DEBIAN-CVE-2022-45869

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualisation and the TDP MMU are enabled...

Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel 6.1-rc6 and prior versions, which stems from a race condition in its x86 KVM subsystem that allows guest operating system users ...

CVE-2022-44037

An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...

CVE-2022-44037

An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...

CVE-2022-44037

An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...

CVE-2022-44037

An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...

CVE-2022-44037

CVE-2022-44037 refers to an improper access control flaw in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software (versions V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2) that allows attackers to access sensitive data and execute commands with full admin rights without authentication. The...

APsystems 安全漏洞

APsystems is a microinverter from APsystems, Inc. Combining high efficiency power conversion with a user-friendly monitoring interface, it brings you reliable and smart energy. An access control error vulnerability exists in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software version...

PT-2022-7248 · Apsystems · Apsystems Energy Communication Unit (Ecu-C) Power Control

Name of the Vulnerable Software and Affected Versions: APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software versions V3.11.4, V4.1NA, V4.1SAA, W2.1NA, C1.2.2 Description: An access control issue in the APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software allows attackers t...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, Inc. in the United States. Google Chrome suffers from a security vulnerability that stems from a heap buffer overflow in the GPU...

jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin

A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website...

aggmap (>=1.1.1 <=1.2.1), molmap (>=1.3.1 <=1.4.0) potentially affected by CVE-2022-41911 via tensorflow-gpu (=2.9.1)

tensorflow-gpu PYPI version =2.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - aggmap =1.1.1, =1.3.1, =1.4.0 Source cves: CVE-2022-41911 Source advisory: OSV:GHSA-PF36-R9C6-H97J...

aggmap (>=1.1.1 <=1.2.1), molmap (>=1.3.1 <=1.4.0) potentially affected by CVE-2022-41910 via tensorflow-gpu (=2.9.1)

tensorflow-gpu PYPI version =2.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - aggmap =1.1.1, =1.3.1, =1.4.0 Source cves: CVE-2022-41910 Source advisory: OSV:GHSA-FRQP-WP83-QGGV...

clip-jax (=0.0.5), sdeper (>=1.1.0 <=1.6.1) potentially affected by CVE-2022-41898 via tensorflow-cpu (>=2.9.0 <=2.9.1)

tensorflow-cpu PYPI version =2.9.0, =1.1.0, =1.6.1 Source cves: CVE-2022-41898 Source advisory: OSV:GHSA-HQ7G-WWWP-Q46H...

Researchers Quietly Cracked Zeppelin Ransomware Keys

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called "Zeppelin" in May 2020. Hed been on the job less than six months, and because of the way his predecessor architected things, the companys data backups also were encrypted by Zeppelin. After t...

PT-2022-26119 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1, 2.9.3, and 2.8.4 Description: TensorFlow is an open source platform for machine learning. When running on GPU, the function tf.image.generate bounding box proposals receives a scor...

kernel: tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd

In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcpmtupprobesuccess vs wrong sndcwnd syzbot got a new report 1 finally pointing to a very old bug, added in initial support for MTU probing. tcpmtuprobe has checks about starting an MTU probe if tcpsndcwndtp = 11. But...

PT-2022-35339 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to the drm/msm/dpu component, specifically with the index dpu kms-hw vbif using vbif idx. The actual impact and attack plausibility have not yet been proven...

PT-2022-35227 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.76 Description: The issue is related to the iommu/vt-d component, specifically in the init dmars error path. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

Multiple High-Severity Flaws Affect Widely Used OpenLiteSpeed Web Server Software

Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. "By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully...