CVE-2021-28692

CVE-2021-28692 affects the Xen hypervisor and is described as an inappropriate x86 IOMMU timeout detection/handling issue. The vulnerability arises when IOMMU commands are processed in parallel with CPU operations, with wait loops applying timeouts and potentially misclassifying timeouts as crash...

CVE-2021-28692

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPUs issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU...

RLSA-2021:2588 Moderate: ruby:2.6 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 2.6.7. BZ1952627 Security Fixes: rubygem-bundler: Insecure permissions...

ALSA-2021:2588 Moderate: ruby:2.6 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 2.6.7. BZ1952627 Security Fixes: rubygem-bundler: Insecure permissions...

ruby:2.7 security, bug fix, and enhancement update

An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is a...

OracleVM 3.4 : xen (OVMSA-2021-0020)

The remote OracleVM system is missing necessary patches to address security updates: - Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2021-0089 - Potential speculative code store bypass in a...

GSD-2021-1000804 io_uring: fix link timeout refs

iouring: fix link timeout refs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commit 876808dba2ff7509bdd7f230c4f374a0caf4f410, it w...

GSD-2021-1000770 io_uring: fix link timeout refs

iouring: fix link timeout refs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commit 0b2a990e5d2f76d020cb840c456e6ec5f0c27530, it w...

UVI-2021-1000770 io_uring: fix link timeout refs

iouring: fix link timeout refs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commit 0b2a990e5d2f76d020cb840c456e6ec5f0c27530, it w...

CVE-2021-24000

A race condition with requestPointerLock and setTimeout could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements such as input type="file" this could have led to an attack where a user was confused about the origin...

CVE-2021-0535

In wpasctrlmsgqueuetimeout of ctrlifaceunix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

CVE-2021-32658

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that...

Sensitive data may not be removed from storage on account removal

None...

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.

...

PT-2021-19836 · Nextcloud · Nextcloud Android App

Name of the Vulnerable Software and Affected Versions: Nextcloud Android versions prior to 3.16.1 Description: The Nextcloud Android client has a timeout issue that may prevent it from properly cleaning sensitive data when an account is removed. This could include sensitive key material, such as...

Nextcloud Android 信息泄露漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud Android suffers from an information disclosure vulnerability that stems from the fact that due to a timeout issue, the Android client may fail to...

Cisco HyperFlex HX Data Platform Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco HyperFlex HX Data Platform Command Execution', 'Description' = %q This module exploits an unauthenticated command injection in Cisco...

Cisco HyperFlex HX Data Platform Command Execution Exploit

This Metasploit module exploits an unauthenticated command injection in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint to execute shell commands as the Tomcat user. This module requires Metasploit: https://metasploit.com/download Current source:...

Arkhota - A Web Brute Forcer For Android

What? Arkhota is a web HTTP/S brute forcer for Android. Why? A web brute forcer is always in a hacker's computer, for obvious reasons. Sometimes attacks require to be quick or/and with minimal device preparation. Also a phone takes less attention rather than a laptop/computer. For this situations...

CVE-2020-10701

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...