Lucene search
K

1907 matches found

RedHat Linux
RedHat Linux
added 2024/10/16 12:28 a.m.7 views

kernel: net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX

A flaw was addressed in the Linux kernel’s traffic scheduling TAPRIO subsystem. The code that handles the TCATAPRIOATTRSCHEDCYCLETIME attribute did not enforce an upper bound on this value, which could allow excessively large cycle time inputs to be processed. Under certain conditions, this can...

5.9AI score0.00168EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2024/10/15 7:0 a.m.5 views

igb: cope with large MAX_SKB_FRAGS

...

5.5CVSS6.7AI score0.00209EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/10/14 6:1 p.m.2 views

wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)

A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections...

4.1CVSS5.7AI score0.00275EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/10/14 6:1 p.m.1 views

wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)

A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections...

4.1CVSS5.7AI score0.00275EPSS
Exploits0References7
CVE
CVE
added 2024/10/11 6:50 a.m.51 views

CVE-2024-9611

CVE-2024-9611 refers to the WordPress plugin “Increase upload file size & Maximum Execution Time limit” with vulnerable code that uses add_query_arg without proper escaping, enabling Reflected Cross‑Site Scripting in all versions up to 2.0. This allows unauthenticated attackers to inject scripts ...

6.1CVSS6.4AI score0.0041EPSS
Exploits0References3
OSV
OSV
added 2024/10/10 2:15 a.m.5 views

CVE-2024-9205

The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.9AI score0.00349EPSS
Exploits0References3
NVD
NVD
added 2024/10/10 2:15 a.m.12 views

CVE-2024-9205

The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00349EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/10 12:0 a.m.11 views

WordPress Increase upload file size & Maximum Execution Time limit Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Increase upload file size & Maximum Execution Time limit Type Plugin Vulnerable versions = 2.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9611 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

6.1CVSS5.8AI score0.0041EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.7 views

PT-2024-33874

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.0-rc7-syzkaller-g5f5673607153 Description: The issue is related to a panic on IPPROTO SMC in the Linux kernel. When INET PROTOSW ICSK is set, icsk-icsk sync mss must also be set. The problem occurs due to a...

5.5CVSS5.4AI score0.002EPSS
Exploits0
CNNVD
CNNVD
added 2024/10/10 12:0 a.m.5 views

WordPress plugin Maximum Products per User for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPress plugin Maximum...

6.1CVSS6AI score0.00349EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/10/09 4:31 p.m.5 views

WordPress Maximum Products per User for WooCommerce plugin <= 4.2.8 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Maximum Products per User for WooCommerce versions = 4.2.8...

6.1CVSS6.3AI score0.00349EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/09 3:15 p.m.3 views

DEBIAN-CVE-2024-47664

In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the maxfrequency provided by the firmware If the value of maxspeedhz is 0, it may cause a division by zero error in hisicalceffectivespeed. The value of maxspeedhz is provided by firmware...

5.5CVSS5.4AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2024/10/09 3:15 p.m.16 views

AZL-50860 CVE-2024-47664 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the maxfrequency provided by the firmware If the value of maxspeedhz is 0, it may cause a division by zero error in hisicalceffectivespeed. The value of maxspeedhz is provided by firmware...

5.5CVSS6.7AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2024/10/09 3:15 p.m.2 views

UBUNTU-CVE-2024-47664

In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the maxfrequency provided by the firmware If the value of maxspeedhz is 0, it may cause a division by zero error in hisicalceffectivespeed. The value of maxspeedhz is provided by firmware...

5.5CVSS6.1AI score0.00206EPSS
Exploits0References10
OSV
OSV
added 2024/10/09 2:13 p.m.17 views

CVE-2024-47667 PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)

In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata i2037 AM65x SR 1.0 Errata i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0 SPRZ452DJuly 2018Revised December 2019 1 mentions when an inbound PCIe TLP spans more than two internal AXI...

5.5CVSS6.2AI score0.00207EPSS
Exploits0References11
OSV
OSV
added 2024/09/27 1:15 p.m.7 views

UBUNTU-CVE-2024-46816

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpudm initialize when link nums greater than maxlinks Why Coverity report OVERRUN warning. There are only maxlinks elements within dc-links. link count could up to AMDGPUDMMAXDISPLAYINDEX 31. How Make sur...

5.5CVSS6.2AI score0.00255EPSS
Exploits0References27
RedHat Linux
RedHat Linux
added 2024/09/24 12:51 p.m.36 views

io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size

A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service...

7.5CVSS5.7AI score0.0058EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/09/24 2:39 a.m.5 views

kernel: mlxsw: thermal: Fix out-of-bounds memory accesses

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: cat /sys/class/thermal/thermalzone2/cdev0/type mlxswfan cat...

7.3CVSS6.3AI score0.00236EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/24 12:49 a.m.11 views

kernel: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs

A vulnerability was found in the Linux kernel's hwmon subsystem, specifically in the mlxreg-fan driver. The issue arises when the driver’s sysfs interface for controlling fan speed does not properly handle cases where the requested minimum fan speed exceeds the maximum allowable value. When the...

7.1CVSS6.7AI score0.00244EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/24 12:40 a.m.1 views

kernel: mlxsw: thermal: Fix out-of-bounds memory accesses

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: cat /sys/class/thermal/thermalzone2/cdev0/type mlxswfan cat...

7.3CVSS6.3AI score0.00236EPSS
Exploits0References4
Rows per page
Query Builder