CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2321 matches found

NVD•added 2024/11/20 6:15 p.m.•11 views

CVE-2018-9487

In setVpnForcedLocked of Vpn.java, there is a possible blocking of internet traffic through vpn due to a bad uid check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation...

6.5CVSS0.00073EPSS

Exploits0References1

BDU FSTEC•added 2024/11/20 12:0 a.m.•1 views

The vulnerability of Linux operating system’s DRM/AMDGPU cores allows a hacker to trigger a service failure.

The vulnerability of the DRM/AMDGPU cores of the Linux operating system is related to incorrect blocking of resources in the amdgpudebugfsmqdread function. Exploiting this vulnerability can allow a hacker to cause service failures...

5.5CVSS6.7AI score0.00014EPSS

Exploits0References18Affected Software4

OSV•added 2024/11/19 5:19 p.m.•14 views

CVE-2024-53052 io_uring/rw: fix missing NOWAIT check for O_DIRECT start write

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: fix missing NOWAIT check for ODIRECT start write When iouring starts a write, it'll call kiocbstartwrite to bump the super block rwsem, preventing any freezes from happening while that write is in-flight. The freeze...

4.4CVSS5.9AI score0.00007EPSS

Exploits0References11

Cvelist•added 2024/11/19 5:19 p.m.•23 views

CVE-2024-53052 io_uring/rw: fix missing NOWAIT check for O_DIRECT start write

0.00007EPSS

Exploits0References6

BDU FSTEC•added 2024/11/18 12:0 a.m.•1 views

The vulnerability of the DRM/Radeon kernel components in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the DRM/Radeon kernel components in the Linux operating system is related to improper blocking of resources in the radeonsuspendkms function. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.2AI score0.00008EPSS

Exploits0References20Affected Software4

OSV•added 2024/11/15 12:20 p.m.•3 views

OESA-2024-2419 undertow security update

Java web server using non-blocking IO Security Fixes: A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.CVE-2023-19...

7.5CVSS6.7AI score0.00727EPSS

Exploits0References2

CNNVD•added 2024/11/15 12:0 a.m.•2 views

phpIPAM 安全漏洞

phpIPAM is the phpIPAM open source set of open source PHP and MySQL based IP address management applications IPAM. A security vulnerability exists in phpIPAM version 1.5.1. An attacker can use this vulnerability to bypass the IP blocking mechanism and brute-force break a user's password via the...

5.9CVSS5.5AI score0.00026EPSS

Exploits1References2

BDU FSTEC•added 2024/11/13 12:0 a.m.•1 views

The vulnerability of the NFS kernel component in Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the NFS kernel component in Linux operating systems is related to incorrect blocking in the nfsnetfsissueread function. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00032EPSS

Exploits0References21Affected Software4

BDU FSTEC•added 2024/11/13 12:0 a.m.•1 views

Vulnerability of Linux operating system’s kernel components related to memory failures, allowing attackers to cause service interruptions

The vulnerability of Linux operating system’s kernel’s mm/memory-failure components is related to incorrect blocking in the pagehandlepoison function. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00018EPSS

Exploits0References24Affected Software7

BDU FSTEC•added 2024/11/13 12:0 a.m.•1 views

The vulnerability of the ice component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the ice component in the Linux operating system’s kernel is related to incorrect blocking in the iceschedulereset function. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS5.9AI score0.00004EPSS

Exploits0References13Affected Software4

RedHat Linux•added 2024/11/12 9:11 a.m.•3 views

kernel: aio: fix use-after-free due to missing POLLFREE handling

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfdpoll and binderpoll are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is okay f...

7.8CVSS6.8AI score0.00026EPSS

Exploits0References5

Fedora•added 2024/11/11 5:9 a.m.•16 views

[SECURITY] Fedora 40 Update: squid-6.12-2.fc40

Squid is a high-performance proxy caching server for Web clients, supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups...

7.5CVSS7.4AI score0.00922EPSS

Exploits0

Fedora•added 2024/11/11 1:45 a.m.•14 views

[SECURITY] Fedora 39 Update: squid-6.12-2.fc39

7.5CVSS7.4AI score0.00922EPSS

Exploits0

Pen Test Partners Blog•added 2024/11/08 6:17 a.m.•17 views

BEC-ware the Phish (part 2): Respond and Remediate Incidents in M365

TL;DR Ensure you can reliably take initial containment actions such as disabling accounts, resetting passwords, and revoking tokens. Token binding ensures that a token only works on the specific device the token was issued and is currently the best protection against token theft. As a minimum...

7.3AI score

Exploits0

BDU FSTEC•added 2024/11/08 12:0 a.m.•1 views

The vulnerability of the mptcp component in Linux kernel, which allows a hacker to cause a service failure

The vulnerability of the mptcp component in Linux operating systems is related to improper blocking in the mptcpretransmitpendingdata function. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00072EPSS

Exploits0References28Affected Software6

BDU FSTEC•added 2024/11/08 12:0 a.m.•3 views

The vulnerability of the ext4 kernel component in the Linux operating system, which allows a hacker to cause a service failure

The vulnerability of the ext4 kernel component of the Linux operating system is related to incorrect blocking in the ext4mbtrybestfound function. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00014EPSS

Exploits0References36Affected Software6

RedhatCVE•added 2024/11/07 5:3 p.m.•9 views

CVE-2024-50155

In the Linux kernel, the following vulnerability has been resolved: netdevsim: use condresched in nsimdevtrapreportwork I am still seeing many syzbot reports hinting that syzbot might fool nsimdevtrapreportwork with hundreds of ports 1 Lets use condresched, and systemunboundwq instead of implicit...

5.5CVSS6.9AI score0.00024EPSS

Exploits0References4

SUSE CVE•added 2024/11/06 3:56 a.m.•2 views

SUSE CVE-2024-39721

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely even after the HTTP request is aborted...

7.5CVSS6.9AI score0.00213EPSS

Exploits1References3