Lucene search
+L

937 matches found

RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.6 views

kernel: Linux kernel CXL driver: Use-after-free vulnerability leading to system instability or privilege escalation

A flaw was found in the Linux kernel's CXL driver. This vulnerability, a use-after-free, allows a local user to cause system instability or a denial of service. The issue arises when the cxlparsecfmws function attempts to use memory that has already been released. This could potentially lead to...

7.8CVSS7.2AI score0.00147EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/04/30 12:0 a.m.11 views

The vulnerability in the Firefox web browser relates to improper memory release before deleting the last link, allowing a malicious actor to gain access to confidential data.

The vulnerability in the Firefox web browser relates to the improper release of memory before deleting the last link. Exploiting this vulnerability allows an attacker who operates remotely to gain access to confidential data...

7.8CVSS7.2AI score0.00594EPSS
Exploits0References9Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/04/19 12:0 a.m.7 views

The vulnerability of the IKE daemon (iked) in Juniper Networks’ Junos routers of the MX and SRX series allows a attacker to cause service interruptions.

The vulnerability of the IKE daemon iked in Juniper Networks’ Junos routers of the MX and SRX series involves improper memory release before deleting the last pointer. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

6.5CVSS5.4AI score0.00295EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/16 12:0 a.m.9 views

The vulnerability of the ovs_pcap_open() function in the Open vSwitch software-level switch allows a attacker to cause a service failure.

The vulnerability of the ovspcapopen function in the Open vSwitch multi-level switch device is related to memory release errors. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

7.8CVSS7.2AI score0.00568EPSS
Exploits0References9Affected Software6
BDU FSTEC
BDU FSTEC
added 2024/04/16 12:0 a.m.10 views

The vulnerability of the USB HID analyzer used by Wireshark, which is used to analyze computer network traffic, allows a hacker to perform a service denial.

The vulnerability of the USB HID analyzer used by Wireshark for analyzing computer network traffic is related to memory release errors. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

7.8CVSS7.2AI score0.02411EPSS
Exploits1References11Affected Software5
SUSE CVE
SUSE CVE
added 2024/04/13 2:10 a.m.7 views

SUSE CVE-2024-26800

In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...

7CVSS6.6AI score0.0028EPSS
Exploits1References12
BDU FSTEC
BDU FSTEC
added 2024/04/11 12:0 a.m.8 views

The vulnerability of the virPCIVirtualFunctionList function in the virtualization management library Libvirt allows a attacker to trigger a service failure.

The vulnerability of the virPCIVirtualFunctionList function in the virtualization management library Libvirt is related to improper memory release before deleting the last reference. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.6AI score0.00298EPSS
Exploits0References9Affected Software5
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.4 views

PT-2024-3281 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server affected versions not specified Description: The issue is related to a memory usage problem after memory release when handling requests. This can allow a remote attacker to execute arbitrary code, affecting the system...

9CVSS9.2AI score0.0156EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.6 views

PT-2024-3279 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server affected versions not specified Description: The issue is related to a memory usage problem after memory release when handling requests. This can allow a remote attacker to execute arbitrary code, affecting the system...

9CVSS9.2AI score0.0156EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2024/04/06 12:0 a.m.5 views

The vulnerability in the /krb5/src/lib/rpc/pmap_rmt.c component of the Kerberos network protocol allows a attacker to cause a service failure.

The vulnerability in the /krb5/src/lib/rpc/pmaprmt.c component of the Kerberos network protocol is related to memory release errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

7.8CVSS6.8AI score0.00815EPSS
Exploits1References7Affected Software11
BDU FSTEC
BDU FSTEC
added 2024/04/06 12:0 a.m.5 views

The vulnerability in the /libLAS/apps/ts2las.cpp component of the libLAS library, which is used for reading and writing geospatial data. This vulnerability allows a attacker to cause a service failure.

The vulnerability in the /libLAS/apps/ts2las.cpp component of the libLAS library for reading and writing geospatial data is related to memory release errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.8CVSS7.2AI score0.01158EPSS
Exploits1References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/04/03 12:0 a.m.6 views

The vulnerability in the component /krb5/src/lib/gssapi/krb5/k5sealv3.c of the Kerberos network protocol allows a attacker to induce a service failure.

The vulnerability of the /krb5/src/lib/gssapi/krb5/k5sealv3.c component, which implements the Kerberos network protocol, is related to memory release errors. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS6.8AI score0.01128EPSS
Exploits1References9Affected Software12
BDU FSTEC
BDU FSTEC
added 2024/04/03 12:0 a.m.9 views

The vulnerability of the ExtractAttributes function (media_tools/m3u8.c:329) on the multimedia platform GPAC allows a perpetrator to trigger a service failure.

The vulnerability of the ExtractAttributes function mediatools/m3u8.c:329 of the multimedia platform GPAC is related to the lack of memory release after the effective lifespan has ended. Exploiting this vulnerability can allow a malicious actor to cause service failure...

7.1CVSS7AI score0.00309EPSS
Exploits1References4Affected Software3
OSV
OSV
added 2024/04/02 3:15 a.m.5 views

CVE-2024-20845

Out-of-bounds write vulnerability while releasing memory in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code...

7.8CVSS6AI score0.0022EPSS
Exploits0References1
CVE
CVE
added 2024/04/02 2:59 a.m.58 views

CVE-2024-20845

CVE-2024-20845 describes an out-of-bounds write vulnerability in libsavsac.so when releasing memory, allowing a local attacker to execute arbitrary code. Affected: libsavsac.so prior to SMR Apr-2024 Release 1. Root cause: memory release path triggers out-of-bounds write. Impact: local code execut...

8.4CVSS7.2AI score0.0022EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.8 views

PT-2024-18754 · Unknown · Libsavsac.So

Name of the Vulnerable Software and Affected Versions: libsavsac.so versions prior to SMR Apr-2024 Release 1 Description: The issue is an out-of-bounds write vulnerability that occurs while releasing memory in libsavsac.so. This allows a local attacker to execute arbitrary code. Recommendations:...

8.4CVSS7.6AI score0.0022EPSS
Exploits0References4
Redos
Redos
added 2024/04/02 12:0 a.m.26 views

ROS-20240402-11

A vulnerability in the Extractattributes component of mediatools/m3u8.c:329 of the GPAC multimedia platform is related to a with a lack of memory release after an effective lifetime. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of service A...

7.1CVSS6.7AI score0.00309EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2024/03/28 12:0 a.m.5 views

The vulnerability of the Golang programming language, related to errors in memory release during RSA encryption/decryption code, allows a hacker to cause a service failure.

The vulnerability of the Golang programming language is related to errors in memory release during RSA encryption/decryption code. Exploiting this vulnerability can allow a remote attacker to cause a service failure using specially created data...

7.8CVSS7.2AI score0.01533EPSS
Exploits0References14Affected Software2
Redos
Redos
added 2024/03/13 12:0 a.m.37 views

ROS-2-490

2.490 Multiple vulnerabilities of libwebp 1. Vulnerability Description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...

9.8CVSS8.7AI score0.02662EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/03/13 12:0 a.m.9 views

The vulnerability of the drm_bridge_get_edid function in the Meson kernel of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the drmbridgegetedid function in the Meson component of the Linux operating system is related to memory release errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.1AI score0.00222EPSS
Exploits0References17Affected Software3
Rows per page
Query Builder