6042 matches found
New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads
Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads. "The attackers managed to move laterally, establish persistence and remain undetected within the systems...
CVE-2024-44941
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to cover read extent cache access with lock syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in sanitycheckextentcache+0x370/0x410 fs/f2fs/extentcache.c:46 Read of size 4 at addr ffff8880739ab220 by...
CVE-2024-8140
A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack may be launched remotely. The...
CVE-2024-8140
A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack may be launched remotely. The...
CVE-2024-8140 SourceCodester Task Progress Tracker update-task.php cross site scripting
A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack may be launched remotely. The...
CVE-2024-8140 SourceCodester Task Progress Tracker update-task.php cross site scripting
A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack may be launched remotely. The...
CVE-2024-8140
CVE-2024-8140 affects SourceCodester Task Progress Tracker 1.0. The vulnerability is in the file update-task.php where manipulation of the parameter task_name enables Cross-Site Scripting (XSS) . Exploitation can be remote and the exploit has been disclosed publicly. Public sources consistently i...
SourceCodester Task Progress Tracker 跨站脚本漏洞
SourceCodester Task Progress Tracker is a task progress tracker from SourceCodester. A cross-site scripting vulnerability exists in version 1.0 of SourceCodester Task Progress Tracker, which stems from a cross-site scripting vulnerability in the taskname parameter of the update-task.php file...
PT-2024-38829 · Sourcecodester · Sourcecodester Task Progress Tracker
Name of the Vulnerable Software and Affected Versions: SourceCodester Task Progress Tracker version 1.0 Description: A vulnerability was found in the file update-task.php, where the manipulation of the task name argument leads to cross-site scripting. The attack may be launched remotely. The...
CVE-2022-48943
A hang vulnerability is possible in the Linux kernel in arch/x86/kvm/mmu/mmu.c. This issue may lead to compromised availability...
CVE-2022-48943
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvmarchcandequeueasyncpagepresent to determine whether to deliver a READY event to the Guest. This function te...
CVE-2022-48943
CVE-2022-48943: In the Linux kernel KVM x86/mmu code, a bug in asynchronous page-fault (APF) handling could cause a guest to hang by confusing a valid token with a zero value, potentially delaying or losing READY events. The fix ensures the APF token is non-zero, preventing misinterpretation of t...
CVE-2022-48943 KVM: x86/mmu: make apf token non-zero to fix bug
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvmarchcandequeueasyncpagepresent to determine whether to deliver a READY event to the Guest. This function te...
CVE-2022-48943 KVM: x86/mmu: make apf token non-zero to fix bug
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvmarchcandequeueasyncpagepresent to determine whether to deliver a READY event to the Guest. This function te...
SUSE CVE-2024-43869
In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via freeevent directly, this can potentially result in a leaked...
SUSE CVE-2024-43870
In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exit When a task is scheduled out, pending sigtrap deliveries are deferred to the target task upon resume to userspace via taskwork. However failures while adding an event's callback to the taskwork engi...
CVE-2022-48919 cifs: fix double free race when mount fails in cifs_get_root()
In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifsgetroot When cifsgetroot fails during cifssmb3domount we call deactivatelockedsuper which eventually will call delayedfree which will free the context. In this situation we shoul...
CVE-2022-48912 netfilter: fix use-after-free in __nf_register_net_hook()
In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in nfregisternethook We must not dereference @newhooks after nfhookmutex has been released, because other threads might have freed our allocated hooks already. BUG: KASAN: use-after-free in...
CVE-2022-48892
In the Linux kernel, the following vulnerability has been resolved: sched/core: Fix use-after-free bug in dupusercpusptr Since commit 07ec77a1d4e8 "sched: Allow task CPU affinity to be restricted on asymmetric systems", the setting and clearing of usercpusptr are done under pilock for arm64...
CVE-2022-48892
CVE-2022-48892 : Linux kernel sched/core fix for a use-after-free in dup_user_cpus_ptr(). The vulnerability existed due to dup_user_cpus_ptr() accessing user_cpus_ptr without proper locking, racing with fork() and the clearing of user_cpus_ptr during set_cpus_allowed_ptr_locked(), primarily affec...