Lucene search
K

7654 matches found

OSV
OSV
added 2024/08/26 10:10 a.m.14 views

CVE-2024-43891 tracing: Have format file honor EVENT_FILE_FL_FREED

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENTFILEFLFREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would hav...

4.7CVSS6AI score0.00225EPSS
Exploits0References6
OSV
OSV
added 2024/08/22 4:15 a.m.4 views

CVE-2024-45169

An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service DoS attacks and possibly remote code execution...

9.8CVSS6.5AI score0.01384EPSS
Exploits1References5
NVD
NVD
added 2024/08/22 4:15 a.m.17 views

CVE-2022-48938

In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the...

5.5CVSS0.00213EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/08/22 3:31 a.m.20 views

CVE-2022-48938 CDC-NCM: avoid overflow in sanity checking

In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the...

7AI score0.00213EPSS
Exploits0References6
OSV
OSV
added 2024/08/22 3:31 a.m.17 views

CVE-2022-48938 CDC-NCM: avoid overflow in sanity checking

In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the...

5.5CVSS6.1AI score0.00213EPSS
Exploits0References9
OSV
OSV
added 2024/08/22 2:15 a.m.3 views

UBUNTU-CVE-2021-4441

In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynqqspiexecmemop In zynqqspiexecmemop, kzalloc is directly used in memset, which could lead to a NULL pointer dereference on failure of kzalloc. Fix this bug by adding a chec...

5.5CVSS6.1AI score0.00225EPSS
Exploits0References8
OSV
OSV
added 2024/08/21 3:28 p.m.10 views

GO-2022-0790 Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy in github.com/oauth2-proxy/oauth2-proxy

Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy in github.com/oauth2-proxy/oauth2-proxy...

6.1CVSS6.1AI score0.01353EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/08/21 12:10 a.m.52 views

CVE-2024-43882 exec: Fix ToCToU between perm check and set-uid/gid usage

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

0.00242EPSS
Exploits1References8
CVE
CVE
added 2024/08/21 12:10 a.m.162 views

CVE-2024-43882

CVE-2024-43882 is a Linux kernel race Condition (ToCToU) in exec path: permission checks for a file are done at do_filp_open(), but the metadata (mode/UID/GID) used later in execve() can be changed before execution, enabling potential root privilege escalation. The issue is exploitable in scenari...

8.4CVSS7AI score0.00242EPSS
Exploits1References13Affected Software1
Debian CVE
Debian CVE
added 2024/08/21 12:10 a.m.16 views

CVE-2024-43882

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

8.4CVSS6.2AI score0.00242EPSS
Exploits1
OSV
OSV
added 2024/08/21 12:6 a.m.13 views

CVE-2024-43875 PCI: endpoint: Clean up error handling in vpci_scan_bus()

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Clean up error handling in vpciscanbus Smatch complains about inconsistent NULL checking in vpciscanbus: drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpciscanbus error: we previously assumed 'vpcibus' could b...

5.5CVSS6.1AI score0.0021EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/08/21 12:0 a.m.23 views

Amazon Linux 2 : webkitgtk4 (ALAS-2024-2623)

The version of webkitgtk4 installed on the remote host is prior to 2.42.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2623 advisory. A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS...

6.5CVSS6.7AI score0.01135EPSS
Exploits0References10
Cvelist
Cvelist
added 2024/08/20 12:11 p.m.18 views

CVE-2024-6918

CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP...

7.5CVSS0.00484EPSS
Exploits0References1
CVE
CVE
added 2024/08/20 12:11 p.m.56 views

CVE-2024-6918

CVE-2024-6918 is a CWE-120 buffer overflow affecting Schneider Electric Accutech Manager. Connected docs indicate it can cause a crash of the Accutech Manager when handling a specially crafted request over port 2536/TCP, potentially affecting versions up to 2.8.0.0 (and earlier per some sources)....

7.5CVSS7AI score0.00484EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/08/17 12:0 a.m.30 views

SUSE SLES15: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2024:2949-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2949-1 advisory. - CVE-2024-40776: Fixed a use-after-free issue with improved memory management bsc1228613. - CVE-2024-40779: Fixed a out-of-bounds...

9.8CVSS6.6AI score0.00994EPSS
Exploits0References13
BDU FSTEC
BDU FSTEC
added 2024/08/16 12:0 a.m.7 views

The vulnerability of the Packet Forwarding Engine (PFE) module in Juniper Networks’ Junos OS Evolved operating system allows a hacker to trigger a service failure.

The vulnerability of the Packet Forwarding Engine PFE module in Juniper Networks’ Junos OS Evolved operating system is related to insufficient checking of exceptional states. Exploiting this vulnerability can allow a malicious actor to trigger service failures remotely...

6.5CVSS5.4AI score0.00327EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/08/15 12:0 a.m.44 views

SUSE SLED15: WebKitGTK-4.0-lang / WebKitGTK-4.1-lang / WebKitGTK-6.0-lang / etc (SUSE-SU-2024:2905-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2905-1 advisory. - CVE-2024-40776: Fixed a use-after-free issue with improved memory management bsc1228613. - CVE-2024-40779:...

9.8CVSS6.6AI score0.00994EPSS
Exploits0References13
OSV
OSV
added 2024/08/14 7:48 a.m.19 views

SUSE-SU-2024:2905-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - CVE-2024-40776: Fixed a use-after-free issue with improved memory management bsc1228613. - CVE-2024-40779: Fixed a out-of-bounds read with improved bounds checking bsc1228693. - CVE-2024-40780: Fixed another out-of-bounds read with improve...

9.8CVSS7AI score0.00994EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2024/08/14 12:0 a.m.6 views

The vulnerability of the software for detecting vulnerabilities and errors in PT Application Inspector, due to improper checking of query parameters, allows a perpetrator to execute arbitrary code.

The vulnerability of the PT Application Inspector’s software for detecting vulnerabilities and errors is related to improper checking of query parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS5.9AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/08/14 12:0 a.m.7 views

The vulnerability of the IP address checking function in FortiOS operating systems and FortiProxy proxy servers allows attackers to circumvent existing security restrictions.

The vulnerability of the IP address checking function in FortiOS operating systems and FortiProxy proxy servers for protecting against Internet attacks is related to the improper handling of numerical parameters based on different criteria. Exploiting this vulnerability allows a malicious actor t...

3.4CVSS5.5AI score0.00467EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder