Lucene search
K

13693 matches found

Redos
Redos
added 2024/09/19 12:0 a.m.69 views

ROS-20240919-02

Vulnerability of the reweightentity function of the sched component of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to impact confidentiality, integrity, and availability. A...

7.8CVSS7.2AI score0.00248EPSS
Exploits0
OSV
OSV
added 2024/09/18 2:26 p.m.14 views

GHSA-R95W-889Q-X2GX org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions

Impact It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1...

7.1CVSS6.3AI score0.00519EPSS
Exploits1References8
OSV
OSV
added 2024/09/18 8:15 a.m.1 views

DEBIAN-CVE-2024-46754

In the Linux kernel, the following vulnerability has been resolved: bpf: Remove tstrun from lwtseg6localprogops. The syzbot reported that the lwtseg6 related BPF ops can be invoked via bpftestrun without without entering inputactionendbpf first. Martin KaFai Lau said that self test for...

5.5CVSS5.5AI score0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/18 7:12 a.m.24 views

CVE-2024-46800 sch/netem: fix use after free in netem_dequeue

In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netemdequeue If netemdequeue enqueues packet to inner qdisc and that qdisc returns NETXMITSTOLEN. The packet is dropped but qdisctreereducebacklog is not called to update the parent's q.qlen,...

0.00268EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/09/18 7:12 a.m.33 views

CVE-2024-46800 sch/netem: fix use after free in netem_dequeue

In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netemdequeue If netemdequeue enqueues packet to inner qdisc and that qdisc returns NETXMITSTOLEN. The packet is dropped but qdisctreereducebacklog is not called to update the parent's q.qlen,...

7AI score0.00268EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/09/18 7:12 a.m.18 views

CVE-2024-46787 userfaultfd: fix checks for huge PMDs

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmdtranshuge check", v2. The pmdtranshuge code in mfillatomic is wrong in three different ways depending on kernel version: 1. The pmdtranshuge che...

6.7AI score0.00198EPSS
Exploits0References3
OSV
OSV
added 2024/09/13 6:31 p.m.10 views

GHSA-9JMP-J63G-8X6M Withdrawn Advisory: Lunary information disclosure vulnerability

Withdrawn Advisory This advisory has been withdrawn because the lunary npm package is connected to https://github.com/lunary-ai/lunary-js, not the https://github.com/lunary-ai/lunary repo that is discussed in this advisory. The underlying vulnerability report is still valid, but it doesn't affect...

5.3CVSS5.1AI score0.00425EPSS
Exploits1References3
NVD
NVD
added 2024/09/13 7:15 a.m.24 views

CVE-2024-46703

In the Linux kernel, the following vulnerability has been resolved: Revert "serial: 8250omap: Set the console genpd always on if no console suspend" This reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940. Kevin reported that this causes a crash during suspend on platforms that dont use PM...

5.5CVSS0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/13 5:29 a.m.13 views

CVE-2024-46693 soc: qcom: pmic_glink: Fix race during initialization

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmicglink: Fix race during initialization As pointed out by Stephen Boyd it is possible that during initialization of the pmicglink child drivers, the protection-domain notifiers fires, and the associated work is...

0.00209EPSS
Exploits0References3
OSV
OSV
added 2024/09/12 5:15 p.m.2 views

UBUNTU-CVE-2024-6389

An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions...

4.3CVSS5.8AI score0.00434EPSS
Exploits0References4
OSV
OSV
added 2024/09/12 4:56 p.m.11 views

CVE-2024-6389 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab

An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions...

4.3CVSS6.2AI score0.00434EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2024/09/12 4:56 p.m.13 views

CVE-2024-6389

Removed by vendor...

4.3CVSS5.8AI score0.00434EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/12 12:0 a.m.3 views

PT-2024-37586 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab-CE/EE versions 17.0 through 17.1.7 GitLab-CE/EE versions 17.2 through 17.2.5 GitLab-CE/EE versions 17.3 through 17.3.2 Description: An issue was discovered in GitLab-CE/EE where an attacker, as a guest user, was able to access commit...

4.3CVSS6.7AI score0.00434EPSS
Exploits0References14
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.5 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE versions prior to 17.0 to...

4.3CVSS6.6AI score0.00434EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/09/11 4:15 p.m.5 views

CVE-2024-45017

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...

5.5CVSS6AI score0.00183EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2024/09/11 7:0 a.m.6 views

ext4: fix infinite loop when replaying fast_commit

...

5.5CVSS6.6AI score0.00231EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/09/11 1:10 a.m.5 views

kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"

A vulnerability was found in the wbdirtylimits function in the Linux kernel, where a removed u64 cast in the dtc-wbthresh dtc-bgthresh operation can result in multiplication overflow on 32-bit architectures. This issue could lead to memory corruption or performance issues...

4.7CVSS7.2AI score0.00256EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/09/11 12:0 a.m.12 views

CVE-2024-8096

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error tha...

6.5CVSS6.8AI score0.00729EPSS
Exploits1References4
OSV
OSV
added 2024/09/10 7:43 a.m.22 views

SUSE-SU-2024:3186-1 Security update for buildah

This update for buildah fixes the following issues: Update to version 1.35.4: CVE-2024-3727 updates bsc1224117 Bump go-jose CVE-2024-28180 Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3: correctly configure /etc/hosts and resolv.conf buildah: refactor resolv/hosts setup. rename...

8.6CVSS7.6AI score0.01956EPSS
Exploits0References8
CVE
CVE
added 2024/09/06 12:53 p.m.99 views

CVE-2024-45040

CVE-2024-45040 affects gnark’s Groth16 proofs that use commitments to private witnesses. The issue breaks zero-knowledge properties when commitments are used with Groth16 (PLONK is not affected). Attacks could enumerate possible witness values if small, compromising privacy; completeness and soun...

5.9CVSS5.5AI score0.00427EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder