Lucene search
K

134 matches found

Vulnrichment
Vulnrichment
added 2024/05/30 3:29 p.m.23 views

CVE-2024-36926 powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE At the time of LPAR boot up, partition firmware provides Open Firmware property ibm,dma-window for the PE. This property is provided on the PCI bus the PE is...

6.8AI score0.00241EPSS
Exploits0References4
CVE
CVE
added 2024/05/30 3:29 p.m.182 views

CVE-2024-36926

CVE-2024-36926 affects the Linux kernel on PowerPC pseries hardware, where LPARs boot with a frozen PE may lack the ibm,dma-window property. This can cause a NULL pointer dereference while configuring PCI, leading to an oops/panic during boot. The vulnerability is described with kernel traces (pc...

6.2CVSS7AI score0.00241EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/04/02 6:8 a.m.123 views

CVE-2024-26657

CVE-2024-26657 relates to a NULL pointer dereference in the Linux kernel’s DRM scheduler code (drm_sched_entity_init). The issue could be triggered by AMDGPU user-space IOCTL flow: user calls AMDGPU_CTX_ALLOC_CTX via amdgpu_ctx_ioctl, then AMDGPU_WAIT_CS without submitting a job, which could lead...

5.5CVSS6.3AI score0.00228EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/03/29 12:0 a.m.81 views

Curl 7.44.0 < 8.7.0 HTTP/2 Push Headers Memory-leak (CVE-2024-2398)

The version of Curl installed on the remote host is between 7.44.0 and prior to 8.7.0. It is, therefore, affected by a memory-leak vulnerability. When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed...

8.6CVSS6.9AI score0.36081EPSS
Exploits1References2
OSV
OSV
added 2024/03/27 8:15 a.m.34 views

CVE-2024-2398

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS6.6AI score0.36081EPSS
Exploits1References13
OSV
OSV
added 2024/03/27 8:0 a.m.24 views

CURL-CVE-2024-2398 HTTP/2 push headers memory-leak

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS8.2AI score0.36081EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/03/27 7:55 a.m.30 views

CVE-2024-2398 HTTP/2 push headers memory-leak

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

6.8AI score0.36081EPSS
Exploits1References13
CVE
CVE
added 2024/03/27 7:55 a.m.448 views

CVE-2024-2398

CVE-2024-2398 affects curl/libcurl: when an application enables HTTP/2 server push and the received push headers exceed a limit (1000), libcurl aborts the server push and leaks previously allocated headers, causing memory leaks and a silent condition that can be hard to detect. The CVSS in the en...

8.6CVSS8.3AI score0.36081EPSS
Exploits1References13Affected Software1
Debian CVE
Debian CVE
added 2024/03/27 7:55 a.m.41 views

CVE-2024-2398

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS7.4AI score0.36081EPSS
Exploits1
Cvelist
Cvelist
added 2024/03/27 7:55 a.m.99 views

CVE-2024-2398 HTTP/2 push headers memory-leak

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

9.6AI score0.36081EPSS
Exploits1References13
AlpineLinux
AlpineLinux
added 2024/03/27 7:55 a.m.97 views

CVE-2024-2398

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS8.5AI score0.36081EPSS
Exploits1
OSV
OSV
added 2024/03/06 11:20 a.m.16 views

BIT-TENSORFLOW-2020-15191 Undefined behavior in Tensorflow

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

5.3CVSS5.3AI score0.00749EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/09/27 5:16 p.m.26 views

CVE-2023-20262

A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not...

5.3CVSS7.7AI score0.00744EPSS
Exploits0References1
Veracode
Veracode
added 2023/02/06 5:40 a.m.20 views

Information Disclosure

froxlor/froxlor is vulnerable to Information Disclosure. A remote attacker is able to gain access to unauthorized user data via a failed prepared SQL query due to an unchecked error condition, resulting in the disclosure of sensitive information...

5.3CVSS5.9AI score0.00667EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/01/29 11:15 p.m.39 views

CVE-2023-0572

Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10...

5.3CVSS5.2AI score0.00667EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/01/29 12:0 a.m.36 views

CVE-2023-0572 Unchecked Error Condition in froxlor/froxlor

Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10...

5.3CVSS5.5AI score0.00667EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/01/29 12:0 a.m.9 views

CVE-2023-0572 Unchecked Error Condition in froxlor/froxlor

Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10...

5.3CVSS5.5AI score0.00667EPSS
Exploits1References2
CVE
CVE
added 2023/01/29 12:0 a.m.79 views

CVE-2023-0572

The vulnerability CVE-2023-0572 affects the Froxlor project (froxlor/froxlor) before version 2.0.10, described as an Unchecked Error Condition in the repository. The available connected documents confirm a technical issue arising from an unchecked error path in Froxlor prior to 2.0.10. The CVSSv3...

5.3CVSS5.2AI score0.00667EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2023/01/25 9:20 a.m.2 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02513EPSS
Exploits0References6
OSV
OSV
added 2023/01/17 5:43 p.m.6 views

GSD-2023-1000488 media: s5p-mfc: Clear workbit to handle error condition

media: s5p-mfc: Clear workbit to handle error condition This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...

7.2AI score
Exploits0
Rows per page
Query Builder