CVE-2024-36353

Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality...

CVE-2021-47637

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Following hung tasks: 77.028764 task:kworker/u8:4 state:D stack: 0 pid: 132 77.028820 Call Trace: 77.029027 schedule+0x8c/0x1b0 77.029067 mutexlock+0x50/0x60...

SUSE SLES12 Security Update : socat (SUSE-SU-2025:0726-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:0726-1 advisory. - CVE-2015-1379: lack of async-signal-safe signal handlers can lead to crashes or freezing of socat processes bsc922903. Tenable has extracted the...

CVE-2025-20118

A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is du...

CVE-2021-47637

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Following hung tasks: 77.028764 task:kworker/u8:4 state:D stack: 0 pid: 132 77.028820 Call Trace: 77.029027 schedule+0x8c/0x1b0 77.029067 mutexlock+0x50/0x60...

CVE-2022-49520 arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall

In the Linux kernel, the following vulnerability has been resolved: arm64: compat: Do not treat syscall number as ESRELx for a bad syscall If a compat process tries to execute an unknown system call above the ARMNRCOMPATEND number, the kernel sends a SIGILL signal to the offending process...

CVE-2022-49520

CVE-2022-49520 (Linux kernel, arm64 compat): The vulnerability occurs when a compat process executes an unknown syscall above __ARM_NR_COMPAT_END; the kernel incorrectly uses the syscall number as ESR_ELx for the fault, causing arm64_show_signal() to print bogus ESR messages. The fix is to stop u...

CVE-2021-47637

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Following hung tasks: 77.028764 task:kworker/u8:4 state:D stack: 0 pid: 132 77.028820 Call Trace: 77.029027 schedule+0x8c/0x1b0 77.029067 mutexlock+0x50/0x60...

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the use of strictly encrypted accounting data. This allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the use of rigidly encrypted account data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized acces...

Efficiency? Security? When the quest for one grants neither.

Welcome to this week's edition of the Threat Source newsletter. Benjamin Franklin once said, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." In much the same way, those who rush for efficiency without taking into account...

mySCADA myPRO Information Disclosure Vulnerability

mySCADA myPRO is a professional HMI/SCADA system from mySCADA designed for the visualization and control of industrial processes. An information disclosure vulnerability exists in mySCADA myPRO that originates from storing credentials in plaintext. An attacker could exploit this vulnerability to...

mySCADA myPRO Cross-Site Request Forgery Vulnerability

mySCADA myPRO is a professional HMI/SCADA system from mySCADA designed for the visualization and control of industrial processes. A cross-site request forgery vulnerability exists in mySCADA myPRO that stems from not properly validating a request. An attacker could exploit this vulnerability to...

CVE-2024-36055

Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and seven others, leading to a denial of service BSOD...

CVE-2024-36054

Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily read kernel memory and consequently gain all privileges via IOCTL 0x9c4064b8 via MmMapIoSpace and IOCTL 0x9c406490 via ZwMapViewOfSection...

CVE-2024-36056

Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages, leading to NT AUTHORITY\SYSTEM privilege escalation...

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of the software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller are related to deficiencies in the mechanism for generating error reports. Exploiting these vulnerabilities can allow unauthorized actors to...

Baidu Antivirus 安全漏洞

Baidu Antivirus is a permanently free cloud-based security antivirus software from the Chinese company Baidu Baidu. A security vulnerability exists in Baidu Antivirus version v5.2.3.116083, which originates from a problem in the driver that allows an attacker to terminate arbitrary processes by...

Interning at Rapid7 Prague: Meet Mko

Mkrtich Hovsepyan – most people call him Mko – is an intern at Rapid7’s fast-growing office in Prague. He graduated from the luminous Charles University in Prague, and is currently a first-year master’s student in Artificial Intelligence there. He was in our first impressive crop of interns, and ...

CVE-2024-48956

Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution...

[Important] [Security] Virtuozzo ReadyKernel Patch 170.1 for Virtuozzo Hybrid Server 7.5

The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to the supported kernel 3.10.0-1160.119.1.vz7.224.4 of Virtuozzo Hybrid Server 7.5. Vulnerability id: PSBM-160298 3.10.0-1160.119.1.vz7.224.4 Fixed container zombie processes shown as host processes. Fix...