117 matches found
kernel: arch/arm64: Fix topology initialization for core scheduling
In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fix topology initialization for core scheduling Arm64 systems rely on storecputopology to call updatesiblingsmasks to transfer the toplogy to the various cpu masks. This needs to be done before the call to...
AirDisk 7.5.5 Cross Site Scripting
Exploit Title: AirDisk 7.5.5 File Manager Stored XSS Date: Sep 8, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424 Software Link: https://apps.apple.com/us/app/airdisk-file-manager/id566530748 Version: 7.5.5 Tested on: iPhone ios 15.6 ...
CVE-2022-36123
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol .bss. This allows Xen PV guest OS users to cause a denial of service or gain privileges...
CVE-2022-35648
Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before 2022-06-09 allow physically proximate attackers to cause a denial of service fall by connecting the power cord to a 120V circuit which may lead to...
CVE-2022-27438
Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer Advanced Updater are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an...
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
Summary Kernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-4155 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by data leak flaw in the wa...
CVE-2022-0489
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments...
CoreCollection: Starting index is pseudo-randomly generated, allowing for gameable NFT launches
Lines of code Vulnerability details Details & Impact In Paradigm’s article “A Guide to Designing Effective NFT Launches”, one of the desirable properties of an NFT launch is unexploitable fairness: Launches must have true randomness to ensure that predatory users cannot snipe the rarest items at...
[SECURITY] Fedora 35 Update: systemd-249.9-1.fc35
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses sock et and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...
The vulnerability of the electronic examination system TCExam, related to the improper display of files, allows a violator to carry out cross-site scripting attacks.
The vulnerability of the electronic examination system TCExam is related to the improper display of files in the text/html format, starting with a dot. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...
systemd bug fix and enhancement update
An update is available for systemd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The systemd packages contain systemd, a system and service manager for Linux,...
[SECURITY] Fedora 33 Update: systemd-246.15-1.fc33
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...
Pwn Write-ups
RE: 从零开始的 Pwn 世界之旅...
UVI-2021-1000539 btrfs: release path before starting transaction when cloning inline extent
btrfs: release path before starting transaction when cloning inline extent This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.9 by commit...
RHEL 8 : systemd (RHSA-2021:1611)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1611 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides...
SUSE: Security Advisory (SUSE-SU-2020:0026-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CTF-All-In-One
This is a comprehensive guide to CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Chao, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...
ASB-A-172935267
In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2020-2020
An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR...
spring-data-jpa: Additional information exposure with Spring Data JPA derived queries
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...