125 matches found
SUSE CVE-2021-43816
containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...
SUSE CVE-2022-23132
During Zabbix installation from RPM, DACOVERRIDE SELinux capability is in use to access PID files in /var/run/zabbix folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level...
Carlo Gavazzi UWP SQL注入漏洞
Carlo Gavazzi UWP is a monitoring and control Universal Web Platform from Carlo Gavazzi. for applications such as building automation, energy efficiency performance management and parking lot guidance. Carlo Gavazzi UWP 3.0 suffers from a SQL injection vulnerability that can be exploited by a...
Carlo Gavazzi UWP 信任管理问题漏洞
Carlo Gavazzi UWP is a monitoring and control Universal Web Platform from Carlo Gavazzi. for applications such as building automation, energy efficiency performance management and parking lot guidance. A trust management issue vulnerability exists in Carlo Gavazzi UWP 3.0, which can be exploited ...
Carlo Gavazzi UWP 路径遍历漏洞
Carlo Gavazzi UWP is a monitoring and control Universal Web Platform from Carlo Gavazzi. It is used for applications such as building automation, energy efficiency performance management and parking lot guidance. A path traversal vulnerability exists in Carlo Gavazzi UWP 3.0, which can be exploit...
Carlo Gavazzi UWP 跨站脚本漏洞
Carlo Gavazzi UWP is a monitoring and control Universal Web Platform from Carlo Gavazzi. It is used for applications such as building automation, energy efficiency performance management and parking lot guidance. A cross-site scripting vulnerability exists in Carlo Gavazzi UWP 3.0, which can be...
Carlo Gavazzi UWP SQL注入漏洞
Carlo Gavazzi UWP is a monitoring and control Universal Web Platform from Carlo Gavazzi. It is used for applications such as building automation, energy efficiency performance management and parking lot guidance. A SQL injection vulnerability exists in Carlo Gavazzi UWP 3.0, which can be exploite...
PT-2022-14566 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue concerns a missing permission check in the SELinux policy, which could allow local information disclosure about the websites being opened in the browser. This can be exploited without...
Authentication flaw
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...
CVE-2022-31011 TiDB authentication bypass vulnerability
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...
CVE-2022-31011 TiDB authentication bypass vulnerability
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...
Fedora: Security Advisory for libsepol (FEDORA-2021-67efe88c29)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task.
...
The vulnerability of the Synergia operating system, related to errors in access control policies of SELinux, allows a perpetrator to gain read access to system files.
The vulnerability of the Synergia operating system is related to errors in access control policies of SELinux. Exploiting this vulnerability can allow an attacker to gain read access to system files...
CVE-2021-0691
In the SELinux policy configured in systemapp.te, there is a possible way for systemapp to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed fo...
The vulnerability of the cil_reset_classpermission() function in the SELinux access control system allows a perpetrator to trigger a service failure.
The vulnerability of the cilresetclasspermission function in the SELinux access control system is related to the use of memory after it is freed. Exploiting this vulnerability could allow a attacker to cause a service failure...
The vulnerability of the __cil_verify_classperms() function in the SELinux access control system allows a perpetrator to trigger a service failure.
The vulnerability of the cilverifyclassperms function in the SELinux access control system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to trigger a service failure...
UBUNTU-CVE-2021-36087
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmapmatchany called indirectly from cilcheckneverallow. This occurs because there is sometimes a lack of checks for invalid statements in an optional block...
SELinux 资源管理错误漏洞
SELinux is a Linux subsystem from the National Security Agency that uses a secure architecture that allows administrators to better control who has access to the system. A security vulnerability exists in SELinux version 3.2, which stems from a use-after-free in the SELinux CIL compiler in the...
SELinux 缓冲区错误漏洞
SELinux is a Linux subsystem from the National Security Agency that uses a secure architecture that allows administrators to better control who has access to the system. A security vulnerability exists in SELinux version 3.2, which stems from a heap-based buffer overflow in the CIL compiler in...