Lucene search
K

2742 matches found

OSV
OSV
added 2024/08/21 1:15 a.m.1 views

UBUNTU-CVE-2024-43869

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via freeevent directly, this can potentially result in a leaked...

5.5CVSS6.2AI score0.0021EPSS
Exploits0References18
Debian CVE
Debian CVE
added 2024/08/21 12:10 a.m.16 views

CVE-2024-43882

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

8.4CVSS6.2AI score0.00242EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/08/21 12:10 a.m.32 views

CVE-2024-43882 exec: Fix ToCToU between perm check and set-uid/gid usage

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

7.3AI score0.00242EPSS
Exploits1References8
Cvelist
Cvelist
added 2024/08/21 12:10 a.m.54 views

CVE-2024-43882 exec: Fix ToCToU between perm check and set-uid/gid usage

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

0.00242EPSS
Exploits1References8
OSV
OSV
added 2024/08/21 12:6 a.m.24 views

CVE-2024-43869 perf: Fix event leak upon exec and file release

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via freeevent directly, this can potentially result in a leaked...

5.5CVSS6.3AI score0.0021EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/08/21 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an event leak in the perf subsystem during exec and file release...

5.5CVSS6.8AI score0.0021EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/08/21 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a ToCToU issue in the exec component when setting uid/gid...

8.4CVSS6.5AI score0.00242EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2024/07/31 12:0 a.m.5 views

PT-2024-38272 · Unknown · Youdiancms

Name of the Vulnerable Software and Affected Versions: YouDianCMS version 7 Description: A critical issue has been found, affecting the curl exec function in the file /App/Core/Extend/Function/ydLib.php. The manipulation of the url argument leads to server-side request forgery. This issue can be...

6.5CVSS6.5AI score0.00476EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/07/21 12:0 a.m.5 views

PT-2024-37975 · Unknown · Form Tools

Name of the Vulnerable Software and Affected Versions: Form Tools version 3.1.1 Description: A problematic issue was found in the Import Option List component, specifically affecting the curl exec function in the /admin/forms/option lists/edit.php file. The manipulation of the url argument leads ...

5.1CVSS4.2AI score0.00368EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2024/07/15 12:0 a.m.7 views

The vulnerability in the exec-path configuration of the dockerd daemon on the Docker Desktop operating system for development and container application delivery platforms allows a attacker to trigger a service failure.

The vulnerability of the exec-path configuration in the dockerd daemon of the Docker Desktop operating system for container application development and delivery involves deficiencies in access control. Exploiting this vulnerability could allow an attacker to cause service failures...

6.1CVSS6.7AI score0.00374EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/07/09 5:15 p.m.4 views

CVE-2024-5652

In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode...

5.5CVSS5.8AI score0.00374EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 5:7 p.m.37 views

CVE-2024-5652 In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode

In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode...

6.1CVSS0.00374EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.4 views

Docker Desktop Security Vulnerabilities

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

6.1CVSS6.6AI score0.00374EPSS
Exploits0References2
OSV
OSV
added 2024/06/27 9:32 p.m.10 views

GHSA-RRQQ-FV6M-692M vanna vulnerable to remote code execution caused by prompt injection

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...

9.8CVSS10AI score0.00875EPSS
Exploits0References3
NVD
NVD
added 2024/06/27 7:15 p.m.28 views

CVE-2024-5826

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...

9.8CVSS0.00875EPSS
Exploits0References1
CVE
CVE
added 2024/06/27 6:40 p.m.60 views

CVE-2024-5826

CVE-2024-5826 – vanna-ai/vanna has a remote code execution vulnerability in the vanna.ask function due to prompt injection. The root cause is the absence of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in src/vanna/base/bas...

9.8CVSS10AI score0.00875EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/27 6:40 p.m.41 views

CVE-2024-5826 Remote Code Execution via Prompt Injection in vanna-ai/vanna

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...

9.8CVSS0.00875EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.4 views

vanna Code Injection Vulnerability

Vanna is a personalized AI SQL agent from Vanna. vanna suffers from a code injection vulnerability that stems from a lack of sandboxing for executing LLM-generated code, which allows an attacker to manipulate the exec function in src/vanna/base/base.py, which can be exploited by an attacker to...

9.8CVSS8.9AI score0.00875EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/06/25 11:17 p.m.5 views

SUSE CVE-2024-37026

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possible for a migration job to be stuck behind a fault if migration exec queue shares engines with...

4.7CVSS7.3AI score0.00184EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/11 4:59 p.m.56 views

CVE-2024-30094 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

...

7.8CVSS0.00906EPSS
Exploits0References1
Rows per page
Query Builder