CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2022/12/08 12:0 a.m.•1 views

PT-2022-36546 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.300 Description: The issue concerns close race conditions on sk receive queue. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

7.2AI score

Code423n4•added 2022/12/07 12:0 a.m.•7 views

Upgraded Q -> H from #439 [1670433195074]

Judge has assessed an item in Issue 439 as H risk. The relevant finding follows: L02 - close should not be able to close a specific id credit line As per the docs: Can a Borrower chose to repay any debt in any order? No. The app automatically selects which credit line can be repaid using a...

6.7AI score

Exploits0

Positive Technologies•added 2022/12/06 12:0 a.m.•3 views

PT-2024-11850 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a race condition on the per-CQ variable napi work done in the Linux kernel's net component. After calling napi complete done, another CPU can start the napi...

9.1CVSS6.6AI score0.18032EPSS

Exploits9References1774

Positive Technologies•added 2022/12/04 12:0 a.m.•2 views

PT-2022-27857 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions through 4.0.2 Description: The issue allows attackers to cause a denial of service by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, resulting...

7.5CVSS7.1AI score0.00755EPSS

Exploits1References9

IBM Security Bulletins•added 2022/11/30 8:48 a.m.•50 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Expat, SQlite, libxml2, Libksba, zlib and GnuTLS

Summary Multiple issues were identified in Red Hat UBI ubi8/ubi-minimal v8.6-x packages Expat, SQlite, libxml2, Libksba, zlib and GnuTLS that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. These vulnerabilities have been addressed. Vulnerability Details...

9.8CVSS9.9AI score0.92544EPSS

Exploits3Affected Software1

Positive Technologies•added 2022/11/29 12:0 a.m.•3 views

PT-2024-11876 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the sctp stream outq migrate function. When this function is called to release stream out resources, the...

7.9CVSS6.4AI score0.00409EPSS

Exploits3References173

RedHat Linux•added 2022/11/15 11:55 a.m.•1 views

kernel: posix-cpu-timers: Cleanup CPU timers before freeing them during exec

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b "posix-cpu-timers: Store a reference to a pid not a task" started looking up tasks by PID when deleting a CPU timer. When a non-leader threa...

7.8CVSS6.2AI score0.00064EPSS

RedHat Linux•added 2022/11/15 11:55 a.m.•2 views

kernel: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE

A flaw was found in the lpfc module in the Linux kernel. A missing release of allocated memory when an error occurs will cause a memory leak, potentially impacting system performance and resulting in a denial of service...

5.5CVSS6.6AI score0.00049EPSS

RedHat Linux•added 2022/11/15 11:55 a.m.•0 views

kernel: Revert "Revert "block, bfq: honor already-setup queue merges""

In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges"" A crash 1 happened to be triggered in conjunction with commit 2d52c58b9c9b "block, bfq: honor already-setup queue merges". The latter was then reverted by commit...

7.8CVSS6.2AI score0.00019EPSS

RedHat Linux•added 2022/11/15 11:55 a.m.•2 views

kernel: nvme-rdma: destroy cm id before destroy qp to avoid use after free

A vulnerability was found in the Linux kernel's nvme-rdma driver where the driver failed to destroy a component cmid before another component qp was destroyed. This issue occurs when the kernel incorrectly manages memory during RDMA, leading to a potential use-after-free...

9.8CVSS7.2AI score0.00087EPSS

Positive Technologies•added 2022/11/14 12:0 a.m.•2 views

PT-2022-35828 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.296 Description: The issue arises when the code attempts to access the sk wq of a socket sock that is already dead. This could potentially lead to security vulnerabilities, although the actual impact and...

Positive Technologies•added 2022/11/14 12:0 a.m.•2 views

PT-2022-35014 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 6.0.3 Description: The issue arises when the code attempts to access the sk wq of a socket sock that is already dead. This could potentially lead to security vulnerabilities, although the actual impact and attac...

Positive Technologies•added 2022/11/14 12:0 a.m.•2 views

PT-2022-34969 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to the blk-mq elevator switch when reinitializing queues. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

7.2AI score

Positive Technologies•added 2022/11/14 12:0 a.m.•3 views

PT-2022-35493 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: The issue arises when the code attempts to access the sk wq of a socket sock that is already dead. This could potentially lead to security vulnerabilities, although the actual impact and...

Positive Technologies•added 2022/11/14 12:0 a.m.•3 views

PT-2022-35285 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue arises when the code attempts to access the sk wq of a socket sock that is already dead. This could potentially lead to security vulnerabilities, although the actual impact and...

Positive Technologies•added 2022/11/14 12:0 a.m.•2 views

PT-2022-35049 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: A potential memory leak issue was identified in the init mqueue fs function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions pri...

7.2AI score

Positive Technologies•added 2022/11/14 12:0 a.m.•2 views

PT-2022-35749 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.262 Description: The issue arises when the code attempts to access the sk wq of a socket sock that is already dead. This could potentially lead to security vulnerabilities, although the actual impact and...