Lucene search
K

1907 matches found

The Hacker News
The Hacker News
added 2024/12/04 5:8 a.m.19 views

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management IAM software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905 , has a CVSS score of 10.0, indicating maximum severit...

10CVSS9.3AI score0.00954EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/12/04 12:56 a.m.6 views

kernel: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray

In the Linux kernel, the following vulnerability has been resolved: mm/filemap: make MAXPAGECACHEORDER acceptable to xarray Patch series "mm/filemap: Limit page cache size to that supported by xarray", v2. Currently, xarray can't support arbitrary page cache size. More details can be found from t...

5.5CVSS6.7AI score0.00211EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/12/04 12:56 a.m.2 views

kernel: mm/filemap: skip to create PMD-sized page cache if needed

A vulnerability was found in the Linux kernel related to how large page caching is handled, particularly for AMD64 architectures. The issue stems from the xarray data structure's inability to support PMD-sized page caches when the base page size is larger than MAXPAGECACHEORDER. The particular...

5.5CVSS7.2AI score0.00288EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from various issues in the mmc driver due to increasing maxreqsize, including a kernel crash when booting from an...

5.5CVSS6.8AI score0.00223EPSS
Exploits0References4
OSV
OSV
added 2024/12/02 5:15 p.m.2 views

DEBIAN-CVE-2024-53259

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

6.5CVSS6.4AI score0.00608EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/26 12:55 a.m.6 views

kernel: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs

A vulnerability was found in the Linux kernel's hwmon subsystem, specifically in the mlxreg-fan driver. The issue arises when the driver’s sysfs interface for controlling fan speed does not properly handle cases where the requested minimum fan speed exceeds the maximum allowable value. When the...

7.1CVSS6.7AI score0.00244EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/23 5:40 a.m.24 views

CVE-2024-11265 Wp Maximum Upload File Size <= 1.1.3 - Authenticated (Author+) Full Path Disclosure

The Increase Maximum Upload File Size | Increase Execution Time plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.3. This is due to returning image upload error messages with full path information. This makes it possible for authenticated...

4.3CVSS0.00598EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/23 12:0 a.m.9 views

WordPress plugin Wp Maximum Upload File Size 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

4.3CVSS7.8AI score0.00598EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.15 views

PT-2024-16872 · WordPress · Increase Maximum Upload File Size | Increase Execution Time Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Increase Maximum Upload File Size | Increase Execution Time plugin for WordPress versions up to, and including, 1.1.3 Description: The issue allows authenticated attackers with author-level permissions and above to retrieve the full path of t...

4.3CVSS9.4AI score0.00598EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.3 views

kernel: bluetooth: race condition in sniff_{min,max}_interval_set()

A race condition vulnerability was found in the Linux kernel's net/bluetooth in sniffmin,maxintervalset function. This issue can result in a Bluetooth sniffing exception issue, possibly leading to denial of service...

4.8CVSS7.2AI score0.00712EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.2 views

kernel: virtio-blk: fix implicit overflow on virtio_max_dma_size

In the Linux kernel, the following vulnerability has been resolved: virtio-blk: fix implicit overflow on virtiomaxdmasize The following codes have an implicit conversion from sizet to u32: u32maxsize = sizetvirtiomaxdmasizevdev; This may lead overflow, Ex sizet4G - u320. Once virtiomaxdmasize has...

5.5CVSS6.9AI score0.00244EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.8 views

kernel: ext4: avoid online resizing failures due to oversized flex bg

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbgsize, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following WARNO...

5.5CVSS6.7AI score0.00245EPSS
Exploits0References5
OSV
OSV
added 2024/11/11 4:9 p.m.4 views

CLSA-2024-1731341386 bzip2: Fix of CVE-2019-12900

CVE-2019-12900: accept as many selectors as the file format allows but ignore any larger than the theoretical maximum, BZMAXSELECTORS...

9.8CVSS6.8AI score0.08042EPSS
Exploits0References1
OSV
OSV
added 2024/11/11 4:3 p.m.4 views

CLSA-2024-1731340993 bzip2: Fix of CVE-2019-12900

CVE-2019-12900: accept as many selectors as the file format allows but ignore any larger than the theoretical maximum, BZMAXSELECTORS...

9.8CVSS6.8AI score0.08042EPSS
Exploits0References1
OSV
OSV
added 2024/11/11 3:35 p.m.5 views

CLSA-2024-1731337736 bzip2: Fix of CVE-2019-12900

CVE-2019-12900: accept as many selectors as the file format allows but ignore any larger than the theoretical maximum, BZMAXSELECTORS...

9.8CVSS6.8AI score0.08042EPSS
Exploits0References1
OSV
OSV
added 2024/11/09 11:15 a.m.2 views

DEBIAN-CVE-2024-50218

In the Linux kernel, the following vulnerability has been resolved: ocfs2: pass u64 to ocfs2truncateinline maybe overflow Syzbot reported a kernel BUG in ocfs2truncateinline. There are two reasons for this: first, the parameter value passed is greater than ocfs2maxinlinedatawithxattr, second, the...

5.5CVSS5.8AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 2024/11/09 11:15 a.m.4 views

UBUNTU-CVE-2024-50258

In the Linux kernel, the following vulnerability has been resolved: net: fix crash when config small gsomaxsize/gsoipv4maxsize Config a small gsomaxsize/gsoipv4maxsize will lead to an underflow in skdstgsomaxsize, which may trigger a BUGON crash, because sk-skgsomaxsize would be much bigger than...

5.5CVSS6.2AI score0.00207EPSS
Exploits0References28
SUSE CVE
SUSE CVE
added 2024/11/06 3:48 a.m.2 views

SUSE CVE-2024-50132

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: Fix MAXTRACEARGS limit handling When creating a traceprobe we would set nrargs prior to truncating the arguments to MAXTRACEARGS. However, we would only initialize arguments up to the limit. This caused invalid...

5.5CVSS7.4AI score0.00214EPSS
Exploits0References5
OSV
OSV
added 2024/11/05 6:15 p.m.3 views

DEBIAN-CVE-2024-50132

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: Fix MAXTRACEARGS limit handling When creating a traceprobe we would set nrargs prior to truncating the arguments to MAXTRACEARGS. However, we would only initialize arguments up to the limit. This caused invalid...

5.5CVSS5.3AI score0.00214EPSS
Exploits0References1
OSV
OSV
added 2024/11/05 6:15 p.m.4 views

UBUNTU-CVE-2024-50131

In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL...

7.8CVSS6.3AI score0.00249EPSS
Exploits0References45
Rows per page
Query Builder