Lucene search
K

734 matches found

OSV
OSV
added 2024/07/30 7:11 a.m.29 views

SUSE-SU-2024:2629-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to version 11.0.24+8 July 2024 CPU: - CVE-2024-21131: Fixed a potential UTF8 size overflow bsc1228046. - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length bsc1228047. - CVE-2024-21140: Fixed a pre-loop limit...

7.4CVSS6.7AI score0.01257EPSS
Exploits0References14
OSV
OSV
added 2024/07/29 3:15 p.m.4 views

UBUNTU-CVE-2024-41038

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

5.5CVSS6.4AI score0.00274EPSS
Exploits0References17
CNNVD
CNNVD
added 2024/07/29 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that the original code does not take into account that wmfwadsp2sizes is 4 bytes larger than...

7.8CVSS6.9AI score0.00285EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/07/18 9:52 a.m.4 views

OpenJDK: Pack200 increase loading time due to improper header validation (8322106)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability...

3.7CVSS7.4AI score0.01056EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/17 10:45 p.m.4 views

OpenJDK: Pack200 increase loading time due to improper header validation (8322106)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability...

3.7CVSS7.4AI score0.01056EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/17 10:53 a.m.7 views

OpenJDK: Pack200 increase loading time due to improper header validation (8322106)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability...

3.7CVSS7.4AI score0.01056EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/16 11:29 p.m.6 views

OpenJDK: Pack200 increase loading time due to improper header validation (8322106)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability...

3.7CVSS7.4AI score0.01056EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/16 10:11 p.m.6 views

OpenJDK: Pack200 increase loading time due to improper header validation (8322106)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability...

3.7CVSS7.4AI score0.01056EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/16 10:6 p.m.5 views

OpenJDK: Pack200 increase loading time due to improper header validation (8322106)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability...

3.7CVSS7.4AI score0.01056EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/16 9:31 p.m.2 views

OpenJDK: Pack200 increase loading time due to improper header validation (8322106)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability...

3.7CVSS7.4AI score0.01056EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/06/24 11:16 p.m.2 views

SUSE CVE-2024-38381

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in ncirxwork syzbot reported the following uninit-value access issue 1 ncirxwork parses received packet from ndev-rxq. It should be validated header size, payload size and total packet size before...

5.3CVSS6.2AI score0.00258EPSS
Exploits0References16
OSV
OSV
added 2024/06/21 11:15 a.m.6 views

AZL-48965 CVE-2024-38381 affecting package kernel for versions less than 6.6.51.1-1

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in ncirxwork syzbot reported the following uninit-value access issue 1 ncirxwork parses received packet from ndev-rxq. It should be validated header size, payload size and total packet size before...

7.1CVSS6.6AI score0.00258EPSS
Exploits0References1
OSV
OSV
added 2024/05/30 8:0 p.m.9 views

GHSA-MXJF-HC9V-XGV2 ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting

Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, https enforcement, password reset links and many more. Since the host header itself is provided by the client...

6.1CVSS7.2AI score
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2024/05/24 7:0 a.m.3 views

netfilter: flowtable: validate pppoe header

...

5.5CVSS7.3AI score0.00246EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/05/23 3:5 a.m.1 views

SUSE CVE-2021-47227

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Prevent state corruption in fpurestoresig The non-compacted slowpath uses copyfromuser and copies the entire user buffer into the kernel buffer, verbatim. This means that the kernel buffer may now contain entirely invali...

5.5CVSS6.8AI score0.00235EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/05/23 3:5 a.m.5 views

SUSE CVE-2021-47243

In the Linux kernel, the following vulnerability has been resolved: schcake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc cakegettcpopt and caketcphmaydrop could read one byte out of bounds. When the length is 1, the execution flow gets into the loop,...

7.1CVSS6.6AI score0.00259EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/05/22 9:52 a.m.6 views

EDK2: heap buffer overflow in Tcg2MeasureGptTable()

A heap buffer overflow flaw was found via the Tcg2MeasureGptTable function in EDK2, arising from inadequate validation of the GPT Primary Header, presenting a minor risk to confidentiality and integrity. The primary consequence is likely a crash or denial of service. This issue may allow a local...

7.8CVSS6.2AI score0.00288EPSS
Exploits0References5
OSV
OSV
added 2024/05/21 3:15 p.m.1 views

UBUNTU-CVE-2021-47227

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Prevent state corruption in fpurestoresig The non-compacted slowpath uses copyfromuser and copies the entire user buffer into the kernel buffer, verbatim. This means that the kernel buffer may now contain entirely invali...

5.5CVSS6.4AI score0.00235EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2024/05/21 1:58 a.m.2 views

SUSE CVE-2024-35973

In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve6xmitskb syzbot is able to trigger an uninit-value in genevexmit 1 Problem : While most ip tunnel helpers like iptunnelgetdsfield uses skbprotocolskb, true, pskbinetmaypull is only using...

5.5CVSS6.4AI score0.0025EPSS
Exploits0References16
NVD
NVD
added 2024/05/20 10:15 a.m.19 views

CVE-2024-35973

In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve6xmitskb syzbot is able to trigger an uninit-value in genevexmit 1 Problem : While most ip tunnel helpers like iptunnelgetdsfield uses skbprotocolskb, true, pskbinetmaypull is only using...

5.5CVSS6.4AI score0.0025EPSS
Exploits0References12
Rows per page
Query Builder