PT-2026-39053

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sched ext component where the scx enable function can suffer from starvation during the READY to ENABLED task switching loop. This occurs because the calling...

NFC: digital: Bounds check NFC-A cascade depth in SDD response handler

...

Radiometer Products 安全漏洞

Radiometer Products is a line of medical diagnostic instruments from the Danish company Radiometer. A security vulnerability exists in Radiometer Products that stems from inadequate operating system design and credential protection, which could allow a physical visitor to extract credential...

Automated Reasoning for Vulnerability Management by Design

For securing systems, it is essential to manage their vulnerability posture and design appropriate security controls. Vulnerability management allows to proactively address vulnerabilities by incorporating pertinent security controls into systems designs. Current vulnerability management approach...

Security Bulletin: Security fixes available for The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology

Summary The IBM® Engineering System Design Rhapsody 10.0 iFix001, The IBM® Engineering System Design Rhapsody 9.0.2 iFix002 and The IBM® Engineering System Design Rhapsody 9.0.1 iFix006 contain fixes for vulnerabilities identified in the Vulnerabilities Details section. The refererred iFix versio...

Security Bulletin: Security fixes available for The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology

Summary The IBM® Engineering System Design Rhapsody 9.0.1 iFix006 and The IBM® Engineering System Design Rhapsody 9.0.2 iFix002 contains fixes which was identified as a vulnerability during OSS scan. These version contain upgraded version of guava-28.0-jre.jar CVE-2020-8908, httpclient-4.0.jar...

Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for Log4j vulnerabilities CVE-2021-4104

Summary Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. The IBM Engineering Lifecycle Engineering products version 901 is vulnerable to this attack, i...

LastPass Says No User Data Compromised in Cyberattack

By Waqas According to LastPass, threat actor did access its Developer environment but could not compromise sensitive data because of its effective system design and controls. This is a post from HackRead.com Read the original post: LastPass Says No User Data Compromised in Cyberattack...

Hackers Had Access to LastPass's Development Systems for Four Days

Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022. "There is no evidence of any threat actor activity beyond the established timeline," LastPass...

When Security Locks You Out of Everything

Thought experiment story of someone who lost everything in a house fire, and now cant log into anything: But to get into my cloud, I need my password and 2FA. And even if I could convince the cloud provider to bypass that and let me in, the backup is secured with a password which is stored in--yo...

WrappedIbbtcEth contract will use stalled price for mint/burn if updatePricePerShare wasn't run properly

Handle hyh Vulnerability details Impact Malicious user can monitor SetPricePerShare event and, if it was run long enough time ago and market moved, but, since there were no SetPricePerShare fired, the contract's pricePerShare is outdated, so a user can mint with pricePerShare that is current for...

SQL Injection Vulnerability in Library Cluster Management System of Guangzhou Tutron Computer Software Development Co. Ltd (CNVD-2021-52066)

Ltd. is a high-tech enterprise integrating product research and development, application integration and customer service, with the main goal of providing high-quality application software system design, integration and maintenance services for users in the library industry. There is a SQL...

File Upload Vulnerability in Library Cluster Management System of Guangzhou Tutron Computer Software Development Co. Ltd (CNVD-2021-52386)

Ltd. is a high-tech enterprise integrating product research and development, application integration and customer service, with the main goal of providing high-quality application software system design, integration and maintenance services for users in the library industry. There is a file uploa...

awesome-virtualization

It is an offensive tool for virtualization. The repository contains a curated list of awesome resources about virtualization, including books, courses, and papers on the topic. The resources cover various aspects of virtualization, including software and hardware techniques, virtual machine...

Input validation

A vulnerability in the Secure Copy Protocol SCP server of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of...

Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability

A vulnerability in the Secure Copy Protocol SCP server of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of...

AVTECH video surveillance equipment authentication bypass and other vulnerabilities

Authentication bypass vulnerability There are two ways to achieve authentication bypass: The first one is. cab way, the cab file format is a video player plug-in, stored in the web root directory, it may need to verify directly be accessed and downloaded, and the device end only through the strst...

Micro Focus Filr 2 2.0.0.421, Filr 1.2 1.2.0.846 - Multiple Vulnerabilities

Exploit for php platform in category web applications title: Multiple vulnerabilities product: Micro Focus former Novell Filr Appliance vulnerable version: Filr 2 =2.0.0.421, Filr 1.2 = 1.2.0.846 fixed version: Filr 2 v2.0.0.465, Filr 1.2 v1.2.0.871 CVE number: CVE-2016-1607, CVE-2016-1608,...

Micro Focus Filr CSRF / XSS / Code Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Micro Focus former Novell Filr Appliance vulnerable version: Filr 2 =2.0.0.421, Filr 1.2 = 1.2.0.846 fixed version: Filr 2 v2.0.0.465,...

Micro Focus (Novell) Filr 1.2 <= 1.2.0.846 / 2 <= 2.0.0.421 Multiple Vulnerabilities

Micro Focus Novell Filr is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:microfocus:filr"; i...