Lucene search
K

57 matches found

SUSE Linux
SUSE Linux
added 2025/05/07 7:36 p.m.1 views

Security update for apparmor

This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...

5.7CVSS6.5AI score0.00265EPSS
Exploits0References4
OSV
OSV
added 2025/03/27 5:15 p.m.1 views

UBUNTU-CVE-2023-52988

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in addsecretdacpath sndhdagetconnections can return a negative error code. It may lead to accessing 'conn' array at a negative index. Found by Linux Verification Center...

7.8CVSS6.2AI score0.00261EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ALSA hda/via component potentially accessing negatively indexed arrays in the addsecretdacpath function...

7.8CVSS6.1AI score0.00261EPSS
Exploits0References9
Microsoft KB
Microsoft KB
added 2025/03/11 7:0 a.m.370 views

February 11, 2025—KB5052000 (OS Build 17763.6893) - EXPIRED

February 11, 2025—KB5052000 OS Build 17763.6893 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. 11/17/20 For...

8.8CVSS7.1AI score0.23168EPSS
Exploits2
Microsoft KB
Microsoft KB
added 2025/02/11 8:0 a.m.26 views

February 11, 2025—KB5052072 (Security-only update)

February 11, 2025—KB5052072 Security-only update End of support information Windows Server 2008 Premium Assurance ends on January 13, 2026.Windows Server 2008 SP2 Extended Security Updates ESU ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on Januar...

8.8CVSS6.9AI score0.08932EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/05/01 6:15 a.m.26 views

CVE-2024-27008

In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource dcb-or value is assigned in fabricatedcboutput, there may be out of bounds access to dacusers array in case dcb-or is zero because ffsdcb-or is used as index there. The 'or...

7.8CVSS6.3AI score0.00293EPSS
Exploits0References24
CVE
CVE
added 2024/05/01 5:29 a.m.5963 views

CVE-2024-27008

CVE-2024-27008 is confirmed in the connected MiracleLinux advisories as a Linux kernel vulnerability affecting the drm nv04 driver. Description: when Output Resource (dcb->or) is assigned in fabricate_dcb_output(), there can be an out-of-bounds access to the dac_users array if dcb->or is ze...

7.8CVSS6.2AI score0.00293EPSS
Exploits0References13Affected Software1
vulnersOsv
vulnersOsv
added 2024/01/26 12:0 p.m.8 views

carpo (>=0.1.2 <=0.1.3), chimper (>=0.1.2 <=0.2.1) +7 more potentially affected by unknown CVE via conrod (>=0.51.1 <=0.61.1)

conrod CARGO version =0.51.1, =0.1.2, =0.1.2, =0.1.0, =1.0.0, =0.1.0, =0.2.0, =1.0.0, =0.1.0, =0.1.4 - turbine =0.0.2 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0397...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.8 views

kernel: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()

A vulnerability was found in the Linux kernel's ALSA subsystem in the addsecretdacpath function, where improper array handling can lead to out-of-bounds access. This occurs if the return value of the call to sndhdagetconnections returns an error code a negative number, which is stored in the...

7.8CVSS6.7AI score0.00261EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.3 views

SUSE CVE-2010-0728

smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAPDACOVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client...

8.5CVSS6.9AI score0.03845EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.6 views

SUSE CVE-2016-10907

An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755parsedt...

7.8CVSS9.1AI score0.00402EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/06/14 12:0 a.m.25 views

Debian: Security Advisory (DSA-5161-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7AI score0.02972EPSS
Exploits7References4
OSV
OSV
added 2022/01/13 4:15 p.m.1 views

DEBIAN-CVE-2022-23132

During Zabbix installation from RPM, DACOVERRIDE SELinux capability is in use to access PID files in /var/run/zabbix folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level...

7.3CVSS6.3AI score0.00796EPSS
Exploits0References1
OSV
OSV
added 2022/01/13 4:15 p.m.2 views

UBUNTU-CVE-2022-23132

During Zabbix installation from RPM, DACOVERRIDE SELinux capability is in use to access PID files in /var/run/zabbix folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level...

7.3CVSS7.3AI score0.00796EPSS
Exploits0References2
OSV
OSV
added 2021/07/30 2:15 p.m.19 views

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

6.5CVSS6.9AI score
Exploits0References5
NVD
NVD
added 2021/07/30 2:15 p.m.25 views

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

6.5CVSS0.00819EPSS
Exploits0References5
Prion
Prion
added 2021/07/30 2:15 p.m.17 views

Design/Logic Flaw

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

4CVSS6.5AI score0.00819EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2021/07/29 12:0 a.m.3 views

Charm 加密问题漏洞

Charm is Charm is a framework for rapidly prototyping advanced cryptosystems. A cryptographic issue vulnerability exists in Charm version 0.43. Using this vulnerability any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

6.5CVSS6.5AI score0.00819EPSS
Exploits0References6
Cvelist
Cvelist
added 2021/07/27 10:6 p.m.24 views

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

6.7AI score0.00819EPSS
Exploits0References5
CVE
CVE
added 2021/07/27 10:6 p.m.56 views

CVE-2021-37587

Charm 0.43 contains a cryptographic weakness where any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. The vulnerability is documented across multiple sources (NVD, OSV, CNVD/CNNVD and CVE listings). Exploitation status is not detailed in the provided fragments; no patch/version remediation...

6.5CVSS6.5AI score0.00819EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder