Lucene search
K

8543 matches found

Cvelist
Cvelist
added 2024/05/01 12:48 p.m.22 views

CVE-2022-38386 IBM Cloud Pak for Security information disclosure

IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 2337...

5.9CVSS5.4AI score0.00465EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/05/01 6:15 a.m.39 views

CVE-2024-26933

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...

7.8CVSS6.3AI score0.00179EPSS
Exploits0References12
OSV
OSV
added 2024/05/01 6:15 a.m.7 views

UBUNTU-CVE-2024-26933

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...

7.8CVSS6.2AI score0.00179EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2024/05/01 5:17 a.m.39 views

CVE-2024-26934 USB: core: Fix deadlock in usb_deauthorize_interface()

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usbdeauthorizeinterface Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interfaceauthorizedstore function is the only one which acquires a device lock on an ancestor device: ...

7.1AI score0.0019EPSS
Exploits0References9
CVE
CVE
added 2024/05/01 5:17 a.m.294 views

CVE-2024-26934

CVE-2024-26934: Linux kernel USB core deadlock in usb_deauthorize_interface() when sysfs attribute callbacks hold a parent device lock. Affected: drivers/usb/core/sysfs.c (interface_authorized_store) acquiring parent device lock; fix uses sysfs_break_active_protection() to avoid waiting for the c...

7.8CVSS6.4AI score0.0019EPSS
Exploits0References12Affected Software1
Cvelist
Cvelist
added 2024/05/01 5:17 a.m.31 views

CVE-2024-26934 USB: core: Fix deadlock in usb_deauthorize_interface()

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usbdeauthorizeinterface Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interfaceauthorizedstore function is the only one which acquires a device lock on an ancestor device: ...

7.7AI score0.0019EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2024/05/01 5:17 a.m.13 views

CVE-2024-26933 USB: core: Fix deadlock in port "disable" sysfs attribute

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...

6.7AI score0.00179EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/05/01 5:17 a.m.21 views

CVE-2024-26933 USB: core: Fix deadlock in port "disable" sysfs attribute

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...

7.5AI score0.00179EPSS
Exploits0References5
CVE
CVE
added 2024/05/01 5:17 a.m.207 views

CVE-2024-26933

CVE-2024-26933 is described in connected advisories as a Linux kernel USB core fix: it resolves a deadlock in the port "disable" sysfs attribute handling. The show/store callbacks for the disable sysfs file in port.c acquire the hub’s device lock, while removing a hub (and potentially changing it...

7.8CVSS7.2AI score0.00179EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/05/01 5:17 a.m.15 views

CVE-2024-26933 USB: core: Fix deadlock in port "disable" sysfs attribute

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...

7.8CVSS6.2AI score0.00179EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/05/01 12:0 a.m.4 views

IBM Cloud Pak for Security 和 IBM QRadar Suite 安全漏洞

IBM Cloud Pak for Security and IBM QRadar Suite are both products of International Business Machines IBM, U.S.A. IBM Cloud Pak for Security is a software application. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automate...

5.9CVSS6.2AI score0.00465EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/01 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a security hole in the sysfs attribute of port disable...

7.8CVSS6.7AI score0.00179EPSS
Exploits0References7
RubySec
RubySec
added 2024/05/01 12:0 a.m.11 views

Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values

There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browser are...

7.1CVSS5.8AI score0.00713EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/30 10:25 p.m.18 views

CVE-2024-32970 Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities...

7.1CVSS6.7AI score0.00713EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/04/30 10:25 p.m.15 views

CVE-2024-32970 Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities...

7.1CVSS5.4AI score0.00713EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/30 10:28 a.m.8 views

frr: crafted BGP UPDATE message leading to a crash

A flaw was found in FRRouting. A crash can occur for a crafted BGP UPDATE message without mandatory attributes for example, one with only an unknown transit attribute...

5.9CVSS5.7AI score0.00785EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/04/30 10:4 a.m.10 views

CVE-2024-22405 XADMaster may not apply quarantine attribute correctly to extracted files

XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This...

5.5CVSS5.3AI score0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/30 10:4 a.m.22 views

CVE-2024-22405 XADMaster may not apply quarantine attribute correctly to extracted files

XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This...

5.5CVSS5.5AI score0.00196EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.5 views

kernel: vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check

An out-of-bounds read vulnerability was found in the Linux kernel's vDPA virtio Data Path Acceleration netlink interface. The vdpanlpolicy structure was missing the nlapolicy entry for the queue index attribute. Without proper validation, parsing netlink messages with this attribute could result ...

6.4AI score0.00155EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.2 views

kernel: Linux kernel (ext4): Denial of Service due to inode leak via failed extended attribute creation

A flaw was found in the Linux kernel's ext4 filesystem. A local user can exploit this vulnerability by performing a setxattr operation with an injected fault, specifically when ext4markinodedirty fails within the ext4xattrinodecreate function. This can lead to an inode leak, resulting in filesyst...

5.8AI score0.00211EPSS
Exploits0References5
Rows per page
Query Builder