Lucene search
+L

39 matches found

Amazon
Amazon
added 2022/11/09 12:0 a.m.4 views

Medium: kernel

Issue Overview: drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stexqueuecommandlck lacks a memset for the PASSTHRUCMD case. CVE-2022-40768 Affected Packages: kernel Note: This advisory is applicable to Amazon...

7.5CVSS6.1AI score0.21314EPSS
Exploits0
Amazon
Amazon
added 2022/11/09 12:0 a.m.8 views

Important: kernel

Issue Overview: A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function securityinodealloc to fail with following call to function nilfsmdtdestroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the...

7.8CVSS5.3AI score0.01218EPSS
Exploits0
Mageia
Mageia
added 2022/10/23 8:35 p.m.77 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.74 and fixes at least the following security issues: A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root host user-level application to crash the host kernel by creating a confidential guest VM...

8.8CVSS8AI score0.03763EPSS
Exploits8References10
BDU FSTEC
BDU FSTEC
added 2022/10/03 12:0 a.m.6 views

The vulnerability of the stex_queuecommand_lck() function in Linux operating systems allows a hacker to gain unauthorized access to protected information.

The vulnerability of the stexqueuecommandlck function in Linux operating systems is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

5.5CVSS6.6AI score0.0028EPSS
Exploits0References22Affected Software4
Microsoft CVE
Microsoft CVE
added 2022/09/22 7:0 a.m.4 views

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

...

5.5CVSS7.1AI score0.0028EPSS
Exploits0
OSV
OSV
added 2022/09/18 5:15 a.m.1 views

DEBIAN-CVE-2022-40768

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stexqueuecommandlck lacks a memset for the PASSTHRUCMD case...

5.5CVSS6.2AI score0.0028EPSS
Exploits0References1
OSV
OSV
added 2022/09/18 5:15 a.m.8 views

AZL-10978 CVE-2022-40768 affecting package kernel for versions less than 5.15.82.1-1

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stexqueuecommandlck lacks a memset for the PASSTHRUCMD case...

5.5CVSS6.7AI score0.0028EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/18 5:15 a.m.2 views

CVE-2022-40768

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stexqueuecommandlck lacks a memset for the PASSTHRUCMD case...

5.5CVSS5.8AI score0.0028EPSS
Exploits0References14
OSV
OSV
added 2022/09/18 5:15 a.m.8 views

UBUNTU-CVE-2022-40768

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stexqueuecommandlck lacks a memset for the PASSTHRUCMD case...

5.5CVSS6.7AI score0.0028EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2022/09/08 12:0 a.m.10 views

PT-2022-4893 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.19.9 Description: The issue is related to the stex queuecommand lck function in the Linux kernel, which is associated with the disclosure of information in an error data area. This can allow an attacker to gain...

9.8CVSS6.9AI score0.67994EPSS
Exploits224References1759
CNVD
CNVD
added 2020/04/27 12:0 a.m.5 views

Logic Flaw Vulnerability in STeX Exchange ICO

The STeX Exchange ICO STE is an Ether-based digital currency. An integer overflow vulnerability exists in the 'sell' function in STE's smart contract implementation. An attacker could exploit this vulnerability to prevent the seller from accessing the assets due to the exchange...

7.1AI score
Exploits0
NVD
NVD
added 2018/07/16 2:29 a.m.19 views

CVE-2018-14088

An issue was discovered in a smart contract implementation for STeX White List STEWL, an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the "amount 1000000000000000" will cause an integer overflow in withdrawToFounders...

9.8CVSS9.6AI score0.01295EPSS
Exploits1References1
Prion
Prion
added 2018/07/16 2:29 a.m.13 views

Integer overflow

An issue was discovered in a smart contract implementation for STeX White List STEWL, an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the "amount 1000000000000000" will cause an integer overflow in withdrawToFounders...

7.5CVSS9.4AI score0.01295EPSS
Exploits1References1
CVE
CVE
added 2018/07/16 2:0 a.m.41 views

CVE-2018-14088

The CVE-2018-14088 issue affects the STeX White List (STE(WL)) Ethereum token smart contract. A vulnerability in withdrawToFounders() arises from an integer overflow when the owner sets amount to a large value, causing amount * 1000000000000000 to overflow. The available sources confirm the overf...

9.8CVSS9.4AI score0.01295EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/07/16 12:0 a.m.5 views

STeX White List Integer Overflow Vulnerability

STeX White List STEWL is an Ether-based digital currency. An integer overflow vulnerability exists in the 'withdrawToFounders' function in the smart contract implementation of STEWL. No detailed vulnerability details are provided at this time...

9.8CVSS9.6AI score0.01295EPSS
Exploits1References1
NVD
NVD
added 2018/07/05 2:29 a.m.11 views

CVE-2018-13198

The sell function of a smart contract implementation for STeX Exchange ICO STE, an Ethereum token, has an integer overflow in which "amount sellPrice" can be zero, consequently reducing a seller's assets...

7.5CVSS7.7AI score0.00988EPSS
Exploits0References2
Prion
Prion
added 2018/07/05 2:29 a.m.19 views

Integer overflow

The sell function of a smart contract implementation for STeX Exchange ICO STE, an Ethereum token, has an integer overflow in which "amount sellPrice" can be zero, consequently reducing a seller's assets...

5CVSS7.7AI score0.00988EPSS
Exploits0References2
CVE
CVE
added 2018/07/05 2:0 a.m.40 views

CVE-2018-13198

The CVE-2018-13198 entry concerns a smart contract vulnerability in the STeX Exchange ICO (STE) on Ethereum. The issue is an integer overflow in the sell function, where multiplication of amount by sellPrice can result in zero, thereby reducing a seller’s assets. Documents confirm the affected co...

7.5CVSS7.7AI score0.00988EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/07/05 2:0 a.m.20 views

CVE-2018-13198

The sell function of a smart contract implementation for STeX Exchange ICO STE, an Ethereum token, has an integer overflow in which "amount sellPrice" can be zero, consequently reducing a seller's assets...

7.7AI score0.00988EPSS
Exploits0References2
Rows per page
Query Builder