Improper Input Validation

vrite is vulnerable to Improper Input Validation. An Attacker may attempt to flood your authentication system with requests that include very long password hashes, leading to resource exhaustion and potentially causing a denial of service. Longer password hashes take more time to compute during t...

PT-2023-18047 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a permissions bypass in the killBackgroundProcesses function of ActivityManagerService.java, which could allow escaping Google Play protection. This might lead to...

CVE-2023-5369

Before correction, the copyfilerange system call checked only for the CAPREAD and CAPWRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAPSEEK capability. This incorrect...

CVE-2023-5369

Before correction, the copyfilerange system call checked only for the CAPREAD and CAPWRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAPSEEK capability. This incorrect...

CVE-2023-5369 copy_file_range insufficient capability rights check

Before correction, the copyfilerange system call checked only for the CAPREAD and CAPWRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAPSEEK capability. This incorrect...

CVE-2023-5369 copy_file_range insufficient capability rights check

Before correction, the copyfilerange system call checked only for the CAPREAD and CAPWRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAPSEEK capability. This incorrect...

FreeBSD : FreeBSD -- copy_file_range insufficient capability rights check (e261e71c-6250-11ee-8e38-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e261e71c-6250-11ee-8e38-002590c1f29c advisory. - Before correction, the copyfilerange system call checked only for the CAPREAD and CAPWRITE capabiliti...

PT-2023-32072 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises from an incorrect privilege check in the copy file range system call, which only verifies the CAP READ and CAP WRITE capabilities on the input and output file...

CVE-2023-43621

An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments...

Command injection

An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments...

Assumptions are currently made that prices would forever be positive

Lines of code Vulnerability details Impact Neglecting the potential for negative asset prices can lead to inaccurate value representation in the Liquidity Pool, possibly affecting calculations related to assets and tokens. It's crucial to note that the value of an asset, even if negative in the...

The vulnerability of the PAMcheckPasswd() function, a utility for managing and monitoring processes, programs, files, and Monit directories, allows a perpetrator to increase their privileges.

The vulnerability of the PAMcheckPasswd function, a utility for managing and monitoring processes, programs, files, and Monit directories, is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow an attacker to increase their privileges remotely...

Sql injection

ARDEREG ?Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, th...

The utilization of strict equality within the subtractLoss function is susceptible to straightforward manipulation by a potential attacker.

Lines of code Vulnerability details Impact If this equality condition is intentionally disrupted, it will result in the failure of all settlement processes carried out using the settle function. Proof of Concept Tools Used Manual review Recommended Mitigation Steps - collateral.balanceOfaddressth...

CVE-2023-4485 ARDEREG Sistemas SCADA SQL Injection

ARDEREG ​Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, th...

selinux-policy bug fix update

An update is available for selinux-policy. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The selinux-policy packages contain the rules that govern how confined...

Survey Provides Takeaways for Security Pros to Operationalize their Remediation Life Cycle

Ask any security professional and they'll tell you that remediating risks from various siloed security scanning tools requires a tedious and labor-intensive series of steps focused on deduplication, prioritization, and routing of issues to an appropriate "fixer" somewhere in the organization. Thi...

CVE-2023-41121

Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations...

CVE-2023-41121

Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations...

Linux kernel memory misreference vulnerability (CNVD-2023-64508)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in versions of Linux kernel prior to 6.4.10, which stems from the mishandling of sub-processes of sk, and can be exploited by an...