Lucene search
+L

380 matches found

Ubuntu
Ubuntu
added 2024/10/15 10:13 p.m.31 views

USN-7069-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - Cryptographic API; - CPU frequency scaling framework; - HW tracing; - ISDN/mISDN subsystem; -...

7.8CVSS7.3AI score0.02701EPSS
Exploits2
OSV
OSV
added 2024/08/29 5:59 p.m.23 views

GHSA-P652-XCGX-F85M "powermail" (powermail) Insecure Direct Object Reference (IDOR)

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference IDOR. An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the...

7.3CVSS5.2AI score0.00297EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/08/08 5:23 p.m.6 views

undertow: LearningPushHandler can lead to remote memory DoS attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

5.3CVSS5.7AI score0.01866EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/07/18 3:5 a.m.3 views

SUSE CVE-2022-48865

In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel panic when enabling bearer When enabling a bearer on a node, a kernel panic is observed: 4.498085 RIP: 0010:tipcmonprep+0x4e/0x130 tipc ... 4.520030 Call Trace: 4.520689 4.521236 tipclinkbuildprotomsg+0x375/0x750...

5.5CVSS6.2AI score0.00259EPSS
Exploits0References9
Ubuntu
Ubuntu
added 2024/06/18 11:24 p.m.206 views

USN-6818-4: Linux kernel (HWE) vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 It was...

7.8CVSS6.9AI score0.78388EPSS
Exploits2
OSV
OSV
added 2024/05/08 5:15 p.m.3 views

CVE-2024-25533

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website /WorkFlow/OfficeFileUpdate.aspx. This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements...

9.4CVSS6AI score0.0072EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/07 4:40 p.m.44 views

CVE-2024-29206

An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge ADB and make unsupported changes to the system. Affected Products: UniFi Connect EV Station Version 1.1.18 and earlier UniFi Connect EV Station Pro Version 1.1.18 and earlier UniFi...

2.2CVSS4AI score0.0044EPSS
Exploits0References1
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.10 views

OpenSSL Security Advisory [28th March 2023] (CVE-2023-0465, CVE-2023-0466)

Multiple OpenSSL Vulnerabilities released on28th March 2023 Invalid certificate policies in leaf certificates are silently ignored CVE-2023-0465 ========================================================= Applications that use a non-default option when verifying certificates may be vulnerable to an...

5.3CVSS6.9AI score0.01625EPSS
Exploits0
NVD
NVD
added 2024/03/04 6:15 p.m.37 views

CVE-2021-47086

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: refuse to enable an unbound pipe This ioctl implicitly assumed that the socket was already bound to a valid local socket name, i.e. Phonet object. If the socket was not bound, two separate problems would occur: 1 We'd...

5.5CVSS6.3AI score0.00226EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2024/03/04 6:6 p.m.35 views

CVE-2021-47086

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: refuse to enable an unbound pipe This ioctl implicitly assumed that the socket was already bound to a valid local socket name, i.e. Phonet object. If the socket was not bound, two separate problems would occur: 1 We'd...

5.5CVSS6.7AI score0.00226EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/03/02 10:15 p.m.41 views

CVE-2023-52575

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.6AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/02/28 9:15 a.m.22 views

CVE-2021-47025

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Always enable the clk on resume In mtkiommuruntimeresume always enable the clk, even if m4udom is null. Otherwise the 'suspend' cb might disable the clk which is already disabled causing the warning: 1.586104...

7.8CVSS5.7AI score0.0023EPSS
Exploits0References4
OSV
OSV
added 2024/02/22 9:14 a.m.8 views

SUSE-SU-2024:0589-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2021-3638: hw/display/ati2d: Fix buffer overflow in ati2dblt bsc1188609 - CVE-2023-3180: virtio-crypto: verify src and dst buffer length for sym request bsc1213925 - CVE-2023-3354: io: remove io watch if TLS channel is closed during handshake...

7.5CVSS7.4AI score0.01606EPSS
Exploits1References9
Cvelist
Cvelist
added 2024/02/20 6:56 p.m.29 views

CVE-2024-1044 Customer Reviews for WooCommerce <= 5.38.10 - Improper Authorization via submit_review

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitreview' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with...

5.3CVSS5.5AI score0.00409EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/12/07 12:37 p.m.3 views

openssl: Denial of service by excessive resource usage in verifying X509 policy constraints

A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

7.5CVSS6.6AI score0.03658EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/12/01 12:0 a.m.14 views

PT-2024-14671

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue occurs when switching to another HDMI mode, causing unnecessary disabling/enabling of FIFO, which leads to both HPO and DIG registers being set at the same time. This can resul...

5.5CVSS6.1AI score0.00195EPSS
Exploits0References21
CNNVD
CNNVD
added 2023/11/07 12:0 a.m.5 views

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices SMR Nov-2023 Release 1, which stems from an improper access control vulnerability in the SecSettings module. An...

7.5CVSS6.6AI score0.0045EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/05 12:0 a.m.4 views

WatchGuard EPDR Security Vulnerability

WatchGuard EPDR is an application from WatchGuard USA, Inc. prevents, detects and responds to any type of known and unknown malware as well as fileless and malware-free attacks. A security vulnerability exists in WatchGuard EPDR version 8.0.21.0002, which stems from the fact that an attacker can...

5.5CVSS6.8AI score0.00163EPSS
Exploits0References2
OSV
OSV
added 2023/10/04 4:15 a.m.4 views

CVE-2023-30727

Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction...

7.5CVSS5.9AI score0.00368EPSS
Exploits0References1
OSV
OSV
added 2023/06/28 6:15 p.m.6 views

CVE-2023-21192

In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS5.9AI score0.00096EPSS
Exploits0References1
Rows per page
Query Builder