Lucene search

K

800xA, Control Software For AC 800M Security Vulnerabilities

cve
cve

CVE-2022-48726 RDMA/ucma: Protect mc during concurrent multicast leaves

In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...

EPSS

2024-06-20 11:13 AM
cvelist
cvelist

CVE-2022-48726 RDMA/ucma: Protect mc during concurrent multicast leaves

In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...

EPSS

2024-06-20 11:13 AM
cvelist
cvelist

CVE-2022-48724 iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() After commit e3beca48a45b ("irqdomain/treewide: Keep firmware node unconditionally allocated"). For tear down scenario, fn is only freed after fail to allocate...

EPSS

2024-06-20 11:13 AM
cve
cve

CVE-2022-48724 iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() After commit e3beca48a45b ("irqdomain/treewide: Keep firmware node unconditionally allocated"). For tear down scenario, fn is only freed after fail to allocate...

EPSS

2024-06-20 11:13 AM
cvelist
cvelist

CVE-2022-48721 net/smc: Forward wakeup to smc socket waitqueue after fallback

In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be some socket waitqueue entries remaining in smc socket->wq, such as eppoll_entries inserted by...

EPSS

2024-06-20 11:13 AM
cvelist
cvelist

CVE-2022-48720 net: macsec: Fix offload support for NETDEV_UNREGISTER event

In the Linux kernel, the following vulnerability has been resolved: net: macsec: Fix offload support for NETDEV_UNREGISTER event Current macsec netdev notify handler handles NETDEV_UNREGISTER event by releasing relevant SW resources only, this causes resources leak in case of macsec HW offload, as....

EPSS

2024-06-20 11:13 AM
cvelist
cvelist

CVE-2022-48719 net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work

In the Linux kernel, the following vulnerability has been resolved: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work syzkaller was able to trigger a deadlock for NTF_MANAGED entries [0]: kworker/0:16/14617 is trying to acquire lock: ffffffff8d4dd370...

EPSS

2024-06-20 11:13 AM
cvelist
cvelist

CVE-2022-48717 ASoC: max9759: fix underflow in speaker_gain_control_put()

In the Linux kernel, the following vulnerability has been resolved: ASoC: max9759: fix underflow in speaker_gain_control_put() Check for negative values of "priv->gain" to prevent an out of bounds access. The concern is that these might come from the user via: -> snd_ctl_elem_write_user() ...

EPSS

2024-06-20 11:13 AM
cvelist
cvelist

CVE-2022-48714 bpf: Use VM_MAP instead of VM_ALLOC for ringbuf

In the Linux kernel, the following vulnerability has been resolved: bpf: Use VM_MAP instead of VM_ALLOC for ringbuf After commit 2fd3fb0be1d1 ("kasan, vmalloc: unpoison VM_ALLOC pages after mapping"), non-VM_ALLOC mappings will be marked as accessible in __get_vm_area_node() when KASAN is enabled.....

EPSS

2024-06-20 11:13 AM
cvelist
cvelist

CVE-2022-48713 perf/x86/intel/pt: Fix crash with stop filters in single-range mode

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/pt: Fix crash with stop filters in single-range mode Add a check for !buf->single before calling pt_buffer_region_size in a place where a missing check can cause a kernel crash. Fixes a bug introduced by commit...

EPSS

2024-06-20 11:13 AM
cvelist
cvelist

CVE-2022-48711 tipc: improve size validations for received domain records

In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domain_record structs from peer nodes to track their views of the network topology. This patch verifies...

EPSS

2024-06-20 11:13 AM
2
schneier
schneier

Recovering Public Keys from Signatures

Interesting summary of various ways to derive the public key from digitally signed files. Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have a message and a signature, assume the signature is valid, and want...

7.2AI Score

2024-06-20 11:10 AM
cvelist
cvelist

CVE-2021-47620 Bluetooth: refactor malicious adv data check

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at the end of while num_reports loop, and would fill journal with false positives. Added check to beginning of loop processing so that it....

