Lucene search
K

2571 matches found

RedHat Linux
RedHat Linux
added 2017/08/01 2:22 p.m.6 views

kernel: Race condition between multiple sys_perf_event_open() calls

It was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sysperfeventopen calls when both try and move the same pre-existing software group into a hardware context...

7.6CVSS7.1AI score0.01674EPSS
Exploits0References4
n0where
n0where
added 2017/07/10 3:46 p.m.31 views

Network OSINT Gathering Tool: XRay

XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: 1. It’ll bruteforce subdomains using a wordlist and DNS requests. 2. For every...

6.7AI score
Exploits0References1
OSV
OSV
added 2017/07/05 1:29 a.m.3 views

DEBIAN-CVE-2017-10913

The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1...

9.8CVSS8.3AI score0.02815EPSS
Exploits0References1
OSV
OSV
added 2017/07/05 1:29 a.m.2 views

ALPINE-CVE-2017-10913

The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1...

9.8CVSS6.5AI score0.02815EPSS
Exploits0References1
OSV
OSV
added 2017/07/05 1:29 a.m.6 views

UBUNTU-CVE-2017-10913

The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1...

9.8CVSS7.3AI score0.02815EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2017/06/30 12:0 a.m.7 views

The vulnerability of the Linux operating system, which allows a hacker to trigger a service failure

The vulnerability of the sctpwaitforsndbuf function in the net/sctp/socket.c kernel of the Linux operating system exists due to insufficient checking of resource status when the resource can be used concurrently. Exploiting this vulnerability allows a malicious actor to cause a service failure—wi...

7.1CVSS6.5AI score0.01162EPSS
Exploits0References31Affected Software1
OSV
OSV
added 2017/06/20 12:29 a.m.5 views

CVE-2017-3743

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility ASU, UpdateXpress System Pack Installer UXSPI or Dynamic System Analysis DSA to a second machine, the other users may be able to see the user ID...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References1
OSV
OSV
added 2017/01/13 12:0 a.m.3 views

UBUNTU-CVE-2016-8745

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn...

7.5CVSS7.2AI score0.16038EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2017/01/13 12:0 a.m.41 views

CVE-2016-8745

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn...

7.5CVSS7.1AI score0.16038EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2016/12/15 12:0 a.m.7 views

The vulnerability of the ion_ioctl function (drivers/staging/android/ion/ion.c) in the Linux operating system, which allows a hacker to trigger a service failure or increase their privileges.

The vulnerability of the ionioctl function drivers/staging/android/ion/ion.c in the Linux operating system exists due to insufficient checking of resource status when resources are allowed to be shared. Exploiting this vulnerability can allow a malicious actor to increase their privileges or caus...

9.3CVSS7.3AI score0.01736EPSS
Exploits0References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/11/07 12:0 a.m.51 views

Debian DSA-3705-1 : curl - security update

Several vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2016-8615 It was discovered that a malicious HTTP server could inject new cookies for arbitrary domains into a cookie jar. - CVE-2016-8616 It was discovered that when re-using a connection, curl was doing case...

9.8CVSS7.3AI score0.05915EPSS
Exploits0References22
curl security advisories
curl security advisories
added 2016/11/02 8:0 a.m.9 views

Use after free via shared cookies

libcurl explicitly allows users to share cookies between multiple easy handles that are concurrently employed by different threads. When cookies to be sent to a server are collected, the matching function collects all cookies to send and the cookie lock is released immediately afterwards. That...

7.5CVSS6.8AI score0.02602EPSS
Exploits0Affected Software2
Check Point Advisories
Check Point Advisories
added 2016/09/13 12:0 a.m.19 views

Microsoft Windows Session Object Elevation of Privilege (MS16-111: CVE-2016-3305)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way windows kernel handles session objects in concurrent logins. Successful exploitation may lead to a malicious user gaining access to a victim user's session...

4.6CVSS7.1AI score0.01492EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/08/08 12:0 a.m.44 views

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-944)

This update for java-180-openjdk fixes the following issues : - Upgrade to version jdk8u101 icedtea 3.1.0 - New in release 3.1.0 2016-07-25 : - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking boo989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only boo989734 -...

9.6CVSS6.8AI score0.0669EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2016/06/22 12:0 a.m.28 views

OracleVM 3.2 : openldap (OVMSA-2016-0069)

The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2015-6908 openldap: bergetnext denial of service vulnerability 1263170 - fix: syncprov psearch race condition 999811 - fix: CVE-2013-4449 segfault on certain queries with rwm overlay 1064146 - fix...

5CVSS5.7AI score0.19984EPSS
Exploits2References4
Cvelist
Cvelist
added 2016/06/07 2:0 p.m.23 views

CVE-2016-5242

The p2mteardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service NULL pointer dereference and host OS crash by creating concurrent domains and holding references to them, related to VMID exhaustion...

6AI score0.00342EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2016/06/06 2:49 p.m.48 views

CVE-2016-5242

The p2mteardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service NULL pointer dereference and host OS crash by creating concurrent domains and holding references to them, related to VMID exhaustion...

5.6CVSS3.3AI score0.00342EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/05/05 12:0 a.m.7 views

The vulnerability of the Junos operating system, which allows a hacker to increase their privileges

The vulnerability of the Junos operating system exists due to insufficient checks on the status of resources when they can be used concurrently. Exploiting this vulnerability allows a malicious actor to enhance their privileges using the URL parameter...

6.5CVSS7.6AI score0.01731EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/04/05 12:0 a.m.47 views

Scientific Linux Security Update : mariadb on SL7.x x86_64 (20160404)

Security Fixes : - It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a...

7.2CVSS7.2AI score0.30146EPSS
Exploits6References25
CNVD
CNVD
added 2016/03/10 12:0 a.m.1 views

ISC DHCP Denial of Service Vulnerability (CNVD-2016-01603)

ISC DHCP is the United States ISC Internet Systems Consortium company's set of open source Dynamic Host Configuration Protocol server software. A security vulnerability exists in ISC DHCP that stems from the program's failure to limit the number of concurrent TCP sessions. A remote attacker could...

7.1CVSS6.4AI score0.73622EPSS
Exploits0References1
Rows per page
Query Builder