22 matches found
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
A vulnerability was discovered in vhostnewmsg in drivers/vhost/vhost.c within the Linux kernel. This issue arises due to the improper initialization of memory in messages transmitted between virtual guests and the host operating system, as implemented in the vhostnewmsg function. This vulnerabili...
CVE-2026-23322 ipmi: Fix use-after-free and list corruption on sender error
In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smiwork delivers an error response but then jumps back to restart without cleaning up properly: 1...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002568)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002568 advisory. Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the...
EUVD-2022-43750
Malicious code in bioql PyPI...
CVE-2022-40472
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module...
kernel: Information disclosure in vhost/vhost.c:vhost_new_msg()
A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...
kernel: Information disclosure in vhost/vhost.c:vhost_new_msg()
A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...
Kernel: information disclosure in vhost/vhost.c:vhost_new_msg()
...
AZL-33319 CVE-2024-0340 affecting package kernel for versions less than 5.15.153.1-1
A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...
UBUNTU-CVE-2024-0340
A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...
CVE-2024-0340 Kernel: information disclosure in vhost/vhost.c:vhost_new_msg()
A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in the Linux kernel that stems from vhostnewmsg in drivers/vhost/vhost.c failing to properly initialize memory in messages passed between a...
ZKTeco ZKBio Time Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in ZKTeco ZKBio Time version 8.0.7, which originates from the "Content" text field of the "Add New Message" module. Content" text field of the "Add New Message" module lacks effective filtering and escaping of user-supplied data, which can be exploited ...
CVE-2022-40472
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module...
CVE-2022-40472
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module...
CVE-2022-40472
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module...
ZKTeco ZKBio Time 安全漏洞
A cross-site scripting vulnerability exists in ZKTeco ZKBio Time version 8.0.7, which originates from the "Content" text field of the "Add New Message" module. Content" text field of the "Add New Message" module lacks effective filtering and escaping of user-supplied data, which can be exploited ...
kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file...
UBUNTU-CVE-2018-1118
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-ne...
Magento Commerce T2 - (attr) Persistent Web Vulnerability
Document Title: =============== Magento Commerce T2 - attr Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1459 Release Date: ============= 2018-02-06 Vulnerability Laboratory ID VL-ID: ==================================== 14...