EPSS

2024-06-20 11:08 AM
cvelist
cvelist

CVE-2021-47619 i40e: Fix queues reservation for XDP

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix queues reservation for XDP When XDP was configured on a system with large number of CPUs and X722 NIC there was a call trace with NULL pointer dereference. i40e 0000:87:00.0: failed to get tracking for 256 queues for VSI....

EPSS

2024-06-20 11:08 AM
qualysblog
qualysblog

Secure Your Containerized Environments with Qualys Containerized Scanner Appliance (QCSA)

IT has undergone a series of significant shifts over the years, from physical infrastructure to virtual, and how infrastructure was managed and maintained. This shift led IT through the digital transformation era, introducing various types of clouds and “As-a-Service” models. Although...

7AI Score

2024-06-20 11:06 AM
cvelist
cvelist

CVE-2024-5036 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.5.4 due to insufficient input...

6.4CVSS

EPSS

2024-06-20 11:06 AM
cvelist
cvelist

CVE-2021-47618 ARM: 9170/1: fix panic when kasan and kprobe are enabled

In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...

EPSS

2024-06-20 10:57 AM
cvelist
cvelist

CVE-2021-47617 PCI: pciehp: Fix infinite loop in IRQ handler upon power fault

In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault The Power Fault Detected bit in the Slot Status register differs from all other hotplug events in that it is sticky: It can only be cleared after turning off slot...

EPSS

2024-06-20 10:57 AM
openbugbounty
openbugbounty

adil93.org Cross Site Scripting vulnerability OBB-3936881

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 10:50 AM
thn
thn

Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024

Highlights Complex Tool Landscape: Explore the wide array of cybersecurity tools used by MSPs, highlighting the common challenge of managing multiple systems that may overlap in functionality but lack integration. Top Cybersecurity Challenges: Discuss the main challenges MSPs face, including...

7AI Score

2024-06-20 10:49 AM
openbugbounty
openbugbounty

sovetsk-ruo.ucoz.ru Cross Site Scripting vulnerability OBB-3936874

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 10:47 AM
openbugbounty
openbugbounty

static4.museoreinasofia.es Cross Site Scripting vulnerability OBB-3936875

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 10:47 AM
cvelist
cvelist

CVE-2024-28147 Unrestricted Upload of Files in edu-sharing

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image (Stored Cross Site...

EPSS

2024-06-20 10:46 AM
1
openbugbounty
openbugbounty

samsung-service-fehlersuche.samsung.de Cross Site Scripting vulnerability OBB-3936873

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 10:46 AM
1
openbugbounty
openbugbounty

novokosino.3dn.ru Cross Site Scripting vulnerability OBB-3936871

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 10:45 AM
1
openbugbounty
openbugbounty

maxim-averin.ucoz.ru Cross Site Scripting vulnerability OBB-3936869

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 10:44 AM
openbugbounty
openbugbounty

kprf35.ucoz.ru Cross Site Scripting vulnerability OBB-3936868

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 10:40 AM
openbugbounty
openbugbounty

kino.trc-forum.ru Cross Site Scripting vulnerability OBB-3936867

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 10:40 AM
openbugbounty
openbugbounty

archives.polemia.com Cross Site Scripting vulnerability OBB-3936863

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 10:38 AM
openbugbounty
openbugbounty

1.mukcbs.org Cross Site Scripting vulnerability OBB-3936861

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 10:37 AM
thn
thn

Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021

Cyber espionage groups associated with China have been linked to a long-running campaign that has infiltrated several telecom operators located in a single Asian country at least since 2021. "The attackers placed backdoors on the networks of targeted companies and also attempted to steal...

