Lucene search
K

715 matches found

RedhatCVE
RedhatCVE
added 2024/02/29 11:37 a.m.37 views

CVE-2023-52483

A use-after-free vulnerability was found in the Linux kernel, which affects the mctp component and is caused by route lookups that traverse the net's route list without the RCU read lock held. This issue can result in a use-after-free situation where the kfree function is called on a route pointe...

7.8CVSS8.8AI score0.00231EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 6:15 a.m.28 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: mctp: perform route lookups under a RCU read-side lock Our current route lookups mctproutelookup and mctproutelookupnull traverse the net's route list without the RCU read lock held. This means the route lookup is subject to...

6.6AI score0.00231EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/29 5:43 a.m.28 views

CVE-2023-52483 mctp: perform route lookups under a RCU read-side lock

In the Linux kernel, the following vulnerability has been resolved: mctp: perform route lookups under a RCU read-side lock Our current route lookups mctproutelookup and mctproutelookupnull traverse the net's route list without the RCU read lock held. This means the route lookup is subject to...

6.6AI score0.00231EPSS
Exploits0References4
OSV
OSV
added 2024/02/28 9:15 a.m.3 views

DEBIAN-CVE-2021-47038

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hcidev-lock and socket lock Commit eab2404ba798 "Bluetooth: Add BTPHY socket option" added a dependency between socket lock and hcidev-lock that could lead to deadlock. It turns out that...

5.5CVSS5.9AI score0.00179EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2024/02/14 5:0 p.m.56 views

PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface

Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. Work around: Ensure that inactivity-based screen locks are enforced on endpoints with access to the PAN-OS web interface...

8.8CVSS7AI score0.00503EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/13 7:5 p.m.25 views

CVE-2024-25122 Cross-site Scripting sidekiq-unique-jobs UI server vulnerability

sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, bu...

7.1CVSS6.7AI score0.00525EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/02/13 6:34 p.m.31 views

XSS sidekiq-unique-jobs UI server vulnerability

Summary Cross site scripting XSS potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7. Specifically, this is a Reflected Server-Side, Non-Self, Cross Site Scripting vulnerability, considered a P3 on the BugCrowd taxonomy with the following categorization:...

7.1CVSS7.7AI score0.00525EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2024/02/13 6:34 p.m.1 views

Cross-site Scripting (XSS)

Overview sidekiq-unique-jobs is a package containing unique jobs that were removed from sidekiq. Affected versions of this package are vulnerable to Cross-site Scripting XSS via specially crafted GET request parameters handled by any of the following endpoints of the "admin" web UI: /changelogs,...

8.2CVSS5.2AI score0.00525EPSS
Exploits1References2
OSV
OSV
added 2024/02/13 6:34 p.m.43 views

GHSA-CMH9-RX85-XJ38 XSS sidekiq-unique-jobs UI server vulnerability

Summary Cross site scripting XSS potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7. Specifically, this is a Reflected Server-Side, Non-Self, Cross Site Scripting vulnerability, considered a P3 on the BugCrowd taxonomy with the following categorization:...

7.1CVSS8AI score0.0059EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.7 views

PT-2024-20763 · Unknown · Sidekiq-Unique-Jobs

Name of the Vulnerable Software and Affected Versions: sidekiq-unique-jobs versions prior to 7.1.33 and 8.0.7 Description: The issue is related to a Cross-Site Scripting XSS vulnerability in the sidekiq-unique-jobs "admin" web UI. Specially crafted GET request parameters handled by the following...

7.1CVSS7.5AI score0.00525EPSS
Exploits1References12
Prion
Prion
added 2024/01/05 5:15 p.m.30 views

Design/Logic Flaw

Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by remova...

3.3CVSS6.7AI score0.00888EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/01/05 4:30 p.m.24 views

CVE-2023-34324 Possible deadlock in Linux kernel event handling

Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by remova...

6.9AI score0.00888EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.2 views

kernel: NFSv4: Don't hold the layoutget locks across multiple RPC calls

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open compound, we have to be careful to release the layout locks before we can call any further RPC calls, such as setattr. The...

5.5CVSS6.3AI score0.002EPSS
Exploits0References5
OSV
OSV
added 2023/11/07 8:15 a.m.4 views

CVE-2023-43885

Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device...

8.1CVSS5.8AI score0.00652EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2023/10/11 12:0 a.m.56 views

CVE-2023-34324

Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by remova...

4.9CVSS6.6AI score0.00888EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.6 views

PT-2023-9488 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the mctp component in the Linux kernel, where route lookups are performed without proper read-side critical section locks, leading to potential preemption and...

9.1CVSS6.5AI score0.01401EPSS
Exploits3References962
CNNVD
CNNVD
added 2023/10/02 12:0 a.m.3 views

Pure Storage FlashBlade Security Vulnerability

Pure Storage FlashBlade is a consolidated storage platform for file and object workloads from U.S.-based Pure Storage. A security vulnerability exists in FlashBlade Purity OE version 4.1.0, which stems from a flaw in the system where a user who is authorized to extend the object retention period...

6.5CVSS6.7AI score0.00456EPSS
Exploits0References2
OSV
OSV
added 2023/09/18 1:15 p.m.5 views

CVE-2023-34195

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by...

7.8CVSS6.3AI score0.0022EPSS
Exploits0References2
Prion
Prion
added 2023/09/18 1:15 p.m.17 views

Information disclosure

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by...

4.3CVSS7.7AI score0.0022EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/18 12:0 a.m.18 views

CVE-2023-34195

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by...

8AI score0.0022EPSS
Exploits0References2
Rows per page
Query Builder