19 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-4394
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in btrfsgetdevargsfrompath in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker wit...
Design/Logic Flaw
IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607...
CVE-2023-4394
A use-after-free flaw was found in btrfsgetdevargsfrompath in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information...
CVE-2023-4394
A use-after-free flaw was found in btrfsgetdevargsfrompath in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information...
LiquidationQueue brings centralization risk in the contract.
Lines of code Vulnerability details Impact the owner has too much unilateral control over liquidations and can manipulate te country in the following ways: The owner of LiquidationQueue sees a profitable liquidation opportunity Before anyone else can liquidate, they use LiquidationQueue to place ...
CVE-2023-3159
A use-after-free flaw was found in driver/firewire in outboundphypacketcallback in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a use-after-free issue when the queueevent fails. Mitigation Mitigation for this issue is either not available or the currently...
Upgraded Q -> 3 from #510 [1675932827359]
Judge has assessed an item in Issue 510 as 3 risk. The relevant finding follows: In red are the state transitions that can only be performed with special privileges recreateMinipool: The following transitions will be performed Withdrawable-PreLaunch Error-PreLaunch createMinipool: will perform th...
CVE-2022-31194
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowi...
IBM UrbanCode Deploy 安全漏洞
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in different environments, etc. IBM...
CVE-2022-0494
A kernel information leak flaw was identified in the scsiioctl function in drivers/scsi/scsiioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege CAPSYSADMIN or CAPSYSRAWIO to create issues with confidentiality...
Pair creation can be denied
Handle cmichel Vulnerability details The LaunchEvent.createPair requires that no previous pool was created for the WAVAX token pair. function createPair external isStoppedfalse atPhasePhase.PhaseThree address wavaxAddress, address tokenAddress = addressWAVAX, addresstoken ; // @audit grief: anyon...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that can be exploited by a local attacker with special user privileges to bypass authentication and potentially cause an err...
CVE-2021-32037
Removed by vendor...
User may trigger invariant when allowed to send commands directly to shards
An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shar...
Code injection
IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575...
Security Bulletin: IBM Cloud Pak for Data could allow a local user with special privileges to obtain highly sensitive information
Summary Cloud Pak for Data "shared credentials" are available to authorized users. However, because the credentials are shared, it is difficult to audit access to the connection, to identify the source of data loss, or identify the source of a security breach. You can apply a patch to disable thi...
Security Bulletin: IBM Capacity Management Analytics affected by vulnerability password easy to decrypt in shell files (CVE-2015-7432)
Summary It is very easy to decrypt user and admin password from the setenv.sh and parameter.txt file Vulnerability Details CVEID: CVE-2015-7432 DESCRIPTION: IBM Capacity Management Analytics could allow a local user with special privileges to decrypt other CMA user's usernames and passwords. CVSS...
Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1145 We have observed on Windows 7 32-bit that for unclear reasons, the kernel-mode structure containing the default DACL of system processes' tokens lsass.exe, services.exe, ... has 8 uninitialized bytes at the end, as the size ...
[Network Password Decryptor v6.0] Windows Network Password Recovery Tool
Network Password Decryptor is the free tool to instantly recover network authentication passwords. In addition to the network authentication passwords it can also recover passwords stored by other windows apps such as Outlook , Windows Live Messenger , Remote Destktop etc. These network passwords...