39 matches found
Siemens SIMATIC Devices Improper Locking (CVE-2024-50210)
In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...
EUVD-2021-31222
Malicious code in bioql PyPI...
Configure Audit Rules for Time Changes
The system time is essential for the normal running of services. The system time can be changed through synchronization with the time server and manual operations of administrators. The latter is prone to attacks because attackers can change the system time to invalidate some protection policies...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: posix-clock: The missing timespec64 check in pcclocksettime has been fixed. As Andrew pointed out, it makes sense that the PTP core checks the tvsec and tvnsec fields of the timespec64 structure before calling ptp-info-settime64...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fixed unbalanced locking in pcclocksettime. If getclockdesc succeeds, it calls fget for the fd of the clockid. It also acquires a read lock on clk-rwsem. Therefore, the error path should release the lock...
CVE-2021-44380
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetTime param is not object. An attacker can send an HTTP request to trigger this vulnerability...
posix-clock: Fix missing timespec64 check in pc_clock_settime()
...
SUSE CVE-2024-50195
In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pcclocksettime As Andrew pointed out, it will make sense that the PTP core checked timespec64 struct's tvsec and tvnsec range before calling ptp-info-settime64. As the man manual of...
SUSE CVE-2024-50210
In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...
AZL-53420 CVE-2024-50195 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pcclocksettime As Andrew pointed out, it will make sense that the PTP core checked timespec64 struct's tvsec and tvnsec range before calling ptp-info-settime64. As the man manual of...
AZL-53739 CVE-2024-50195 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pcclocksettime As Andrew pointed out, it will make sense that the PTP core checked timespec64 struct's tvsec and tvnsec range before calling ptp-info-settime64. As the man manual of...
UBUNTU-CVE-2024-50195
In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pcclocksettime As Andrew pointed out, it will make sense that the PTP core checked timespec64 struct's tvsec and tvnsec range before calling ptp-info-settime64. As the man manual of...
CVE-2024-50210 posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...
CVE-2024-50195 posix-clock: Fix missing timespec64 check in pc_clock_settime()
In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pcclocksettime As Andrew pointed out, it will make sense that the PTP core checked timespec64 struct's tvsec and tvnsec range before calling ptp-info-settime64. As the man manual of...
CVE-2021-44380
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetTime param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44380
The CVE-2021-44380 entry concerns Reolink RLC-410W (v3.0.0.136_20121102) with DoS via cgiserver.cgi JSON command parser. A specially crafted HTTP POST (JSON array) can trigger reboot when the parser mishandles SetTime (and related) parameters not being objects, leading to the camera process heart...
DEBIAN-CVE-2018-12896
An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INTMAX, but the accounting is int...
Updated cinnamon-settings-daemon packages fix security vulnerability
It was found that csd-datetime-setting SetDate DBUS function does not check the polkit authorization for the caller, Unlike SetTime...
Command Execution Vulnerability in Call Center System Year Parameter of Tibus Communications
The core of Tibco's call center system is a communication-based system for internal and external corporate communication. A command execution vulnerability exists in the year parameter of the Setset Time Communication Call Center System. The vulnerability file: /sysmaint/settime.php allows...