is signed, for loading via initmodule, does not occur for a module.sigenforce=1 command-line argument...