CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2019/11/26 11:57 a.m.•4 views

Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested =1 virtualization is enabled. This high resolution timerhrtimer runs when a L2 guest is active. After VM exit, the syncvmcs12 timer object is stopped. The...

7.8CVSS7.1AI score0.00805EPSS

Exploits1References4

Mageia•added 2019/11/14 5:33 p.m.•17 views

Updated libapreq2 packages fix security vulnerability

Updated libapreq2 packages fix security vulnerability: Max Kellermann reported a NULL pointer dereference flaw in libapreq2, allowing a remote attacker to cause a denial of service against an application using the library application crash if an invalid nested "multipart" body is processed...

7.5CVSS3.4AI score0.03941EPSS

Exploits0References2

Tenable Nessus•added 2019/11/14 12:0 a.m.•14 views

Debian DSA-4566-1 : qemu - security update

This update for QEMU, a fast processor emulator, backports support to passthrough the pschange-mc-no CPU flag. The virtualised MSR seen by a guest is set to show the bug as fixed, allowing to disable iTLB Multihit mitigations in nested hypervisors cf. DSA 4564-1. C Tenable Network Security, Inc...

5.5AI score

Debian•added 2019/11/12 10:10 p.m.•14 views

[SECURITY] [DSA 4566-1] qemu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4566-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 12, 2019 https://www.debian.org/security/faq -...

2.1AI score

RedHat Linux•added 2019/10/21 7:22 p.m.•5 views

OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

RedHat Linux•added 2019/10/21 7:2 p.m.•2 views

OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892)

RedHat Linux•added 2019/10/17 2:33 p.m.•5 views

OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892)

RedHat Linux•added 2019/10/17 10:0 a.m.•3 views

OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892)

Veracode•added 2019/10/17 12:22 a.m.•30 views

Denial Of Service

OpenJDK is vulnerable to denial of service DoS. It is due to an incorrect handling of nested jar: URLs in Jar URL handler...

3.7CVSS1.4AI score0.03155EPSS

Exploits0References24Affected Software4

RedHat Linux•added 2019/10/16 3:1 p.m.•5 views

OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892)

RustSec•added 2019/10/03 12:0 p.m.•16 views

Flaw in CBOR deserializer allows stack overflow

Affected versions of this crate did not properly check if semantic tags were nested excessively during deserialization. This allows an attacker to craft small 1 kB CBOR documents that cause a stack overflow. The flaw was corrected by limiting the allowed number of nested tags...

7.5CVSS4.6AI score0.0143EPSS

Exploits1Affected Software1

OSV•added 2019/10/03 12:0 p.m.•12 views

RUSTSEC-2019-0025 Flaw in CBOR deserializer allows stack overflow

7.5CVSS7.3AI score0.0143EPSS

Exploits1References3

Exploit DB•added 2019/10/01 12:0 a.m.•260 views

WebKit - Universal XSS Using Cached Pages

VULNERABILITY DETAILS void FrameLoader::detachChildren ... SubframeLoadingDisabler subframeLoadingDisablermframe.document; // 1 Vector, 16 childrenToDetach; childrenToDetach.reserveInitialCapacitymframe.tree.childCount; for Frame child = mframe.tree.lastChild; child; child =...

7.4AI score

RedHat Linux•added 2019/09/12 1:8 p.m.•1 views

Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Register MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash th...

6.7CVSS6.8AI score0.00355EPSS

RedHat Linux•added 2019/09/12 12:25 p.m.•0 views

Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS

6.7CVSS6.8AI score0.00355EPSS

Tenable Nessus•added 2019/08/12 12:0 a.m.•47 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - Integer overflow in the aiosetupsinglevector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibl...

10CVSS7.8AI score0.52189EPSS

Exploits28References37

Packet Storm•added 2019/08/12 12:0 a.m.•256 views

WebKit Universal Cross Site Scripting

WebKit: UXSS via XSLT and nested document replacements Related CVE Numbers: CVE-2019-8690Id-714702681. VULNERABILITY DETAILS https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/xml/XSLTProcessor.cppL66 Ref XSLTProcessor::createDocumentFromSourceconst String& sourceString, const String&...

7.7AI score0.04558EPSS

Exploits2

Exploit DB•added 2019/08/12 12:0 a.m.•100 views

WebKit - UXSS via XSLT and Nested Document Replacements

VULNERABILITY DETAILS https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/xml/XSLTProcessor.cppL66 Ref XSLTProcessor::createDocumentFromSourceconst String& sourceString, const String& sourceEncoding, const String& sourceMIMEType, Node sourceNode, Frame frame Ref...

7.4AI score