Total
646 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-46935 | 1 Linux | 1 Linux Kernel | 2024-08-04 | 5.5 Medium |
In the Linux kernel, the following vulnerability has been resolved: binder: fix async_free_space accounting for empty parcels In 4.13, commit 74310e06be4d ("android: binder: Move buffer out of area shared with user space") fixed a kernel structure visibility issue. As part of that patch, sizeof(void *) was used as the buffer size for 0-length data payloads so the driver could detect abusive clients sending 0-length asynchronous transactions to a server by enforcing limits on async_free_size. Unfortunately, on the "free" side, the accounting of async_free_space did not add the sizeof(void *) back. The result was that up to 8-bytes of async_free_space were leaked on every async transaction of 8-bytes or less. These small transactions are uncommon, so this accounting issue has gone undetected for several years. The fix is to use "buffer_size" (the allocated buffer size) instead of "size" (the logical buffer size) when updating the async_free_space during the free operation. These are the same except for this corner case of asynchronous transactions with payloads < 8 bytes. | ||||
CVE-2021-46917 | 1 Linux | 1 Linux Kernel | 2024-08-04 | 5.5 Medium |
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix wq cleanup of WQCFG registers A pre-release silicon erratum workaround where wq reset does not clear WQCFG registers was leaked into upstream code. Use wq reset command instead of blasting the MMIO region. This also address an issue where we clobber registers in future devices. | ||||
CVE-2021-46923 | 1 Linux | 1 Linux Kernel | 2024-08-04 | 5.5 Medium |
In the Linux kernel, the following vulnerability has been resolved: fs/mount_setattr: always cleanup mount_kattr Make sure that finish_mount_kattr() is called after mount_kattr was succesfully built in both the success and failure case to prevent leaking any references we took when we built it. We returned early if path lookup failed thereby risking to leak an additional reference we took when building mount_kattr when an idmapped mount was requested. | ||||
CVE-2021-46921 | 1 Linux | 1 Linux Kernel | 2024-08-04 | 5.5 Medium |
In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queued_write_lock_slowpath() While this code is executed with the wait_lock held, a reader can acquire the lock without holding wait_lock. The writer side loops checking the value with the atomic_cond_read_acquire(), but only truly acquires the lock when the compare-and-exchange is completed successfully which isn’t ordered. This exposes the window between the acquire and the cmpxchg to an A-B-A problem which allows reads following the lock acquisition to observe values speculatively before the write lock is truly acquired. We've seen a problem in epoll where the reader does a xchg while holding the read lock, but the writer can see a value change out from under it. Writer | Reader -------------------------------------------------------------------------------- ep_scan_ready_list() | |- write_lock_irq() | |- queued_write_lock_slowpath() | |- atomic_cond_read_acquire() | | read_lock_irqsave(&ep->lock, flags); --> (observes value before unlock) | chain_epi_lockless() | | epi->next = xchg(&ep->ovflist, epi); | | read_unlock_irqrestore(&ep->lock, flags); | | | atomic_cmpxchg_relaxed() | |-- READ_ONCE(ep->ovflist); | A core can order the read of the ovflist ahead of the atomic_cmpxchg_relaxed(). Switching the cmpxchg to use acquire semantics addresses this issue at which point the atomic_cond_read can be switched to use relaxed semantics. [peterz: use try_cmpxchg()] | ||||
CVE-2021-46687 | 1 Jfrog | 1 Artifactory | 2024-08-04 | 4.9 Medium |
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. | ||||
CVE-2021-45420 | 1 Emerson | 2 Dixell Xweb-500, Dixell Xweb-500 Firmware | 2024-08-04 | 9.8 Critical |
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced | ||||
CVE-2021-46354 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2024-08-04 | 7.5 High |
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface. | ||||
CVE-2021-45708 | 1 Abomonation Project | 1 Abomonation | 2024-08-04 | 7.5 High |
An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass. | ||||
CVE-2021-45402 | 1 Linux | 1 Linux Kernel | 2024-08-04 | 5.5 Medium |
The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." | ||||
CVE-2021-44522 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2024-08-04 | 7.5 High |
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. | ||||
CVE-2021-44523 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2024-08-04 | 9.1 Critical |
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. | ||||
CVE-2021-44524 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2024-08-04 | 9.8 Critical |
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. | ||||
CVE-2021-44049 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-08-04 | 7.8 High |
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory. | ||||
CVE-2021-43893 | 1 Microsoft | 24 Windows 10, Windows 10 1507, Windows 10 1607 and 21 more | 2024-08-04 | 7.5 High |
Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability | ||||
CVE-2021-43560 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-04 | 5.3 Medium |
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events. | ||||
CVE-2021-43216 | 1 Microsoft | 24 Windows 10, Windows 10 1507, Windows 10 1607 and 21 more | 2024-08-04 | 6.5 Medium |
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | ||||
CVE-2021-43066 | 1 Fortinet | 1 Forticlient | 2024-08-04 | 8.4 High |
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer. | ||||
CVE-2021-42713 | 2 Microsoft, Splashtop | 2 Windows, Splashtop | 2024-08-04 | 7.8 High |
Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions. | ||||
CVE-2021-42712 | 1 Splashtop | 1 Streamer | 2024-08-04 | 7.8 High |
Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. | ||||
CVE-2021-42714 | 2 Microsoft, Splashtop | 2 Windows, Splashtop | 2024-08-04 | 7.8 High |
Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. |