9.1CVSS

7.4AI Score

0.975EPSS

2024-06-20 10:22 AM
openbugbounty
openbugbounty

oriohome.gr Cross Site Scripting vulnerability OBB-3936859

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 10:20 AM
malwarebytes
malwarebytes

TikTok facing fresh lawsuit in US over children&#8217;s privacy

The Federal Trade Commission (FTC) has announced it's referred a complaint against TikTok and parent company ByteDance to the Department of Justice. The investigation originally focused on Musical.ly which was acquired by ByteDance on November 10, 2017, and merged it into TikTok. The FTC started a....

6.8AI Score

2024-06-20 09:58 AM
nvd
nvd

CVE-2024-34693

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for...

6.8CVSS

EPSS

2024-06-20 09:15 AM
2
cve
cve

CVE-2024-34693

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for...

6.8CVSS

6.9AI Score

EPSS

2024-06-20 09:15 AM
3
ibm
ibm

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2020-11022)

Summary There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2020-11022 DESCRIPTION: **jQuery is vulnerable to cross-site...

6.9CVSS

6.3AI Score

0.061EPSS

2024-06-20 09:12 AM
6
ibm
ibm

Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM TXSeries for Multiplatforms is vulnerable to a Denial of Service.

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM TXSeries for Multiplatforms. The version of IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms has been updated to address the applicable...

7.5CVSS

7AI Score

0.0004EPSS

2024-06-20 09:09 AM
3
ibm
ibm

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2019-11358)

Summary There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2019-11358 DESCRIPTION: **jQuery, as used in Drupal core, is...

6.1CVSS

6.2AI Score

0.035EPSS

2024-06-20 09:08 AM
6
wolfi
wolfi

GHSA-VQ7J-GX56-RXJH vulnerabilities

Vulnerabilities for packages: kind, falco,...

7.5AI Score

2024-06-20 09:08 AM
153
wolfi
wolfi

CVE-2023-23946 vulnerabilities

Vulnerabilities for packages:...

7.5CVSS

8.1AI Score

0.001EPSS

2024-06-20 09:08 AM
189
wolfi
wolfi

CVE-2024-32004 vulnerabilities

Vulnerabilities for packages:...

8.1CVSS

7.1AI Score

0.0004EPSS

2024-06-20 09:08 AM
20
wolfi
wolfi

GHSA-JJR8-97P7-VMMG vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-20 09:08 AM
92
wolfi
wolfi

CVE-2024-5274 vulnerabilities

Vulnerabilities for packages:...

8.8CVSS

7.1AI Score

0.003EPSS

2024-06-20 09:08 AM
25
wolfi
wolfi

CVE-2024-5206 vulnerabilities

Vulnerabilities for packages: py3-scikit-learn,...

4.7CVSS

5AI Score

0.0004EPSS

2024-06-20 09:08 AM
7
wolfi
wolfi

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kubescape, minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, skopeo, argo-cd, grafana, rqlite, spicedb, temporal-server, ctop, istio-cni, clusterctl, cri-tools, kor, kubernetes-csi-livenessprobe, trillian,...

7.5AI Score

2024-06-20 09:08 AM
165
wolfi
wolfi

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, kubebuilder, argo-cd, dataplaneapi, yam, rqlite, tailscale, petname, temporal-server, ctop, clusterctl, cri-tools, kor, aws-flb-firehose,...

7.8AI Score

0.0004EPSS

2024-06-20 09:08 AM
178
wolfi
wolfi

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: telegraf, amass, kube-bench, argo-workflows, ferretdb, kine, kots, caddy, vault, keda, step-ca, trillian, k3s, spicedb, temporal-server,...

9.8CVSS

9.7AI Score

0.0004EPSS

2024-06-20 09:08 AM
114
wolfi
wolfi

GHSA-X32M-MVFJ-52XV vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-20 09:08 AM
75
wolfi
wolfi

CVE-2023-38470 vulnerabilities

Vulnerabilities for packages:...

6.2CVSS

7.1AI Score

0.0004EPSS

2024-06-20 09:08 AM
160
wolfi
wolfi

GHSA-5QM6-J92F-79JP vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-20 09:08 AM
155
Total number of security vulnerabilities2398724