CVE-2024-38358 Symlink bypasses filesystem sandbox in wasmer

Wasmer is a web assembly wasm Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both oflags::creat and rights::fdwrite. Programs can also crash the runtime ...

CVE-2021-47607

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPFCMPXCHG on a high level has the following parameters: .-old-val .-new-val BPFR0 = cmpxchg32,64DSTREG + insn-off, BPFR0, SRCREG -mem-loc...

DEBIAN-CVE-2021-47607

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPFCMPXCHG on a high level has the following parameters: .-old-val .-new-val BPFR0 = cmpxchg32,64DSTREG + insn-off, BPFR0, SRCREG -mem-loc...

UBUNTU-CVE-2021-47607

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPFCMPXCHG on a high level has the following parameters: .-old-val .-new-val BPFR0 = cmpxchg32,64DSTREG + insn-off, BPFR0, SRCREG -mem-loc...

CVE-2021-47607

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPFCMPXCHG on a high level has the following parameters: .-old-val .-new-val BPFR0 = cmpxchg32,64DSTREG + insn-off, BPFR0, SRCREG -mem-loc...

AZL-68606 CVE-2024-38564 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPFPROGTYPECGROUPSKB attach type enforcement in BPFLINKCREATE bpfprogattach uses attachtypetoprogtype to enforce proper attach type for BPFPROGTYPECGROUPSKB. linkcreate uses bpfprogget and relies on...

UBUNTU-CVE-2024-38574

In the Linux kernel, the following vulnerability has been resolved: libbpf: Prevent null-pointer dereference when prog to load has no BTF In bpfobjecloadprog, there's no guarantee that obj-btf is non-NULL when passing it to btffd, and this function does not perform any check before dereferencing...

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads. Included among the tools deployed is a remote access tool that's capable of downloading and executing more...

CVE-2024-5650

CVE-2024-5650 — Yokogawa CENTUM DLL hijacking affects CENTUM CS 3000 (R3.08.10–R3.09.50) and CENTUM VP (R4.01.00–R4.03.00, R5.01.00–R5.04.20, R6.01.00–R6.11.10). The root cause is improper access control allowing an attacker with local access or shared-folder access to replace a DLL with a tamper...

GHSA-HVXG-77MG-VRVP Mattermost Desktop App Remote Code Execution

Mattermost Desktop App versions =5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes...

CVE-2024-37182

Mattermost Desktop App prior to 5.8.0 is affected (versions

CVE-2024-37182 Lack of permissions prompting when opening external URLs

Mattermost Desktop App versions =5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes...

CVE-2024-27155 Local Privilege Escalation and Remote Code Execution using insecure permissions

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL...

CVE-2024-27151

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL...

CVE-2024-27144

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. T...

CVE-2024-27144 Pre-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. T...

CVE-2024-27144 Pre-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. T...

PT-2024-21687 · Toshiba · Toshiba Printers

Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue allows an attacker to remotely compromise any Toshiba printer, enabling them to replace programs with malicious ones. This can be done by any local or remote attacker...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO, which originates from programs running under root privileges that, if hijacked by some means, could execute arbitrary code on the multifunction device...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from the presence of a method of unauthorized access to certain APIs of the multifunction device's internal programs, which could allow...