Lucene search
K

4721 matches found

SUSE CVE
SUSE CVE
added 2024/12/30 3:48 a.m.4 views

SUSE CVE-2024-56721

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Terminate the erratum1386microcode array The erratum1386microcode array requires an empty entry at the end. Otherwise x86matchcpuwithstepping will continue iterate the array after it ended. Add an empty entry to...

6.1CVSS7.7AI score0.00225EPSS
Exploits0References6
NVD
NVD
added 2024/12/29 12:15 p.m.8 views

CVE-2024-56721

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Terminate the erratum1386microcode array The erratum1386microcode array requires an empty entry at the end. Otherwise x86matchcpuwithstepping will continue iterate the array after it ended. Add an empty entry to...

7.1CVSS0.00225EPSS
Exploits0References3
OSV
OSV
added 2024/12/29 12:15 p.m.3 views

DEBIAN-CVE-2024-56721

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Terminate the erratum1386microcode array The erratum1386microcode array requires an empty entry at the end. Otherwise x86matchcpuwithstepping will continue iterate the array after it ended. Add an empty entry to...

7.1CVSS5.6AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2024/12/29 12:15 p.m.3 views

UBUNTU-CVE-2024-56721

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Terminate the erratum1386microcode array The erratum1386microcode array requires an empty entry at the end. Otherwise x86matchcpuwithstepping will continue iterate the array after it ended. Add an empty entry to...

7.1CVSS6.2AI score0.00225EPSS
Exploits0References32
CVE
CVE
added 2024/12/29 11:29 a.m.130 views

CVE-2024-56721

CVE-2024-56721 affects the Linux kernel x86/CPU/AMD handling of the erratum_1386_microcode array. The issue occurs because the array requires an empty entry at the end; without it, x86_match_cpu_with_stepping() may continue iterating past the end. The fix is to add an empty entry to the end of er...

7.1CVSS6.5AI score0.00225EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/29 11:29 a.m.1 views

CVE-2024-56721 x86/CPU/AMD: Terminate the erratum_1386_microcode array

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Terminate the erratum1386microcode array The erratum1386microcode array requires an empty entry at the end. Otherwise x86matchcpuwithstepping will continue iterate the array after it ended. Add an empty entry to...

7.5AI score0.00225EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/12/28 3:51 a.m.5 views

SUSE CVE-2024-53147

In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster size, if startclu becomes an EOF clusteran invalid cluster due to file system corruption, then the...

6.3CVSS7.7AI score0.00203EPSS
Exploits0References14
NVD
NVD
added 2024/12/27 2:15 p.m.9 views

CVE-2024-53211

In the Linux kernel, the following vulnerability has been resolved: net/l2tp: fix warning in l2tpexitnet found by syzbot In l2tp's net exit handler, we check that an IDR is empty before destroying it: WARNONONCE!idrisempty&pn-l2tptunnelidr; idrdestroy&pn-l2tptunnelidr; By forcing memory allocatio...

5.5CVSS0.00182EPSS
Exploits0References2
OSV
OSV
added 2024/12/27 2:15 p.m.2 views

DEBIAN-CVE-2024-53211

In the Linux kernel, the following vulnerability has been resolved: net/l2tp: fix warning in l2tpexitnet found by syzbot In l2tp's net exit handler, we check that an IDR is empty before destroying it: WARNONONCE!idrisempty&pn-l2tptunnelidr; idrdestroy&pn-l2tptunnelidr; By forcing memory allocatio...

5.5CVSS5.6AI score0.00182EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/24 12:0 a.m.5 views

PT-2024-29615 · Nvr · Nvr

Name of the Vulnerable Software and Affected Versions: NVR affected versions not specified Description: A flaw has been found that allows for remote code execution on the NVR. If an attacker does not enter any value for a specific URL parameter, NULL pointer references will occur, causing the NVR...

6.9CVSS7.3AI score0.0078EPSS
Exploits0References5
OSV
OSV
added 2024/12/22 11:15 p.m.4 views

DEBIAN-CVE-2024-56375

An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a Manifest RPKI object containing an empty fileList. Fort dereferences and, shortly afterwards, writes to this array during a...

7.5CVSS5.3AI score0.00442EPSS
Exploits0References1
OSV
OSV
added 2024/12/22 11:15 p.m.0 views

UBUNTU-CVE-2024-56375

An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a Manifest RPKI object containing an empty fileList. Fort dereferences and, shortly afterwards, writes to this array during a...

7.5CVSS5.8AI score0.00442EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/12/22 12:0 a.m.9 views

CVE-2024-56375

An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a Manifest RPKI object containing an empty fileList. Fort dereferences and, shortly afterwards, writes to this array during a...

7.5CVSS5.3AI score0.00442EPSS
Exploits0
OSV
OSV
added 2024/12/11 9:21 a.m.5 views

CLSA-2024-1733908866 Fix CVE(s): CVE-2023-25725

SECURITY UPDATE: The HTTP header parsers in HAProxy may accept empty header field names - debian/patches/CVE-2023-25725.patch: prevent empty header field names - CVE-2023-25725...

9.1CVSS7.2AI score0.05493EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/10 12:0 a.m.3 views

The vulnerability of the FormLoginAuthenticator class in the Symfony software development and web application management framework allows a attacker to bypass the authentication process and trigger a service failure.

The vulnerability of the FormLoginAuthenticator class in the Symfony software development and management platform relates to the omission of the empty username or password field during authentication processes. Exploiting this vulnerability could allow an attacker to bypass the authentication...

7.8CVSS5.5AI score0.00761EPSS
Exploits0References9Affected Software1
RedHat Linux
RedHat Linux
added 2024/12/04 12:56 a.m.5 views

kernel: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUGON in the case of an empty event pool In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the code asserts a BUGON, a...

5.5CVSS6.8AI score0.00252EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2024/12/03 9:10 a.m.4 views

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 128.5 fixed: IMAP could crash when reading cached messages fixed: Enabling "Show Folder Size" on Maildir profile could render Thunderbird unusable fixed: Messages corrupted by folder compaction were only fixed by...

9.8CVSS8.3AI score0.00833EPSS
Exploits0References22
OSV
OSV
added 2024/12/03 5:28 a.m.12 views

USN-7135-1 haproxy vulnerability

Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empty header names. A remote attacker could possibly use this issue to manipulate headers and bypass certain authentication checks and restrictions...

9.1CVSS7.3AI score0.05493EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2024/12/03 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-36111

KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the...

6.3CVSS5.8AI score0.08388EPSS
Exploits0References1
OSV
OSV
added 2024/11/29 9:31 p.m.13 views

GHSA-7Q22-X757-CMGC Withdrawn Advisory: Symfony http-security has authentication bypass

Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046. Original Description In Symfony, a security vulnerability was identified in...

8.8CVSS7.6AI score0.00761EPSS
Exploits0References6
Rows per page
Query Builder