4722 matches found
DEBIAN-CVE-2019-15291
An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcopusbprobe function in the drivers/media/usb/b2c2/flexcop-usb.c driver...
UBUNTU-CVE-2019-15291
An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcopusbprobe function in the drivers/media/usb/b2c2/flexcop-usb.c driver...
ALPINE-CVE-2019-10161
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use...
CVE-2019-10161
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use...
The vulnerabilities of Cisco FindIT Network Management and Cisco FindIT Network Probe, which are used for configuring and controlling wired and wireless networks, allow attackers to increase their privileges.
The vulnerability of virtual machine systems for Cisco FindIT Network Management and Cisco FindIT Network Probe involves the use of pre-installed credentials. Exploiting this vulnerability can allow attackers to gain increased privileges...
ZZZCMS V1.7.2 version of the background of the existence of arbitrary file reading vulnerability
zzcms is a free and open source building system, mainly facing the majority of webmasters to use. ZZZCMS V1.7.2 there are arbitrary file reading vulnerabilities in the background. An attacker can exploit the vulnerability to read arbitrary files and conduct intranet probes...
CVE-2019-1919
A vulnerability in the Cisco FindIT Network Management Software virtual machine VM images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account...
Design/Logic Flaw
A vulnerability in the Cisco FindIT Network Management Software virtual machine VM images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account...
Semrush: SSRF In Get Video Contents
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! Summary: A SSRF In Get...
Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation
After months of negotiations, the United States Federal Trade Commission FTC has approved a record $5 billion settlement with Facebook over its privacy investigation into the Cambridge Analytica scandal. The settlement will put an end to a wide-ranging probe that began more than a year ago and...
libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs
The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an...
libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of...
EulerOS 2.0 SP5 : gnutls (EulerOS-SA-2019-1676)
According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of 'Just in...
The vulnerability in the implementation of the if_usb_probe handler in Linux kernel allows a hacker to cause a service failure.
The vulnerability of the ifusbprobe implementation in the kernel of the Linux operating system is related to a memory leak. Exploiting this vulnerability can allow an attacker to cause a system failure by connecting a Marvell Libertas WLAN Thinfirm device. This device has a value of 0x0 in the...
The vulnerability in the implementation of the acpi_fan_probe handler in the Linux operating system allows a hacker to cause a service failure.
The vulnerability in the implementation of the acpifanprobe handler in the loaded module of the drivers/acpi/fan.ko file in the Linux kernel is related to the assignment of a null pointer. Exploiting this vulnerability can allow an attacker to cause a system failure by connecting an ACPI Fan...
The vulnerability in the implementation of the ems_usb_disconnect handler in the Astra Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the emsusbdisconnect handler in the Astra Linux operating system’s kernel is related to a memory release error. In the emsusbprobe function, located in the drivers/net/can/usb/emsusb.c file, memory is allocated to the txmsgbuffer field. However, the emsusbdisconnect handler...
The vulnerability in the implementation of the hwarc_probe handler in the operating system kernel of Astra Linux allows a hacker to trigger a service failure.
The vulnerability in the implementation of the hwarcprobe function in the kernel of the Astra Linux operating system’s driver module drivers/uwb/hwa-rc.ko is related to a memory release error. In the hwarcprobe function, memory is allocated to hwarc, but this memory is not released correctly when...
New York, Canada, Ireland Launch New Investigations Into Facebook Privacy Breaches
Facebook has a lot of problems, then there are a lot of problems for Facebook—and both are not going to end anytime sooner. Though Facebook has already set aside $5 billion from its revenue to cover a possible fine the company is expecting as a result of an FTC investigation over privacy...
Facebook Could Be Fined Up To $5 Billion Over Privacy Violations
Facebook expects to face a massive fine of up to $5 billion from the Federal Trade Commission FTC as the result of an investigation into its privacy policies—that's about one month's revenue for the social media giant. To be clear the amount of fine is not what the FTC has announced or hinted yet...
Cisco IOS XE Software Performance Routing Version 3 Denial of Service Vulnerability
According to its self-reported version, Cisco IOS XE Software is affected by following vulnerability - A vulnerability in Performance Routing Version 3 PfRv3 of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload.The vulnerability is due to...