Lucene search
+L

41 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/11 12:0 a.m.12 views

SUSE SLED15: libvirt / libvirt-client / libvirt-client-qemu / libvirt-daemon / etc (SUSE-SU-2024:1962-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1962-1 advisory. - CVE-2024-4418: Fixed a stack use-after-free by ensuring temporary GSource is removed from client event...

6.2CVSS6.9AI score0.00486EPSS
Exploits0References5
OSV
OSV
added 2024/06/10 11:9 a.m.7 views

SUSE-SU-2024:1962-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2024-4418: Fixed a stack use-after-free by ensuring temporary GSource is removed from client event loop. bsc1223849...

6.2CVSS6.5AI score0.00486EPSS
Exploits0References4
NVD
NVD
added 2024/05/08 3:15 a.m.23 views

CVE-2024-4418

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's...

6.2CVSS6.3AI score0.00486EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/05/08 3:3 a.m.18 views

CVE-2024-4418 Libvirt: stack use-after-free in virnetclientioeventloop()

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's...

6.2CVSS6.5AI score0.00486EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/05/08 3:3 a.m.26 views

CVE-2024-4418 Libvirt: stack use-after-free in virnetclientioeventloop()

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's...

6.2CVSS6.6AI score0.00486EPSS
Exploits0References5
CVE
CVE
added 2024/05/08 3:3 a.m.122 views

CVE-2024-4418

CVE-2024-4418 is a vulnerability in libvirt causing a race condition that leads to a stack use-after-free in virNetClientIOEventLoop(), where a pointer to a stack-allocated virNetClientIOEventData can be used in virNetClientIOEventFD while its stack frame is freed. The issue can let a local attac...

6.2CVSS6.2AI score0.00486EPSS
Exploits0References8
OSV
OSV
added 2024/05/08 3:3 a.m.14 views

CVE-2024-4418 Libvirt: stack use-after-free in virnetclientioeventloop()

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's...

6.2CVSS6.8AI score0.00486EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2024/05/05 12:0 a.m.22 views

CVE-2024-4418

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's...

6.2CVSS6.8AI score0.00486EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/05/02 12:59 p.m.27 views

CVE-2024-4418

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's...

6.2CVSS6.5AI score0.00486EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.7 views

PT-2024-4010

Name of the Vulnerable Software and Affected Versions: libvirt affected versions not specified Description: A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated...

6.2CVSS6.5AI score0.00486EPSS
Exploits0References79
RustSec
RustSec
added 2023/10/19 12:0 p.m.4 views

Potential stack use-after-free in `Instrumented::into_inner`

The implementation of the Instrumented::intoinner method in affected versions of this crate contains undefined behavior due to incorrect use of std::mem::forget The function creates const pointers to self, calls mem::forgetselfstd::mem::forget, and then moves values out of those pointers using...

7.2AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/05/10 12:0 a.m.47 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2022-0008)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsitransportiscsi.c is adversely affected by the ability of an unprivilege...

7.8CVSS7.1AI score0.01377EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2021/04/14 12:0 a.m.65 views

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4907-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4907-1 advisory. Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An...

7.8CVSS7.1AI score0.01534EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/03/09 12:0 a.m.46 views

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9086)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9086 advisory. - xen-blkback: fix error handling in xenblkbkmap Jan Beulich Orabug: 32492109 CVE-2021-26930 - xen-scsiback: dont 'handle' error by BUG Jan Beulich...

7.8CVSS6.8AI score0.01377EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2021/03/09 12:0 a.m.66 views

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9087)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9087 advisory. - ovl: verify permissions in ovlpathopen Miklos Szeredi Orabug: 32435220 CVE-2020-16120 - ovl: switch to mounter creds in readdir Miklos Szeredi Orabug...

7.8CVSS6.8AI score0.01377EPSS
Exploits1References4
Mageia
Mageia
added 2021/01/31 9:34 p.m.73 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.12 and fixes at least the following security issues: fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPL...

7.8CVSS3.9AI score0.02417EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2021/01/29 5:15 p.m.5 views

CVE-2021-3347

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458...

7.8CVSS7.5AI score0.01377EPSS
Exploits1References22
CVE
CVE
added 2021/01/29 4:56 p.m.585 views

CVE-2021-3347

CVE-2021-3347 is a Linux kernel use-after-free in PI futex fault handling that could allow a local user to crash the kernel or escalate privileges. Multiple connected advisories confirm the issue and indicate fixes have been released across distributions (e.g., generic kernel updates and kernel l...

7.8CVSS7.5AI score0.01377EPSS
Exploits1References19Affected Software1
UbuntuCve
UbuntuCve
added 2021/01/29 12:0 a.m.50 views

CVE-2021-3347

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458...

7.8CVSS6.9AI score0.01377EPSS
Exploits1References6
seebug.org
seebug.org
added 2017/07/27 12:0 a.m.15 views

WebKit: JSC: Stack-Use-After-Free in ObjectPatternNode::appendEntry

Here's a snippet of ObjectPatternNode::appendEntry. void appendEntryconst JSTokenLocation&, ExpressionNode propertyExpression, DestructuringPatternNode pattern, ExpressionNode defaultValue, BindingType bindingType mtargetPatterns.appendEntry Identifier, propertyExpression, false, pattern,...

6.9AI score
Exploits0
Rows per page
Query Builder