342 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a corrupted timer tree resulting in a missing task wakeup in the timerqueueadd function in lib/timerqueue.c. The vulnerability can be exploited to cause a denial of...
PT-2024-11148 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition in the Linux kernel's ipc/mqueue, msg, and sem components can cause a crash when a do mq timedreceive call returns and leaves do mq timedsend to rely on an invalid...
node-wakeup (=0.1.0) potentially affected by CVE-2020-7684 via rollup-plugin-serve-favicon (=0.4.7)
rollup-plugin-serve-favicon NPM version =0.4.7 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-serve-favicon and may be impacted: - node-wakeup =0.1.0 Source cves: CVE-2020-7684 Source advisory: SNYK:JS-ROLLUPPLUGINSERVEFAVICON-585950...
The vulnerability of the __sleep and __wakeup functions in the Symfony software development and management platform allows attackers to compromise data integrity.
The vulnerability of the sleep and wakeup functions in the Symfony software platform for web application development and management involves the restoration of unreliable information in memory. Exploiting this vulnerability can allow an attacker to compromise data integrity...
kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results
If the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmfwowlndresults function. This vulnerability can be exploited by compromised...
Google Android Qualcomm WLAN Information Disclosure Vulnerability (CNVD-2018-05989)
Android on Google Pixel and Nexus is a Linux-based open source operating system for the Google Pixel and Nexus smartphones developed by Google Inc. and the Open Handset Alliance OHA, with Qualcomm WLAN being one of the components used. Qualcomm WLAN is a wireless LAN component developed by Qualco...
Abbott Laboratories Multiple Pacemaker Products Access Count Limit Vulnerability
Accent, Anthem, Accent MRI, Assurity, Allure and Assurity MRI are implantable medical devices from Abbott Laboratories USA. The access limit vulnerability exists in several Abbott Laboratories pacemaker products, where the pacemaker does not limit or restricts the number of properly formatted "RF...
The vulnerability of the __wakeup modification in PHP interpreters allows a attacker to trigger a service failure or exert other effects.
The vulnerability of the wakeup modification in PHP interpreters relates to the use of memory after it is released. Exploiting this vulnerability can allow a remote attacker to cause service failures or other effects through specially crafted data, as demonstrated in the exception...
The vulnerability of the CURLFile service implementation in the ext/curl/curl_file.c file of the PHP interpreter allows a attacker to cause a service failure or exert other effects.
The vulnerability of the CURLFile service implementation in the ext/curl/curlfile.c file of the PHP interpreter relates to the use of memory after it is freed. Exploiting this vulnerability may allow a malicious actor, operating remotely, to cause service failures or other effects through special...
UBUNTU-CVE-2016-9138
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::toString with DateInterval::wakeup...
UBUNTU-CVE-2016-9137
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curlfile.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during wakeup processing...
php: bypass __wakeup() in deserialization of an unexpected object
ext/standard/varunserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a 1 destruct call or 2 magic method call...
PHP '__wakeup()' Remote Command Execution Vulnerability
PHP is an open source general-purpose computer scripting language. A remote command execution vulnerability exists in PHP 'wakeup', which allows an attacker to exploit the vulnerability to execute arbitrary code within the context of a user's affected application, or a failed attack would result ...
The vulnerability of the PHP interpreter, which allows a remote attacker to execute arbitrary code
The vulnerability of the PHP interpreter in the processnesteddata function ext/standard/varunserializer.re lies in the use of memory after it is freed. As a result of exploiting this vulnerability, a malicious actor who operates remotely can execute arbitrary code through a specially crafted...
UBUNTU-CVE-2015-2787
Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an...
Kernel: net: mac80211: crash dues to AP powersave TX vs. wakeup race
A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system...
Kernel: net: mac80211: crash dues to AP powersave TX vs. wakeup race
A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system...
Kernel: net: mac80211: crash dues to AP powersave TX vs. wakeup race
A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system...
kernel security, bug fix, and enhancement update
kernel 2.6.18-371.8.1 - virt HID: memory corruption flaw drivers/usb/input/hid-core.c Jacob Tanenbaum 1032996 1032999 CVE-2013-2888 - virt HID: memory corruption flaw in drivers/hv/hid-core.c Jacob Tanenbaum 1032996 1032999 CVE-2013-2888 - scsi lpfc: Fix task management commands having a fixed...
Магические методы, сериализация, инъекции в сессию и все-все-все
==-1== Введение Изначально писал для себя, как небольшой сборник полезных идей, в итоге вылилось вот в такую статью. Особого опыта в написании публикаций у меня нет, так что ногами не пинать, я старался Перед переходом к практическим примерам рассмотрим теоретически основы используемых функций...