CVE-2021-30295

Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

CVE-2021-30295

CVE-2021-30295 describes a heap overflow in Qualcomm Snapdragon devices (Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Wearables) caused by improper validation of local task information stored locally. This is a local issue with high impact to confidentiality, inte...

kernel security and bug fix update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

CVE-2021-27022

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...

Qualcomm 芯片 缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time are manufactured on the surface of semiconductor wafers. The Qualcomm chip suffers from a buffer error vulnerability that...

Reddit: com.reddit.frontpage vulernable to Task Hijacking (aka StrandHogg Attack)

Summary: The app com.reddit.frontpage is vulnerable to Task Hijacking used by widespread Android trojans. Task hijacking allows malicious apps to inherit permissions of vulnerable apps and is usually used for phishing login credentials of victims. Impact: Assuming a malicious actor want's to grab...

Cross-site Scripting (XSS) - Stored in yogeshojha/rengine

✍️ Description 'Delete Scheduled Task' confirmation model executes javascript as part of the name of a scan engine. 🕵️‍♂️ Proof of Concept 1. Name a scan engine as a XSS payload. Example: 2. Schedule a scan for any target using the created scan engine. 3. Try to delete the scheduled task Location...

GHSA-PQQP-XMHJ-WGCW crossbeam-deque Data Race before v0.7.4 and v0.8.1

Impact In the affected version of this crate, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, th...

Race condition in tokio

When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet. This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for bett...

GHSA-2GRH-HM3W-W7HV Race condition in tokio

When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet. This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for bett...

CVE-2021-31989

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices...

CVE-2021-31989

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices...

CVE-2021-31989

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices...

CVE-2021-31989

The CVE-2021-31989 entry affects AXIS Device Manager: a user with host permissions can, under certain conditions, extract a memory dump from the built-in Windows Task Manager, potentially exposing credentials of connected Axis devices. Documented across multiple sources (Axis tech note, Red Hat a...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +163 more potentially affected by CVE-2021-37691 via tensorflow-gpu (>=1.10.1 <=2.3.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-37691 Source advisory: OSV:GHSA-27QF-JWM8-G7F3...

AXIS Device Manger 安全漏洞

AXIS Device Manger is an on-premise tool from AXIS Sweden that provides a simple, cost-effective and secure way to perform device management. A security vulnerability exists in AXIS Device Manger. The vulnerability stems from the fact that a user with host privileges to log in to the AXIS Device...

PT-2021-19618 · Axis · Axis Device Manager

Name of the Vulnerable Software and Affected Versions: AXIS Device Manager affected versions not specified Description: A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manage...

IBM Tivoli Workload Scheduler Buffer Overflow Vulnerability

IBM Tivoli Workload Scheduler is a suite of enterprise task scheduling software from IBM in the United States. The software supports planning, execution, and tracking of jobs across multiple platforms and environments. A security vulnerability exists in IBM Tivoli Workload Scheduler that results...

CVE-2020-25564

In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave Automation Tasks feature...

CVE-2021-33699

Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unauthorized attacker or malware to takeover legitimate apps and to steal user's sensitive information...