Lucene search
K

131 matches found

BDU FSTEC
BDU FSTEC
added 2024/10/04 12:0 a.m.6 views

The vulnerability of the mpi_ssp_completion() function in the PMC-Sierra SPC 8001 SAS/SATA kernel of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the mpisspcompletion function in the driver drivers/scsi/pm8001/pm80xxhwi.c file of the PMC-Sierra SPC 8001 SAS/SATA operating system kernel is related to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the...

7.8CVSS6.6AI score0.00238EPSS
Exploits0References12Affected Software2
CVE
CVE
added 2024/05/22 3:0 p.m.90 views

CVE-2024-33218

The CVE-2024-33218 entry concerns ASUSTeK Computer Inc.’s ASUS USB 3.0 Boost Storage Driver (version 5.30.20.0) and its AsUpIO64.sys component. The vulnerability allows attackers to escalate privileges and execute arbitrary code by sending crafted IOCTL requests, with local attack potential and h...

7.8CVSS7.9AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/22 12:0 a.m.3 views

ASUS USB 安全漏洞

ASUS USB is a wireless adapter from Asus China. A security vulnerability exists in ASUS USB 3.0 Boost Storage Driver version 5.30.20.0, which originates from a problem with the component AsUpIO64.sys and allows attackers to elevate privileges and execute arbitrary code by sending a crafted IOCTL...

7.8CVSS7.5AI score0.00211EPSS
Exploits0References2
OSV
OSV
added 2024/05/17 1:4 p.m.12 views

CLSA-2024-1715951065 kernel: Fix of 10 CVEs

scsi: lpfc: Fix use-after-free in lpfcunregrpi routine CVE-2021-47198 - fs,hugetlb: fix NULL pointer dereference in hugetlbsfillsuper CVE-2024-0841 - bpf: Fix incorrect verifier pruning due to missing register precision taints CVE-2023-2163 - bpf: Fix hashtab overflow check on 32-bit arches...

10CVSS7AI score0.03546EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.3 views

kernel: usb-storage: alauda: Fix uninit-value in alauda_check_media()

An uninitialized value vulnerability was found in the alauda USB storage driver in the Linux kernel. In alaudacheckmedia, the function does not verify that USB transfer operations succeeded before using the received data. If a transfer fails, uninitialized memory may be accessed, leading to...

7.1AI score0.00209EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/14 3:46 p.m.3 views

kernel: scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesintfremove A fix for: BUG: KASAN: slab-out-of-bounds in sesintfremove+0x23f/0x270 ses Read of size 8 at addr ffff88a10d32e5d8 by task rmmod/12013 When edev-components is zero, accessing...

7.1CVSS6.7AI score0.00139EPSS
Exploits0References5
OSV
OSV
added 2023/10/14 9:15 p.m.2 views

DEBIAN-CVE-2023-45862

An issue was discovered in drivers/usb/storage/eneub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation...

5.5CVSS6.1AI score0.00282EPSS
Exploits0References1
OSV
OSV
added 2023/10/14 9:15 p.m.1 views

UBUNTU-CVE-2023-45862

An issue was discovered in drivers/usb/storage/eneub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation...

5.5CVSS6.4AI score0.00282EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2023/05/16 8:56 a.m.3 views

kernel: USB: core: Prevent nested device-reset calls

In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 3 Not...

5.5CVSS6.3AI score0.00154EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.4 views

kernel: USB: core: Prevent nested device-reset calls

In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 3 Not...

5.5CVSS6.3AI score0.00154EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.4 views

PT-2025-54135

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s scsi subsystem, specifically within the qedf driver. A NULL dereference issue was identified in the error handling of the qedf alloc global queues...

4.6CVSS7AI score0.00173EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.3 views

SUSE CVE-2014-8135

The storageVolUpload function in storage/storagedriver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service NULL pointer dereference and daemon crash via a crafted offset value in a "virsh vol-upload" command...

2.1CVSS6.4AI score0.00467EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2022/11/15 11:55 a.m.2 views

kernel: scsi: qla2xxx: Fix scheduling while atomic

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer fcremoteportdelete which can put the thread to sleep. The thread that originates the call is in interrupt context. The combination of the two trigge...

5.5CVSS6.3AI score0.00252EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/11/15 11:55 a.m.3 views

kernel: scsi: qla2xxx: Fix warning message due to adisc being flushed

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix warning message due to adisc being flushed Fix warning message due to adisc being flushed. Linux kernel triggered a warning message where a different error code type is not matching up with the expected type. A...

5.5CVSS6.3AI score0.00252EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/04/22 12:0 a.m.5 views

PT-2022-11542 · Lenovo · Thinkstation +2

Name of the Vulnerable Software and Affected Versions: Lenovo Desktop, ThinkStation, and ThinkEdge models affected versions not specified Description: A potential issue in the SMI callback function used in the NVME driver may allow an attacker with local access and elevated privileges to execute...

7.2CVSS6.7AI score0.00245EPSS
Exploits0References4
Veeam
Veeam
added 2021/12/20 12:0 a.m.16 views

Veeam Agent for Microsoft Windows 5.0 Can’t Be Started or Installed After Upgrade to Windows 11

Challenge After upgrading to Windows 11, the Veeam Agent for Microsoft Windows service may fail to start. The following errors can be found in C:\ProgramData\Veeam\Endpoint\Svc.VeeamEndpointBackup.log: Error Failed to start service. Error Error occurred during LocalDB instance startup: SQL Server...

7.3AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2021/05/11 12:45 p.m.3 views

kernel: iscsi: unrestricted access to sessions and handles

A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system...

4.4CVSS6.8AI score0.00711EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2021/04/15 12:0 a.m.2 views

PT-2024-11074 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically in the scsi: qla2xxx driver. The issue arises from the commit a6dcfe08487e, which limits interrupt vectors to the...

7.8CVSS6.6AI score0.08555EPSS
Exploits5References789
NVD
NVD
added 2021/04/07 10:15 p.m.27 views

CVE-2021-29641

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

8.8CVSS0.04867EPSS
Exploits3References5
OSV
OSV
added 2021/04/07 10:15 p.m.4 views

CVE-2021-29641

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

8.8CVSS7.6AI score0.04867EPSS
Exploits3References5
Rows per page
Query Builder