UBUNTU-CVE-2021-3348

nbdaddsocket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndbqueuerq use-after-free that could be triggered by local attackers with access to the nbd device via an I/O request at a certain point during device setup, aka CID-b98e762e3d71...

Design/Logic Flaw

nbdaddsocket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndbqueuerq use-after-free that could be triggered by local attackers with access to the nbd device via an I/O request at a certain point during device setup, aka CID-b98e762e3d71...

CVE-2021-3348

nbdaddsocket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndbqueuerq use-after-free that could be triggered by local attackers with access to the nbd device via an I/O request at a certain point during device setup, aka CID-b98e762e3d71...

CVE-2021-3348

nbdaddsocket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndbqueuerq use-after-free that could be triggered by local attackers with access to the nbd device via an I/O request at a certain point during device setup, aka CID-b98e762e3d71...

CVE-2021-3348

nbdaddsocket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndbqueuerq use-after-free that could be triggered by local attackers with access to the nbd device via an I/O request at a certain point during device setup, aka CID-b98e762e3d71...

PT-2021-9035 · Unknown · Tk-Star Q90 Junior Gps

Name of the Vulnerable Software and Affected Versions: TK-Star Q90 Junior GPS horloge version 3.1042.9.8656 Description: A security issue was found in the initial setup of the device, where a default password 123456 is used for administrative purposes without prompting the user to change it. This...

PT-2021-14382 · Polr · Polr

Name of the Vulnerable Software and Affected Versions: Polr versions prior to 2.3.0 Description: Polr is an open source URL shortener. A vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability...

CVE-2021-21276

Polr before version 2.3.0 is affected by a setup-process privilege-escalation vulnerability. A loose comparison (==) in SetupController allows an attacker to craft a request to /setup/finish with crafted cookie headers to obtain admin privileges on a site instance, even without an existing accoun...

TK-Star Q90 Junior GPS horloge trust management issue vulnerability

The TK-Star Q90 Junior GPS horloge is a Gps location tracker from TK-Star China. A security vulnerability exists in the TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices, which stems from the use of the default password 123456 for administrative purposes when using the device during initial...

CVE-2021-21276 Privilege escalation in Polr

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

KB5000751: Setup Dynamic Update for Windows 10, version 2004 and 20H2: February 23, 2021

KB5000751: Setup Dynamic Update for Windows 10, version 2004 and 20H2: February 23, 2021 Summary This update makes improvements to Setup binaries or any files that Setup uses for feature updates in Windows 10, version 2004 and 20H2. How to get this update This update is available through Windows...

Exploit for CVE-2021-3129

CVE-2021-3129exploit Exploit for CVE-2021-3129 Lab setup:...

Exploit for CVE-2021-3129

CVE-2021-3129exploit Exploit for CVE-2021-3129 Lab setup:...

Cloning Google’s Titan Key to bypass 2FA – Research

By Sudais Asif The attack requires the attacker to have physical access to the victim's Titan Key, hours of time, and side-channel setup equipment worth €10,000 $12,000 - £9,000. This is a post from HackRead.com Read the original post: Cloning Googles Titan Key to bypass 2FA - Research...

CVE-2020-29478

CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition...

CVE-2020-29478

CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition...

Design/Logic Flaw

CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition...

CVE-2020-29478

CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition...

Updated gdm packages fix a security vulnerability

Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...

Dell Wyse ThinOS 授权问题漏洞

Wyse ThinOS is a specialized operating system for Dell servers from Dell USA. A security vulnerability exists in Wyse ThinOS 8.6 and prior versions, which can be exploited by an attacker to access writable files and manipulate the configuration of any targeted specific site...