Lucene search
K

196 matches found

CNNVD
CNNVD
added 2025/02/14 12:0 a.m.5 views

Label Studio 安全漏洞

Label Studio is an open source data labeling tool from Heartex Open Source. It allows you to label data types such as audio, text, images, video, and time series using a straightforward UI and export to a variety of model formats. A security vulnerability exists in Label Studio versions prior to...

8.7CVSS6.4AI score0.00708EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Smack: TCP/IPv4; fixed incorrect labeling. Currently, Smack follows the labeling scheme for incoming TCP/IPv4 connections. When a connection labeled “foo” connects to a connection labeled “bar” via TCP/IPv4, “foo” always appears ...

8.8CVSS6.5AI score0.0084EPSS
Exploits0References3
OSV
OSV
added 2025/02/03 8:54 a.m.3 views

SUSE-SU-2025:20042-1 Security update for selinux-policy

This update for selinux-policy fixes the following issues: Update to version 20230523+git25.ad22dd7f: Backport wtmpdb label change to have the same wtmpdb label as in SL Micro 6.1 bsc1229132 Add authrwwtmpdbloginrecords to domains using authmanageloginrecords Add authrwwtmpdbloginrecords to modul...

5.8AI score
Exploits0References7
Malwarebytes
Malwarebytes
added 2025/01/08 5:35 p.m.14 views

US Cyber Trust Mark logo for smart devices is coming

The White House announced the launch of the US Cyber Trust Mark which aims to help buyers make an informed choice about the purchase of wireless internet-connected devices, such as baby monitors, doorbells, thermostats, and more. The cybersecurity labeling program for wireless consumer Internet o...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2024/10/11 4:59 p.m.15 views

CVE-2024-47659

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

8.8CVSS6.9AI score0.0084EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/10/10 2:48 a.m.4 views

SUSE CVE-2024-47659

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

8.8CVSS7.7AI score0.0084EPSS
Exploits0References3
OSV
OSV
added 2024/10/09 2:15 p.m.2 views

DEBIAN-CVE-2024-47659

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

8.8CVSS6.2AI score0.0084EPSS
Exploits0References1
OSV
OSV
added 2024/10/09 2:15 p.m.2 views

UBUNTU-CVE-2024-47659

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

8.8CVSS6.5AI score0.0084EPSS
Exploits0References34
Vulnrichment
Vulnrichment
added 2024/10/09 2:2 p.m.25 views

CVE-2024-47659 smack: tcp: ipv4, fix incorrect labeling

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

6.9AI score0.0084EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2024/10/09 2:2 p.m.13 views

CVE-2024-47659

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

8.8CVSS6.2AI score0.0084EPSS
Exploits0
Cvelist
Cvelist
added 2024/10/09 2:2 p.m.25 views

CVE-2024-47659 smack: tcp: ipv4, fix incorrect labeling

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

0.0084EPSS
Exploits0References8
CVE
CVE
added 2024/10/09 2:2 p.m.158 views

CVE-2024-47659

CVE-2024-47659 - Linux kernel Smack labeling flaw (tcp/ipv4) Unity/Ten able advisories summarize a kernel issue in Smack where the label of incoming tcp/ipv4 connections is mirrored from the initiator, causing return packets to be labeled with the initiator’s CIPSO label. This results in two conc...

8.8CVSS7.9AI score0.0084EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/10/09 2:2 p.m.16 views

CVE-2024-47659 smack: tcp: ipv4, fix incorrect labeling

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

8.8CVSS6.1AI score0.0084EPSS
Exploits0References12
OSV
OSV
added 2024/10/01 9:15 p.m.4 views

DEBIAN-CVE-2024-9407

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

4.7CVSS6.4AI score0.00287EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/23 12:0 a.m.17 views

CVE-2024-40441

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the modelattribs parameter...

0.00667EPSS
Exploits0References3
CVE
CVE
added 2024/09/23 12:0 a.m.54 views

CVE-2024-40441

CVE-2024-40441 describes a privilege-escalation flaw in Doccano’s open‑source tooling: the Doccano Open Source Annotation Tools for ML practitioners (v1.8.4) and the Doccano Auto Labeling Pipeline (v0.1.23) mishandle the model_attribs parameter, enabling remote attackers to elevate privileges. Ro...

6.6CVSS7.5AI score0.00667EPSS
Exploits0References3
Fedora
Fedora
added 2024/07/01 4:50 a.m.15 views

[SECURITY] Fedora 40 Update: libreswan-4.15-1.fc40

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

6.5CVSS6.7AI score0.008EPSS
Exploits0
Fedora
Fedora
added 2024/07/01 1:34 a.m.16 views

[SECURITY] Fedora 39 Update: libreswan-4.15-1.fc39

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

6.5CVSS6.7AI score0.008EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:30 p.m.4 views

Malicious code in OCI.DotNetSDK.Datalabeling.service (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSV
OSV
added 2024/06/11 11:49 a.m.12 views

SUSE-SU-2024:1989-1 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: - Bump github.com/containers/image/v5 bsc1224119,...

8.3CVSS8.6AI score0.01279EPSS
Exploits0References3
Rows per page
Query Builder