Lucene search
K

6052 matches found

RedHat Linux
RedHat Linux
added 2025/05/13 8:28 a.m.6 views

kernel: uprobes: fix kernel info leak via "[uprobes]" vma

In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "uprobes" vma xoladdvma maps the uninitialized page allocated by createxolarea into userspace. On some architectures x86 this memory is readable even without VMREAD, VMEXEC results in the same...

5.5CVSS6.4AI score0.00249EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/13 8:28 a.m.4 views

kernel: net: inet: do not leave a dangling sk pointer in inet_create()

In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inetcreate sockinitdata attaches the allocated sk object to the provided sock object. If inetcreate fails later, the sk object is freed, but the sock object retains the dangling...

7.8CVSS6.8AI score0.00236EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.4 views

Siemens APOGEE PXC+TALON TC Series 安全漏洞

Siemens APOGEE PXC+TALON TC Series is a series of core controllers for building automation systems from Siemens Germany. A denial of service vulnerability exists in the Siemens APOGEE PXC+TALON TC Series, which can be exploited by an attacker to cause a denial of service due to an unsolicited...

5.3CVSS6.6AI score0.00179EPSS
Exploits0References1
OSV
OSV
added 2025/05/09 7:16 a.m.1 views

DEBIAN-CVE-2025-37852

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpucgscreatedevice errors in amdpowerplaycreate Add error handling to propagate amdgpucgscreatedevice failures to the caller. When amdgpucgscreatedevice fails, release hwmgr and return -ENOMEM to prevent nul...

5.5CVSS5.6AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2025/05/09 7:16 a.m.1 views

UBUNTU-CVE-2025-37852

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpucgscreatedevice errors in amdpowerplaycreate Add error handling to propagate amdgpucgscreatedevice failures to the caller. When amdgpucgscreatedevice fails, release hwmgr and return -ENOMEM to prevent nul...

5.5CVSS6.2AI score0.00221EPSS
Exploits0References28
RedhatCVE
RedhatCVE
added 2025/05/08 1:19 p.m.15 views

CVE-2025-40623

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘Sender’ and...

9.8CVSS7.3AI score0.00361EPSS
Exploits0References3
OSV
OSV
added 2025/05/07 3:27 p.m.1 views

GHSA-76VF-MPMX-777J Graylog Allows Session Takeover via Insufficient HTML Sanitization

Impact It is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with permissions to create event definitions, while the user must have permissions to view alerts...

8CVSS5.9AI score0.00229EPSS
Exploits0References3
Snyk
Snyk
added 2025/05/07 3:27 p.m.1 views

Cross-site Scripting (XSS)

Overview org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the plugins and API Browser. An attacker with the FILESCREATE permission can upload and execute arbitrary Javascript, leading to unauthorized action...

8.7CVSS5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/07 4:49 a.m.3 views

Malicious code in create-krnl-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 211459e94c3ff6a3713ee7a8327fdef67b1eaac62530f22c658dad263fa901db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/05/07 4:49 a.m.7 views

MAL-2025-3680 Malicious code in create-krnl-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 211459e94c3ff6a3713ee7a8327fdef67b1eaac62530f22c658dad263fa901db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.6 views

Configure Audit Rules for File Access Failures

System calls, such as open, truncate, ftruncate, create and openat, are audited and monitored. If the -EACCES or -EPERM error is returned, you lack the permission to access the files. In this case, audit logs need to be recorded. File access failures due to a lack of proper permissions are common...

6.8AI score
Exploits0References2
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.3 views

Tcman Gim SQL注入漏洞

Tcman Gim is a facility management software from the Spanish company Tcman designed for use on mobile devices. A SQL injection vulnerability exists in Tcman Gim version v11, which stems from an SQL injection in the createNotificationAndroid endpoint Sender and email parameters...

9.8CVSS7.8AI score0.00361EPSS
Exploits0References1
OSV
OSV
added 2025/05/01 3:16 p.m.7 views

UBUNTU-CVE-2022-49811

In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbdcreatedevice The drbddestroyconnection frees the "connection" so use the safe iterator to prevent a use after free...

7.8CVSS6.2AI score0.00194EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.4 views

PT-2025-18522 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential null pointer dereference issue has been identified in the Linux kernel, specifically in the lan966x stats init function. This function calls create singlethread workqueue...

5.1AI score0.0014EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.3 views

PT-2025-18528 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free issue has been identified in the drbd create device function. The drbd destroy connection function frees the connection, and to prevent this issue, the safe iterator...

5.1AI score0.00194EPSS
Exploits0References16
Oracle linux
Oracle linux
added 2025/04/29 12:0 a.m.15 views

glibc security update

2.28-251.0.3.16 - Forward port of Oracle patches Reviewed-by: Elena Zannoni Oracle history: March-26-2025 Cupertino Miranda - 2.28-251.0.3.14 - OraBug: 36625686 Add MTE support on string functions Reviewed-by: Jose E. Marchesi March-17-2025 Cupertino Miranda - 2.28-251.0.2.14 - Forward port of...

7.5CVSS7AI score0.00349EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/26 4:46 a.m.33 views

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

5.4CVSS5.5AI score0.00274EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/26 1:19 a.m.27 views

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

5.3CVSS5.2AI score0.00379EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/24 12:0 a.m.2 views

PLANET UNI-NMS-Lite 信任管理问题漏洞

Planet UNI-NMS-Lite is a universal network management system from PLANET China that monitors all deployed wired or wireless PoE industrial grade network devices. Planet UNI-NMS-Lite is vulnerable to a trust management issue that can be exploited by an attacker to submit a special request that can...

9.8CVSS6.8AI score0.00468EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/04/23 2:38 a.m.5 views

SUSE CVE-2025-22115

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block group refcount race in btrfscreatependingblockgroups Block group creation is done in two phases, which results in a slightly unintuitive property: a block group can be allocated/deallocated from after...

7CVSS7.5AI score0.00115EPSS
Exploits0References52
Rows per page
Query Builder