Lucene search
K

66 matches found

Vulnrichment
Vulnrichment
added 2023/04/21 2:51 p.m.9 views

CVE-2023-1998 Spectre v2 SMT mitigations problem in Linux kernel

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

5.6CVSS6.7AI score0.01377EPSS
Exploits3References5
0day.today
0day.today
added 2023/04/20 12:0 a.m.293 views

Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit

Exploit Title: Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit Author: nu11secur1ty CVE ID: CVE-2023-1998 Description Summary The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as...

5.6CVSS6.7AI score0.01377EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2023/04/18 1:45 a.m.3 views

SUSE CVE-2023-1998

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

5.6CVSS7.2AI score0.01377EPSS
Exploits3References28
OpenVAS
OpenVAS
added 2023/04/18 12:0 a.m.36 views

Missing Linux Kernel mitigations for 'Cross-Thread Return Address Predictions' hardware vulnerability (AMD-SB-1045)

The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

4.7CVSS6.8AI score0.00289EPSS
Exploits0References2
OSV
OSV
added 2023/04/13 12:0 a.m.1 views

UBUNTU-CVE-2023-1998

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

5.6CVSS6.7AI score0.01377EPSS
Exploits3References16
ATTACKERKB
ATTACKERKB
added 2023/03/30 8:15 p.m.2 views

CVE-2023-27537

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

5.9CVSS6.6AI score0.01856EPSS
Exploits1References4
OSV
OSV
added 2023/03/30 8:15 p.m.0 views

DEBIAN-CVE-2023-27537

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

5.9CVSS6.5AI score0.01856EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/03/22 12:0 a.m.68 views

Amazon Linux 2 : kernel, --advisory ALAS2-2023-1987 (ALAS-2023-1987)

The version of kernel installed on the remote host is prior to 4.14.309-231.529. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1987 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindexsetparms...

7.8CVSS6.1AI score0.01377EPSS
Exploits4References89
Tenable Nessus
Tenable Nessus
added 2023/03/22 12:0 a.m.36 views

Amazon Linux AMI : kernel (ALAS-2023-1701)

The version of kernel installed on the remote host is prior to 4.14.309-159.529. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1701 advisory. Detected a few exploitable gadgets that could leak secret memory through a side-channel such as MDS as well as...

7.8CVSS6.5AI score0.01377EPSS
Exploits4References22
OSV
OSV
added 2022/12/22 8:15 p.m.1 views

DEBIAN-CVE-2022-1097

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

6.5CVSS7.1AI score0.00917EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2022/11/21 12:43 p.m.6 views

Mozilla: Use-after-free in InputStream implementation

The Mozilla Foundation Security Advisory describes this flaw as: Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash...

6.5CVSS7.5AI score0.00639EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2022/08/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-1097

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

6.5CVSS6.9AI score0.00917EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2022/04/11 2:55 p.m.3 views

Mozilla: Use-after-free in NSSToken objects

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...

6.5CVSS7.3AI score0.00917EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/04/11 2:18 p.m.4 views

Mozilla: Use-after-free in NSSToken objects

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...

6.5CVSS7.3AI score0.00917EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/04/11 1:52 p.m.4 views

Mozilla: Use-after-free in NSSToken objects

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...

6.5CVSS7.3AI score0.00917EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/04/08 3:21 p.m.9 views

Mozilla: Use-after-free in NSSToken objects

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...

6.5CVSS7.3AI score0.00917EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/04/08 2:48 p.m.3 views

Mozilla: Use-after-free in NSSToken objects

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...

6.5CVSS7.3AI score0.00917EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/04/08 2:40 p.m.4 views

Mozilla: Use-after-free in NSSToken objects

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...

6.5CVSS7.3AI score0.00917EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.4 views

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a resource management error vulnerability that stems from the fact that HTTP2 session objects may be reused when released on a different thread, leading to memory corruptio...

8.8CVSS8.1AI score0.0111EPSS
Exploits0References15
OSV
OSV
added 2021/04/14 7:15 a.m.7 views

DEBIAN-CVE-2017-20004

In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions...

5.9CVSS5.9AI score0.00799EPSS
Exploits0References1
Rows per page
Query Builder