Lucene search
K

6042 matches found

The Hacker News
The Hacker News
added 2024/08/30 6:17 a.m.18 views

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads

Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads. "The attackers managed to move laterally, establish persistence and remain undetected within the systems...

8.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2024/08/26 12:15 p.m.17 views

CVE-2024-44941

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to cover read extent cache access with lock syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in sanitycheckextentcache+0x370/0x410 fs/f2fs/extentcache.c:46 Read of size 4 at addr ffff8880739ab220 by...

7.8CVSS6.6AI score0.00213EPSS
Exploits0References10
NVD
NVD
added 2024/08/25 2:15 a.m.51 views

CVE-2024-8140

A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack may be launched remotely. The...

5.4CVSS0.00371EPSS
Exploits1References5
OSV
OSV
added 2024/08/25 2:15 a.m.4 views

CVE-2024-8140

A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack may be launched remotely. The...

5.4CVSS3.8AI score0.00371EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/08/25 1:31 a.m.37 views

CVE-2024-8140 SourceCodester Task Progress Tracker update-task.php cross site scripting

A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack may be launched remotely. The...

5.3CVSS0.00371EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/08/25 1:31 a.m.12 views

CVE-2024-8140 SourceCodester Task Progress Tracker update-task.php cross site scripting

A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack may be launched remotely. The...

5.3CVSS6.2AI score0.00371EPSS
Exploits1References5
CVE
CVE
added 2024/08/25 1:31 a.m.66 views

CVE-2024-8140

CVE-2024-8140 affects SourceCodester Task Progress Tracker 1.0. The vulnerability is in the file update-task.php where manipulation of the parameter task_name enables Cross-Site Scripting (XSS) . Exploitation can be remote and the exploit has been disclosed publicly. Public sources consistently i...

5.4CVSS3.8AI score0.00371EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2024/08/25 12:0 a.m.4 views

SourceCodester Task Progress Tracker 跨站脚本漏洞

SourceCodester Task Progress Tracker is a task progress tracker from SourceCodester. A cross-site scripting vulnerability exists in version 1.0 of SourceCodester Task Progress Tracker, which stems from a cross-site scripting vulnerability in the taskname parameter of the update-task.php file...

5.4CVSS4.5AI score0.00371EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/08/24 12:0 a.m.5 views

PT-2024-38829 · Sourcecodester · Sourcecodester Task Progress Tracker

Name of the Vulnerable Software and Affected Versions: SourceCodester Task Progress Tracker version 1.0 Description: A vulnerability was found in the file update-task.php, where the manipulation of the task name argument leads to cross-site scripting. The attack may be launched remotely. The...

5.4CVSS6.9AI score0.00371EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2024/08/22 3:16 p.m.12 views

CVE-2022-48943

A hang vulnerability is possible in the Linux kernel in arch/x86/kvm/mmu/mmu.c. This issue may lead to compromised availability...

5.5CVSS7AI score0.00244EPSS
Exploits0References4
NVD
NVD
added 2024/08/22 4:15 a.m.23 views

CVE-2022-48943

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvmarchcandequeueasyncpagepresent to determine whether to deliver a READY event to the Guest. This function te...

7.8CVSS0.00244EPSS
Exploits0References4
CVE
CVE
added 2024/08/22 3:30 a.m.170 views

CVE-2022-48943

CVE-2022-48943: In the Linux kernel KVM x86/mmu code, a bug in asynchronous page-fault (APF) handling could cause a guest to hang by confusing a valid token with a zero value, potentially delaying or losing READY events. The fix ensures the APF token is non-zero, preventing misinterpretation of t...

7.8CVSS6.8AI score0.00244EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/08/22 3:30 a.m.20 views

CVE-2022-48943 KVM: x86/mmu: make apf token non-zero to fix bug

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvmarchcandequeueasyncpagepresent to determine whether to deliver a READY event to the Guest. This function te...

7.8CVSS6AI score0.00244EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/08/22 3:30 a.m.25 views

CVE-2022-48943 KVM: x86/mmu: make apf token non-zero to fix bug

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvmarchcandequeueasyncpagepresent to determine whether to deliver a READY event to the Guest. This function te...

0.00244EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/08/22 2:58 a.m.3 views

SUSE CVE-2024-43869

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via freeevent directly, this can potentially result in a leaked...

5.5CVSS7.2AI score0.0021EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2024/08/22 2:58 a.m.3 views

SUSE CVE-2024-43870

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exit When a task is scheduled out, pending sigtrap deliveries are deferred to the target task upon resume to userspace via taskwork. However failures while adding an event's callback to the taskwork engi...

5.5CVSS6.3AI score0.0021EPSS
Exploits0References11
Cvelist
Cvelist
added 2024/08/22 1:32 a.m.24 views

CVE-2022-48919 cifs: fix double free race when mount fails in cifs_get_root()

In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifsgetroot When cifsgetroot fails during cifssmb3domount we call deactivatelockedsuper which eventually will call delayedfree which will free the context. In this situation we shoul...

0.00224EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/22 1:31 a.m.23 views

CVE-2022-48912 netfilter: fix use-after-free in __nf_register_net_hook()

In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in nfregisternethook We must not dereference @newhooks after nfhookmutex has been released, because other threads might have freed our allocated hooks already. BUG: KASAN: use-after-free in...

0.00227EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2024/08/21 7:15 a.m.16 views

CVE-2022-48892

In the Linux kernel, the following vulnerability has been resolved: sched/core: Fix use-after-free bug in dupusercpusptr Since commit 07ec77a1d4e8 "sched: Allow task CPU affinity to be restricted on asymmetric systems", the setting and clearing of usercpusptr are done under pilock for arm64...

7.8CVSS6.5AI score0.00249EPSS
Exploits0References5
CVE
CVE
added 2024/08/21 6:10 a.m.72 views

CVE-2022-48892

CVE-2022-48892 : Linux kernel sched/core fix for a use-after-free in dup_user_cpus_ptr(). The vulnerability existed due to dup_user_cpus_ptr() accessing user_cpus_ptr without proper locking, racing with fork() and the clearing of user_cpus_ptr during set_cpus_allowed_ptr_locked(), primarily affec...

7.8CVSS6.5AI score0.00249EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder