Lucene search
K

91 matches found

AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.8 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection, as a cycle in the process could lead to a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also iterates through the maps via t...

7.8CVSS6.5AI score0.0032EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/11/05 1:22 a.m.3 views

kernel: netfilter: nf_tables: prefer nft_chain_validate

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

7.8CVSS6.8AI score0.0032EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/05 12:54 a.m.3 views

kernel: netfilter: nf_tables: prefer nft_chain_validate

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

7.8CVSS6.8AI score0.0032EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/16 6:34 p.m.24 views

CVE-2024-45795 Suricata detect/datasets: reachable assertion with unimplemented rule option

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service...

7.5CVSS6.9AI score0.00534EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/08/06 2:1 a.m.12 views

SUSE CVE-2024-41042

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

4.4CVSS6.5AI score0.0032EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2024/07/31 9:13 a.m.30 views

CVE-2024-41042

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

4.1CVSS7.4AI score0.0032EPSS
Exploits0References4
OSV
OSV
added 2024/07/29 3:15 p.m.9 views

DEBIAN-CVE-2024-41042

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

7.8CVSS5.7AI score0.0032EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 3:15 p.m.6 views

UBUNTU-CVE-2024-41042

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

7.8CVSS6.2AI score0.0032EPSS
Exploits0References26
CVE
CVE
added 2024/07/29 2:31 p.m.195 views

CVE-2024-41042

Based on the provided documents, CVE-2024-41042 affects the Linux kernel nf_tables component. The vulnerability stems from the loop-detection path: nf_tables_check_loops() and its helpers were used to detect cycles in nft chains. The affected code path is nf_tables: the fix replaces or removes lo...

7.8CVSS7AI score0.0032EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2024/07/16 9:27 p.m.29 views

CVE-2024-6336 Security misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposure

A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a depende...

6.9CVSS0.0042EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/16 9:27 p.m.20 views

CVE-2024-6336 Security misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposure

A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a depende...

6.9CVSS6.3AI score0.0042EPSS
Exploits0References5
CVE
CVE
added 2024/07/16 9:27 p.m.64 views

CVE-2024-6336

CVE-2024-6336 describes a security misconfiguration in GitHub Enterprise Server where sensitive information could be disclosed to unauthorized users by exploiting the organization ruleset feature. An organization member could change the visibility of a dependent repository from private to public,...

6.9CVSS5.1AI score0.0042EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.4 views

PT-2024-37549 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: A Security Misconfiguration issue in GitHub Enterprise Server allowed unauthorized users to access sensitive information by exploiting the organization ruleset feature. This require...

6.9CVSS6.7AI score0.0042EPSS
Exploits0References9
Malwarebytes
Malwarebytes
added 2024/06/11 10:45 a.m.27 views

Google’s Chrome changes make life harder for ad blockers

Despite protests, Google is rolling out changes in the Chrome browser that make it harder for ad blockers to do their job. Starting last Monday, June 3, 2024, Chrome Beta, Dev, and Canary channels will see the effects of the implementation of the new extension platform Manifest V3. The gradual...

7AI score
Exploits0
NVD
NVD
added 2024/04/19 3:15 p.m.24 views

CVE-2024-3470

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...

7.2CVSS5.7AI score0.00587EPSS
Exploits0References2
OSV
OSV
added 2024/04/19 3:15 p.m.5 views

CVE-2024-3470

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...

7.2CVSS5.8AI score0.00587EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/19 2:17 p.m.26 views

CVE-2024-3470 Repository administrator can bypass organization's ruleset using deploy keys

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...

5.9CVSS6AI score0.00587EPSS
Exploits0References2
CVE
CVE
added 2024/04/19 2:17 p.m.74 views

CVE-2024-3470

GitHub Enterprise Server suffers an Improper Privilege Management flaw that lets a repository deploy key bypass an organization’s ruleset when an attacker has a valid deploy key and repository administrator access. Affected versions are 3.11–3.12; remediation is to upgrade to 3.11.8 or 3.12.2. In...

7.2CVSS6.8AI score0.00587EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/19 12:0 a.m.6 views

PT-2024-26117 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.11 through 3.12 Description: An Improper Privilege Management issue was identified in GitHub Enterprise Server, allowing an attacker to bypass an organization ruleset using a deploy key. The attacker would...

5.9CVSS7.2AI score0.00587EPSS
Exploits0References5
Veracode
Veracode
added 2024/02/27 3:52 p.m.17 views

Heap Use-after-free

Suricata is vulnerable to a Heap Use-after-free. The vulnerability is due to inadequate handling network traffic, particularly when the ruleset utilizes the http.requestheader or http.responseheader keyword, allows an attacker to still access and potentially manipulate or exploit that freed memor...

8.1CVSS7AI score0.00784EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder