Lucene search

K

Goolytics – Simple Google Analytics Security Vulnerabilities

debiancve
debiancve

CVE-2022-48759

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. The current code frees the rpmsg_ctrldev struct in rpmsg_ctrldev_release_device(), but the cdev is a managed...

6.7AI Score

0.0004EPSS

2024-06-20 12:15 PM
1
nvd
nvd

CVE-2022-48763

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virt when SMM state is toggled Forcibly leave nested virtualization operation if userspace toggles SMM state via KVM_SET_VCPU_EVENTS or KVM_SYNC_X86_EVENTS. If userspace forces the vCPU out of SMM...

0.0004EPSS

2024-06-20 12:15 PM
3
cve
cve

CVE-2022-48763

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virt when SMM state is toggled Forcibly leave nested virtualization operation if userspace toggles SMM state via KVM_SET_VCPU_EVENTS or KVM_SYNC_X86_EVENTS. If userspace forces the vCPU out of SMM...

6.2AI Score

0.0004EPSS

2024-06-20 12:15 PM
21
debiancve
debiancve

CVE-2022-48726

In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...

6.7AI Score

0.0004EPSS

2024-06-20 12:15 PM
cve
cve

CVE-2022-48726

In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...

6.6AI Score

0.0004EPSS

2024-06-20 12:15 PM
19
nvd
nvd

CVE-2022-48726

In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...

0.0004EPSS

2024-06-20 12:15 PM
osv
osv

CGA-8f64-fgpv-jxj2

Bulletin has no...

4.4CVSS

7.2AI Score

0.0004EPSS

2024-06-20 11:34 AM
osv
osv

Malicious code in storefront-h5-sdk (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3bdecd59d5667e506fd4f66d29c575454020e37384211ce8a27e463cd6971298) The OpenSSF Package Analysis project identified 'storefront-h5-sdk' @ 1.0.0 (npm) as malicious. It is considered malicious because: The package...

7.1AI Score

2024-06-20 11:27 AM
1
redhatcve
redhatcve

CVE-2021-47588

In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6_dev_free() from sit_init_net() ipip6_dev_free is sit dev->priv_destructor, already called by register_netdevice() if something goes wrong. Alternative would be to make ipip6_dev_free() robust against...

7.1AI Score

0.0004EPSS

2024-06-20 11:27 AM
osv
osv

BIT-python-2024-0397

A defect was discovered in the Python “ssl” module where there is a memoryrace condition with the ssl.SSLContext methods “cert_store_stats()” and“get_ca_certs()”. The race condition can be triggered if the methods arecalled at the same time as certificates are loaded into the SSLContext,such as...

6.1AI Score

0.0004EPSS

2024-06-20 11:18 AM
5
osv
osv

BIT-python-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

6.1AI Score

0.0004EPSS

2024-06-20 11:17 AM
2
cvelist
cvelist

CVE-2022-48763 KVM: x86: Forcibly leave nested virt when SMM state is toggled

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virt when SMM state is toggled Forcibly leave nested virtualization operation if userspace toggles SMM state via KVM_SET_VCPU_EVENTS or KVM_SYNC_X86_EVENTS. If userspace forces the vCPU out of SMM...

0.0004EPSS

2024-06-20 11:13 AM
2
vulnrichment
vulnrichment

CVE-2022-48763 KVM: x86: Forcibly leave nested virt when SMM state is toggled

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virt when SMM state is toggled Forcibly leave nested virtualization operation if userspace toggles SMM state via KVM_SET_VCPU_EVENTS or KVM_SYNC_X86_EVENTS. If userspace forces the vCPU out of SMM...

6.6AI Score

0.0004EPSS

2024-06-20 11:13 AM
2
vulnrichment
vulnrichment

CVE-2022-48759 rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. The current code frees the rpmsg_ctrldev struct in rpmsg_ctrldev_release_device(), but the cdev is a managed object,.....

7AI Score

0.0004EPSS

2024-06-20 11:13 AM
cvelist
cvelist

CVE-2022-48759 rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. The current code frees the rpmsg_ctrldev struct in rpmsg_ctrldev_release_device(), but the cdev is a managed object,.....

0.0004EPSS

2024-06-20 11:13 AM
1
cvelist
cvelist

CVE-2022-48726 RDMA/ucma: Protect mc during concurrent multicast leaves

In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...

0.0004EPSS

2024-06-20 11:13 AM
redhatcve
redhatcve

CVE-2021-47598

In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free:...

7.2AI Score

0.0004EPSS

2024-06-20 10:54 AM
redhatcve
redhatcve

CVE-2021-47597

In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users. After analysis it turned out UDP was not initializing r->idiag_expires. Other users of inet_sk_diag_fill()....

7.1AI Score

0.0004EPSS

2024-06-20 10:54 AM
1
redhatcve
redhatcve

CVE-2021-47594

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

7AI Score

0.0004EPSS

2024-06-20 10:53 AM
malwarebytes
malwarebytes

TikTok facing fresh lawsuit in US over children’s privacy

The Federal Trade Commission (FTC) has announced it's referred a complaint against TikTok and parent company ByteDance to the Department of Justice. The investigation originally focused on Musical.ly which was acquired by ByteDance on November 10, 2017, and merged it into TikTok. The FTC started a....

6.8AI Score

2024-06-20 09:58 AM
2
osv
osv

Apache Superset server arbitrary file read

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for...

6.8CVSS

7.7AI Score

0.0004EPSS

2024-06-20 09:30 AM
3
osv
osv

CGA-mcv5-fjr6-wxgg

Bulletin has no...

10CVSS

9.5AI Score

0.0004EPSS

2024-06-20 09:04 AM
thn
thn

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA...

7AI Score

2024-06-20 08:09 AM
8
redhatcve
redhatcve

CVE-2024-36979

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path (br forward...

6.8AI Score

0.0004EPSS

2024-06-20 07:50 AM
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2024-20952, CVE-2024-20918,CVE-2024-20921, CVE-2023-33850)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs. (CVE-2024-20952,...

7.5CVSS

6.9AI Score

0.001EPSS

2024-06-20 06:49 AM
3
osv
osv

gdb vulnerabilities

It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-4285) It....

6.5CVSS

8.4AI Score

0.001EPSS

2024-06-20 06:07 AM
1
osv
osv

Malicious code in comet-chat-react-ui-kit (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (9a6f38c4d9dd2413e237c8d146d5fcf11d04f613910b552a32a52b3e4cf199f6) The OpenSSF Package Analysis project identified 'comet-chat-react-ui-kit' @ 1.0.1 (npm) as malicious. It is considered malicious because: The...

7.4AI Score

2024-06-20 03:22 AM
1
osv
osv

Malicious code in logoo (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (f27363cd295f9de7f2296d9c6b6d0f18222d76ff8947d98657340216d7c80efb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-20 12:36 AM
1
osv
osv

Malicious code in imageg (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (df52076c4f31a1cfa37f150398316cecaf3fa4608747f701714ca329d155e6b8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-20 12:36 AM
1
osv
osv

Malicious code in desainnew (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (01bf842f0425d57bc046f2dfe5ca780425c5c598cddf38891bcb48821a75920a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-20 12:36 AM
1
osv
osv

Malicious code in desain (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (13494704f154bacb5f2fc638287da1fe39acad551f086f8b5957f633ab310553) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-20 12:36 AM
1
osv
osv

Malicious code in dsain (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (5c297dbb19c09d8f71ccdbc712626dbf279bb972fe57afe0c04dc8e27f723a9b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-20 12:36 AM
osv
osv

LocalAI path traversal vulnerability

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

7.5CVSS

7AI Score

0.0004EPSS

2024-06-20 12:30 AM
2
osv
osv

Malicious code in nodem0m (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (ae93a7345bbc51bd2c0a267dc582cf90302284606b0f569ae06f4dc6a26f801a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-20 12:28 AM
1
osv
osv

Malicious code in nt4padyp (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (813b8cef8cb7a828bbbf2b8edb29b1bbba72c65e7654fe80f07a80398a9e5133) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-20 12:28 AM
1
osv
osv

Malicious code in pwi-cfa-components (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (2d39aaa33ecd66d4aac0437e45aa6a1cddcc74bb7ed416f6b33c3a7151cbc035) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-20 12:23 AM
2
alpinelinux
alpinelinux

CVE-2024-6102

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.6AI Score

0.001EPSS

2024-06-20 12:15 AM
1
cve
cve

CVE-2024-6102

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.6AI Score

0.001EPSS

2024-06-20 12:15 AM
42
osv
osv

CVE-2024-6102

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.5AI Score

0.001EPSS

2024-06-20 12:15 AM
2
nvd
nvd

CVE-2024-6103

Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

0.001EPSS

2024-06-20 12:15 AM
5
alpinelinux
alpinelinux

CVE-2024-6103

Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

7.4AI Score

0.001EPSS

2024-06-20 12:15 AM
2
debiancve
debiancve

CVE-2024-6102

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.2AI Score

0.001EPSS

2024-06-20 12:15 AM
4
debiancve
debiancve

CVE-2024-6103

Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.6AI Score

0.001EPSS

2024-06-20 12:15 AM
3
nvd
nvd

CVE-2024-6102

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

0.001EPSS

2024-06-20 12:15 AM
2
osv
osv

CVE-2024-6103

Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.9AI Score

0.001EPSS

2024-06-20 12:15 AM
3
cve
cve

CVE-2024-6103

Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

7AI Score

0.001EPSS

2024-06-20 12:15 AM
39
debiancve
debiancve

CVE-2024-6100

Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.9AI Score

0.001EPSS

2024-06-20 12:15 AM
11
debiancve
debiancve

CVE-2024-6101

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...

8.8CVSS

5.9AI Score

0.001EPSS

2024-06-20 12:15 AM
3
nvd
nvd

CVE-2024-6100

Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:...

8.8CVSS

0.001EPSS

2024-06-20 12:15 AM
7
osv
osv

CVE-2024-6101

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.2AI Score

0.001EPSS

2024-06-20 12:15 AM
Total number of security vulnerabilities304784