144 matches found
CVE-2024-10074 Liteos_a has an use after free vulnerability
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free...
PUB-A-360158501
there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security
wordpress-really-simple-security-authn-bypass-vulnerable-appli...
CVE-2024-50257
In the Linux kernel, the following vulnerability has been resolved: netfilter: Fix use-after-free in getinfo ip6tablenat module unload has refcnt warning for UAF. call trace is: WARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 moduleput+0x6f/0x80 Modules linked in: ip6tablenat- CPU: 1 UID: 0...
CVE-2024-50257 netfilter: Fix use-after-free in get_info()
In the Linux kernel, the following vulnerability has been resolved: netfilter: Fix use-after-free in getinfo ip6tablenat module unload has refcnt warning for UAF. call trace is: WARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 moduleput+0x6f/0x80 Modules linked in: ip6tablenat- CPU: 1 UID: 0...
CVE-2024-10668 Auth Bypass in Quickshare
There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk ...
Exploit for CVE-2024-9926
wordpress-jetpack-broken-access-control-vulnerable-application...
CVE-2022-48970 af_unix: Get user_ns from in_skb in unix_diag_get_exact().
In the Linux kernel, the following vulnerability has been resolved: afunix: Get userns from inskb in unixdiaggetexact. Wei Chen reported a NULL deref in skuserns 01, and Paolo diagnosed the root cause: in unixdiaggetexact, the newly allocated skb does not have sk. 2 We must get the userns from th...
CVE-2024-8612
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueuepush as set in virtioscsicompletereq / virtioblkreqcomplete / viritocryptoreqcomplete could be larger than the true size of the data which has been sent to guest. Once virtqueuepush finally...
CVE-2024-29779
there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-29779
there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-29779
there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2024-23021 · Google · Android
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no...
PUB-A-336862373
there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-44942
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on F2FSINLINEDATA flag in inode during GC syzbot reports a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/inline.c:258! CPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted...
Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft
This is a PoC exploit for CVE-2024-38063, a 0-day vulnerability...
CVE-2022-48941
In the Linux kernel, the following vulnerability has been resolved: ice: fix concurrent reset and removal of VFs Commit c503e63200c6 "ice: Stop processing VF messages during teardown" introduced a driver state flag, ICEVFDEINITINPROGRESS, which is intended to prevent some issues with concurrently...
CrowdStrike Reveals Root Cause of Global System Outages
Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally. The "Channel File 291" incident, as originally highlighted in its Preliminary Post Incident Review PIR, has been traced bac...
Widespread IT Outage Due to CrowdStrike Update
Note: CISA will update this Alert with more information as it becomes available. Update 4:30 p.m., EDT, August 6, 2024: CrowdStrike has published its Root Cause Analysis RCA reportlink is external. According to CrowdStrike, “the full report elaborates on the information previously shared in our...
CVE-2024-40981
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bypass empty buckets in batadvpurgeorigref Many syzbot reports are pointing to soft lockups in batadvpurgeorigref 1 Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting...