Lucene search
+L

240 matches found

UbuntuCve
UbuntuCve
added 2024/05/17 3:15 p.m.26 views

CVE-2023-52687

In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Add error handling for dmamapsg calls Macro dmamapsg may return 0 on error. This patch enables checks in case of the macro failure and ensures unmapping of previously mapped buffers with dmaunmapsg. Found by...

5.5CVSS6.3AI score0.00232EPSS
Exploits0References14
CVE
CVE
added 2024/05/17 2:24 p.m.88 views

CVE-2023-52687

CVE-2023-52687 affects the Linux kernel crypto safexcel path. The issue arises when dma_map_sg() can return 0 on error, risking improper handling of DMA mappings. The published patch adds error checks for dma_map_sg() and ensures previously mapped buffers are unmapped via dma_unmap_sg() to preven...

5.5CVSS6.7AI score0.00232EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/10 2:43 p.m.31 views

CVE-2024-31441 Arbitrary File Reading in DataEase

DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19...

7.5CVSS7AI score0.00551EPSS
Exploits1References1
CVE
CVE
added 2024/05/03 2:51 p.m.167 views

CVE-2022-48672

CVE-2022-48672 is a Linux kernel issue in the device-tree flattening path: in unflatten_dt_nodes(), an off-by-one error can overflow the nps[] buffer due to an unfixed depth check in the loop. The problem was fixed by commit 78c44d910d3e, in which the depth handling during unflattening was correc...

7.8CVSS6.6AI score0.00248EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2024/05/01 8:56 p.m.29 views

CVE-2024-27041

A vulnerability was found in the Linux kernel's AMD amdgpudm.c driver, where a lack of proper checks in the amdgpudmfini function could result in a NULL pointer dereference. This scenario can occur when attempting to access the value adev-dm.dc and could lead to memory corruption or system...

5.5CVSS6.9AI score0.00272EPSS
Exploits0References4
NVD
NVD
added 2024/05/01 1:15 p.m.31 views

CVE-2024-27041

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix NULL checks for adev-dm.dc in amdgpudmfini Since 'adev-dm.dc' in amdgpudmfini might turn out to be NULL before the call to dcenabledmubnotifications, check beforehand to ensure there will not be a possible...

5.5CVSS7.3AI score0.00272EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/01 12:54 p.m.35 views

CVE-2024-27041 drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix NULL checks for adev-dm.dc in amdgpudmfini Since 'adev-dm.dc' in amdgpudmfini might turn out to be NULL before the call to dcenabledmubnotifications, check beforehand to ensure there will not be a possible...

6.6AI score0.00272EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/01 12:54 p.m.17 views

CVE-2024-27041 drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix NULL checks for adev-dm.dc in amdgpudmfini Since 'adev-dm.dc' in amdgpudmfini might turn out to be NULL before the call to dcenabledmubnotifications, check beforehand to ensure there will not be a possible...

6.7AI score0.00272EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/04/29 4:20 p.m.19 views

CVE-2022-48657

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amufiesetup cpufreqgethwmaxfreq returns max frequency in kHz as unsigned int, while freqinvsetmaxratio gets passed this frequency in Hz as 'u64'. Multiplying max frequency by 1000 can...

5.5CVSS7.5AI score0.00248EPSS
Exploits0References4
NVD
NVD
added 2024/04/28 1:15 p.m.17 views

CVE-2022-48657

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amufiesetup cpufreqgethwmaxfreq returns max frequency in kHz as unsigned int, while freqinvsetmaxratio gets passed this frequency in Hz as 'u64'. Multiplying max frequency by 1000 can...

7.8CVSS7.5AI score0.00248EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/02 12:0 a.m.6 views

PT-2024-4186 · Unknown · Svacer Sast

Name of the Vulnerable Software and Affected Versions: Svacer SAST affected versions not specified Description: The issue is related to information disclosure. It can be exploited by a remote attacker to gain access to protected information. Recommendations: At the moment, there is no information...

7.8CVSS7.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/02/18 9:25 p.m.3 views

Malicious code in analysis-tool-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab026f9cd9836e60e06d6f1449c82d1e5d26662722dfa2be764f46778eab3b39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/02/18 9:25 p.m.10 views

MAL-2024-1023 Malicious code in analysis-tool-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab026f9cd9836e60e06d6f1449c82d1e5d26662722dfa2be764f46778eab3b39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/21 12:0 a.m.6 views

PT-2024-19214 · Unknown · Access Analysis Cgi An-Analyzer

Name of the Vulnerable Software and Affected Versions: Access analysis CGI An-Analyzer versions prior to 2023 December 31 Description: The issue allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL...

6.1CVSS6.2AI score0.00395EPSS
Exploits0References7
CVE
CVE
added 2023/07/25 7:4 p.m.144 views

CVE-2023-37257

CVE-2023-37257 is a stored cross-site scripting vulnerability in DataEase prior to version 1.18.9, affecting the DataEase panel and dataset. The root cause is a stored XSS condition in the panel/dataset that could be triggered by user input or data rendering, as documented by multiple sources. Th...

5.4CVSS5.2AI score0.00374EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/07/25 7:4 p.m.39 views

CVE-2023-37257 The DataEase panel and dataset have a stored XSS vulnerability

DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds...

5.4CVSS5.5AI score0.00374EPSS
Exploits1References2
CVE
CVE
added 2023/06/26 8:29 p.m.55 views

CVE-2023-34463

DataEase contains a vulnerability (CVE-2023-34463) where unauthorized users can delete an application. Affected product: DataEase, with fixes implemented in version 1.18.8. Public references in multiple sources confirm the issue and upgrade as the advised remediation. Impact details describe unau...

8.1CVSS8.2AI score0.00746EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/06/26 8:11 p.m.52 views

CVE-2023-35168

DataEase (open source data visualization tool) has a privilege bypass vulnerability in affected versions prior to 1.18.8, allowing ordinary users to access the user database and exfiltrate fields such as password MD5 hashes, usernames, emails, and phone numbers. The fixed version is 1.18.8; upgra...

6.5CVSS6.6AI score0.00714EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/06/01 4:15 p.m.26 views

Design/Logic Flaw

DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...

5.5CVSS7.9AI score0.01014EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2023/05/10 12:0 a.m.5 views

Intel Trace Analyzer And Collector 缓冲区错误漏洞

Intel Trace Analyzer And Collector is a trace analyzer and collector from Intel USA. It is used to analyze Mpi behavior in parallel applications. A security vulnerability exists in Intel Trace Analyzer And Collector versions prior to 2021.8.0 that stems from the presence of a stack-based buffer...

7.8CVSS7.8AI score0.00194EPSS
Exploits0References2
Rows per page
Query Builder