Lucene search
K

2566 matches found

CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

Karma 安全漏洞

Karma is a simple tool. Allows execution of JavaScript code in multiple real browsers. A security vulnerability exists in Karma versions prior to 0.17.4.1, which stems from the fact that sending multiple post requests at the same time will bypass the cooldown validation...

6.3CVSS7AI score0.00765EPSS
Exploits0References5
CVE
CVE
added 2024/05/10 3:57 p.m.54 views

CVE-2024-34695

Affected software: WOWS Karma reputation system for World of Warships. Root cause / vector: A user can click the"create" button multiple times on the post-creation prompt before the modal closes, causing several API requests to be sent in parallel. This timing flaw allows bypassing the cooldown v...

6.3CVSS6.1AI score0.00765EPSS
Exploits0References3
OSV
OSV
added 2024/05/07 12:15 a.m.4 views

CVE-2024-2913

A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user...

6.5CVSS6.3AI score
Exploits0References1
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.3 views

AnythingLLM 安全漏洞

AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from the fact that an attacker can accept a single user invitation by sending multiple concurrent requests, thereby allowing the creation of multiple user accounts from a...

6.5CVSS6.5AI score0.00325EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/05/07 12:0 a.m.15 views

openSUSE Security Advisory (SUSE-SU-2024:1447-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS5.8AI score0.00878EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/06 11:42 p.m.20 views

CVE-2024-2913 Race Condition Vulnerability in mintplex-labs/anything-llm

A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user...

6.5CVSS6.8AI score0.00325EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/05/06 1:32 a.m.4 views

kernel: GSM multiplexing race condition leads to privilege escalation

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting th...

7CVSS6.9AI score0.00767EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2024/05/03 2:9 a.m.1 views

SUSE CVE-2024-27030

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Use separate handlers for interrupts For PF to AF interrupt vector and VF to AF vector same interrupt handler is registered which is causing race condition. When two interrupts are raised to two CPUs at same time th...

6.3CVSS6.5AI score0.00203EPSS
Exploits0References16
OSV
OSV
added 2024/05/01 6:15 a.m.2 views

AZL-42214 CVE-2024-27019 affecting package kernel for versions less than 5.15.158.1-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix potential data-race in nftobjtypeget nftunregisterobj can concurrent with nftobjtypeget, and there is not any protection when iterate over nftablesobjects list in nftobjtypeget. Therefore, there is...

4.7CVSS6.7AI score0.00199EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/05/01 6:15 a.m.20 views

CVE-2024-26962

In the Linux kernel, the following vulnerability has been resolved: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape For raid456, if reshape is still in progress, then IO across reshape position will wait for reshape to make progress. However, for dm-raid, in...

5.5CVSS6.4AI score0.00174EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/05/01 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a deadlock in dm-raid456 when io is concurrent with reshape...

5.5CVSS6.5AI score0.00174EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.7 views

kernel: GSM multiplexing race condition leads to privilege escalation

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting th...

7CVSS6.9AI score0.00767EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.4 views

kernel: RDMA/srpt: Add a check for valid 'mad_agent' pointer

A flaw was addressed in the Linux kernel’s RDMA SRPT SCSI RDMA Protocol Target subsystem. When unregistering a MAD Management Datagram agent, the SRPT module previously performed a non-NULL check on the madagent pointer before invoking ibunregistermadagent. Under rare timing...

6AI score0.00176EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.2 views

kernel: RDMA/irdma: Fix data race on CQP completion stats

The Linux kernel contains a race condition vulnerability in its RDMA/irdma subsystem, where completion queue pair CQP completion statistics are read concurrently without adequate synchronization while being updated on another CPU. Under certain workloads, a lack of atomic operations and improper...

5.8AI score0.00168EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.3 views

kernel: net: fix possible store tearing in neigh_periodic_work()

A flaw was found in the Linux kernel that allows for potential store tearing within the neighperiodicwork function, meaning a write operation on a value is not protected properly and could result in inconsistencies if another process or thread reads from that value before the operation is complet...

5.5CVSS6.8AI score0.0023EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.2 views

kernel: iommufd: IOMMUFD_DESTROY should not increase the refcount

A race condition was identified in the iommufd subsystem of the Linux kernel where the IOMMUFDDESTROY command incorrectly increments an object’s reference count without holding the expected exclusive synchronization destroyrwsem. This violates the assumption that temporary reference count...

7.3AI score0.00155EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.5 views

kernel: scsi: target: Fix multiple LUN_RESET handling

A race condition flaw was found in the Linux kernel SCSI target subsystem's LUNRESET handling. When multiple remote initiator sessions send concurrent LUNRESET commands, one session's reset can incorrectly drain commands from another session, causing the second session to receive a successful res...

4.7CVSS7.3AI score0.00147EPSS
Exploits0References5
NVD
NVD
added 2024/04/16 10:15 p.m.25 views

CVE-2024-21089

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite component: Request Submission and Scheduling. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

6.5CVSS6.5AI score0.00509EPSS
Exploits0References1
OSV
OSV
added 2024/04/16 10:15 p.m.6 views

CVE-2024-21089

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite component: Request Submission and Scheduling. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

6.5CVSS7.1AI score0.00509EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/16 12:0 a.m.3 views

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Concurrent...

6.5CVSS7.3AI score0.00509EPSS
Exploits0References2
Rows per page
Query Builder