c. schwarz vulnerabilities and exploits

(subscribe to this query)

ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 up to and including 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.

Linux Linux Kernel Debian Debian Linux 8.0 Fedoraproject Fedora 29 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 19.04

An issue exists in net/wireless/nl80211.c in the Linux kernel up to and including 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.

Linux Linux Kernel Debian Debian Linux 8.0 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 19.04 Canonical Ubuntu Linux 19.10 Fedoraproject Fedora 30 Opensuse Leap 15.1

1 Article

The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel prior to 5.0.8 has multiple race conditions.

Linux Linux Kernel Debian Debian Linux 9.0 Opensuse Leap 15.1 Opensuse Leap 42.3 Netapp Active Iq -Netapp Hci Management Node -Netapp Snapprotect -Netapp Solidfire -Netapp Storage Replication Adapter For Clustered Data Ontap 9.7 Netapp Vasa Provider For Clustered Data Ontap 9.7 Netapp Virtual Storage Console 9.7

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side p...

The Kiuwan Local Analyzer (KLA) Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer...

For Kiuwan installations with SSO (single sign-on) enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a Ja...

Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information...

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook