2567 matches found
CloudBrute - Awesome Cloud Enumerator
A tool to find a company target infrastructure, files, and apps on the top cloud providers Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode. The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here Motivation ...
SUSE CVE-2022-48726
In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...
AZL-48962 CVE-2024-36478 affecting package kernel for versions less than 6.6.57.1-1
In the Linux kernel, the following vulnerability has been resolved: nullblk: fix null-ptr-dereference while configuring 'power' and 'submitqueues' Writing 'power' and 'submitqueues' concurrently will trigger kernel panic: Test script: modprobe nullblk nrdevices=0 mkdir -p...
UBUNTU-CVE-2024-36478
In the Linux kernel, the following vulnerability has been resolved: nullblk: fix null-ptr-dereference while configuring 'power' and 'submitqueues' Writing 'power' and 'submitqueues' concurrently will trigger kernel panic: Test script: modprobe nullblk nrdevices=0 mkdir -p...
CVE-2024-36478 null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
In the Linux kernel, the following vulnerability has been resolved: nullblk: fix null-ptr-dereference while configuring 'power' and 'submitqueues' Writing 'power' and 'submitqueues' concurrently will trigger kernel panic: Test script: modprobe nullblk nrdevices=0 mkdir -p...
CVE-2024-36478 null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
In the Linux kernel, the following vulnerability has been resolved: nullblk: fix null-ptr-dereference while configuring 'power' and 'submitqueues' Writing 'power' and 'submitqueues' concurrently will trigger kernel panic: Test script: modprobe nullblk nrdevices=0 mkdir -p...
CVE-2024-36478
CVE-2024-36478 affects the Linux kernel null_blk driver. The issue is a NULL pointer dereference that occurs when power and submit_queues are configured concurrently, leading to a kernel panic via a race between del_gendisk and NR HW queue updates. The fixes consolidate protection by reusing a gl...
Denial Of Service (DoS)
io.undertow: undertow-core is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of URL-encoded request paths for concurrent requests on the ajp-listener, which can cause the wrong path to be processed, potentially leading to Denial Of Service DoS...
SUSE CVE-2024-38545
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xalock to protect the CQ...
DEBIAN-CVE-2024-6162
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...
UBUNTU-CVE-2024-6162
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...
CVE-2024-6162
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...
CVE-2022-48726
In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...
UBUNTU-CVE-2022-48726
In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...
CVE-2022-48726 RDMA/ucma: Protect mc during concurrent multicast leaves
In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...
CVE-2022-48726
CVE-2022-48726 affects the Linux kernel’s RDMA/ucma code path, specifically a use-after-free in ucma_cleanup_multicast and related flows (ucma_destroy_private_ctx, ucma_write) caused by touching a concurrently freed multicast structure during a multicast leaves operation. The description notes th...
CVE-2022-48726 RDMA/ucma: Protect mc during concurrent multicast leaves
In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...
CVE-2022-48726 RDMA/ucma: Protect mc during concurrent multicast leaves
In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...
CVE-2024-6162
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...
CVE-2021-47587
CVE-2021-47587 concerns Linux kernel net: systemport descriptor lifecycle. The vulnerability arises from a shared descriptor list across multiple TX queues where the existing per-queue locking fails to serialize writes to WRITE_PORT_{HI,LO}, allowing concurrent producers to corrupt descriptors. C...