Lucene search
K

212 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.4 views

SUSE CVE-2011-1771

The cifsclose function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service NULL pointer dereference and BUG or possibly have unspecified other impact by setting the ODIRECT flag during an attempt to open a file on a CIFS filesystem...

7.8CVSS6.8AI score0.00516EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.3 views

SUSE CVE-2017-18208

The madvisewillneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service infinite loop by triggering use of MADVISEWILLNEED for a DAX mapping...

6.2CVSS5.9AI score0.00494EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.3 views

SUSE CVE-2021-3748

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...

6.7CVSS6.9AI score0.00522EPSS
Exploits0References21
SUSE CVE
SUSE CVE
added 2023/02/15 3:32 a.m.4 views

SUSE CVE-2022-2989

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...

4.4CVSS7.7AI score0.00307EPSS
Exploits1References9
Citrix
Citrix
added 2023/01/28 12:0 a.m.14 views

How to add all VDA logon user accounts in "Direct Access Users" group automatically

Add all user accounts in "Direct Access Users" group automatically...

7.1AI score
Exploits0
OSV
OSV
added 2023/01/20 11:34 p.m.13 views

GHSA-6HG4-VP5Q-47MW CakePHP allows direct access of prefixed controller actions

Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters...

7.1AI score
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/01/20 11:34 p.m.15 views

CakePHP allows direct access of prefixed controller actions

Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters...

5.2AI score
Exploits0References7Affected Software1
Microsoft KB
Microsoft KB
added 2022/12/13 8:0 a.m.52 views

December 13, 2022—KB5021255 (OS Build 22621.963)

December 13, 2022—KB5021255 OS Build 22621.963 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B” release for...

8.5CVSS7.7AI score0.61605EPSS
Exploits6
Microsoft KB
Microsoft KB
added 2022/12/13 8:0 a.m.63 views

December 13, 2022—KB5021234 (OS Build 22000.1335)

December 13, 2022—KB5021234 OS Build 22000.1335 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B” release for...

8.5CVSS7.8AI score0.76106EPSS
Exploits6
Prion
Prion
added 2022/12/09 6:15 p.m.13 views

Authentication flaw

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linu...

2.1CVSS4.8AI score0.00264EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/11/18 12:0 a.m.42 views

AlmaLinux 9 : podman (ALSA-2022:8431)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8431 advisory. - An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data...

7.1CVSS7.3AI score0.00331EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2022/08/09 12:0 a.m.2 views

PT-2022-4211 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions affected versions not specified Description: The issue is related to insufficient access restrictions in the Storage Spaces Direct feature of the Windows operating system. It allows an attacker to potentially elevate their...

7.8CVSS7.8AI score0.00444EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/07/14 12:0 a.m.4 views

PT-2022-16410 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.7.0 and earlier Description: The issue allows team members to access some sensitive information by directly accessing the APIs. This is an unrestricted information disclosure issue that affects all users. Recommendations...

6.5CVSS6.5AI score0.00768EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2022/05/10 1:24 p.m.2 views

QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...

7.5CVSS6.8AI score0.00522EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/04/12 9:15 a.m.1 views

CVE-2021-42029

A vulnerability has been identified in SIMATIC STEP 7 TIA Portal V15 All versions, SIMATIC STEP 7 TIA Portal V16 All versions V16 Update 5, SIMATIC STEP 7 TIA Portal V17 All versions V17 Update 2. An attacker could achieve privilege escalation on the web server of certain devices due to improper...

7.8CVSS7AI score0.0023EPSS
Exploits0References2
OSV
OSV
added 2022/04/12 9:15 a.m.5 views

CVE-2021-42029

A vulnerability has been identified in SIMATIC STEP 7 TIA Portal V15 All versions, SIMATIC STEP 7 TIA Portal V16 All versions V16 Update 5, SIMATIC STEP 7 TIA Portal V17 All versions V17 Update 2. An attacker could achieve privilege escalation on the web server of certain devices due to improper...

7.8CVSS5.7AI score0.0023EPSS
Exploits0References1
OSV
OSV
added 2022/03/23 8:15 p.m.1 views

DEBIAN-CVE-2021-3748

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...

7.5CVSS6.6AI score0.00522EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2022/03/23 8:15 p.m.58 views

CVE-2021-3748

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...

7.5CVSS2.6AI score0.00522EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/03/23 7:46 p.m.60 views

CVE-2021-3748

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...

7.5CVSS7AI score0.00522EPSS
Exploits0
Cvelist
Cvelist
added 2021/12/14 3:44 p.m.27 views

CVE-2021-44235

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This...

7.1AI score0.00294EPSS
Exploits0References2
Rows per page
Query Builder