lenovo

CVE-2021-3752: [PATCH 5.15 187/917] Bluetooth: fix use-after-free error in lock_sock_nested()

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

2 years ago

CVE

Open in Source

#vulnerability #ios #mac #ubuntu #linux #js #git #intel #c++#perl #samba #lenovo #amd #bios #buffer_overflow #asus #acer #samsung #huawei #ibm #rpm #wifi #ssl

CVE-2021-42370: Storage Monitoring EMC² IBM Hitachi HPE NetApp Lenovo

A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)

3 years ago

CVE

Open in Source

#web #microsoft #perl #lenovo #ibm #dell #docker

CVE-2019-25045

An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.

3 years ago

CVE

Open in Source

#ios #android #mac #windows #ubuntu #linux #debian #git #intel #c++#perl #samba #pdf #vmware #lenovo #amd #bios #buffer_overflow #acer #huawei #auth #ssh #ibm #dell #chrome #wifi #ssl

CVE-2020-14356: kernel NULL pointer dereference in __cgroup_bpf_run_filter_skb

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.

CVE-2020-24394: #962254 - NFSv4.2: umask not applied on filesystem without ACL support

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

4 years ago

CVE

Open in Source

#ios #mac #microsoft #amazon #ubuntu #linux #debian #js #git #intel #php #perl #samba #lenovo #amd #bios #buffer_overflow #asus #acer #samsung #auth #ibm #dell #rpm #wifi #ssl

CVE-2020-24032: Storage Monitoring EMC² IBM Hitachi HPE NetApp Lenovo

tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.

4 years ago

The fix for CVE-2019-11599 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.

4 years ago

CVE

Open in Source

#vulnerability #ios #android #mac #windows #google #linux #dos #git #intel #c++#perl #samba #pdf #vmware #lenovo #amd #bios #auth #dell #chrome #ssl

CVE-2020-11946: Read me | OpManager Help

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.

CVE-2019-15654: Trustwave Security Advisories

Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext.

CVE-2019-15656: Security Advisories | Trustwave

D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables.

Tag

#lenovo