Lucene search
K

6039 matches found

The Hacker News
The Hacker News
added 2024/08/10 2:30 p.m.40 views

New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions

An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software. "The trojan malware contains different deliverables ranging from simple adware extensions that hijack...

7.2AI score
Exploits0
CVE
CVE
added 2024/08/09 2:21 p.m.73 views

CVE-2024-29831

CVE-2024-29831 relates to an improper input validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed JavaScript to be executed on the server, potentially enabling remote code execution. Affected: DolphinScheduler; remediation guidance consistentl...

8.8CVSS6.4AI score0.01175EPSS
Exploits0References2Affected Software1
Veeam
Veeam
added 2024/08/09 12:0 a.m.21 views

Hyper-V SureBackup Task Failure: "VM was created with the later version of Hyper-V than the one installed on host"

Challenge A task within a SureBackup job for a Hyper-V environment fails with the error: Error: VM was created with the later version of Hyper-V than the one installed on host Cause This error occurs when the Virtual Lab in use by the SureBackup job is located on a host that is running a version ...

7AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/08/08 4:53 a.m.7 views

kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats

A vulnerability was found in the dotaskstat function in the Linux kernel, where due to excessive lock contention, a potential hard lockup could be created. This can create a performance bottleneck and lead to kernel unresponsiveness...

5.5CVSS7.1AI score0.00213EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/08 4:53 a.m.8 views

kernel: block: fix overflow in blk_ioctl_discard()

In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blkioctldiscard There is no check for overflow of 'start + len' in blkioctldiscard. Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len = 0x8000000000fff000...

5.5CVSS6.8AI score0.00225EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/08 4:44 a.m.2 views

kernel: block: fix overflow in blk_ioctl_discard()

In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blkioctldiscard There is no check for overflow of 'start + len' in blkioctldiscard. Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len = 0x8000000000fff000...

5.5CVSS6.8AI score0.00225EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/08/07 6:30 p.m.23 views

Pulp incorrectly assigns RBAC permissions in tasks that create objects

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

8.3CVSS6.4AI score0.0061EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/08/07 6:30 p.m.16 views

GHSA-9M5J-4XX9-44J9 Pulp incorrectly assigns RBAC permissions in tasks that create objects

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

8.6CVSS6.9AI score0.0061EPSS
Exploits0References7
OSV
OSV
added 2024/08/07 5:15 p.m.1 views

CVE-2024-7143

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

8.3CVSS5.8AI score0.0061EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2024/08/07 5:15 p.m.5 views

CVE-2024-7143

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

8.3CVSS5.8AI score0.0061EPSS
Exploits0References6
NVD
NVD
added 2024/08/07 5:15 p.m.24 views

CVE-2024-7143

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

8.3CVSS0.0061EPSS
Exploits0References6
CVE
CVE
added 2024/08/07 4:49 p.m.82 views

CVE-2024-7143

CVE-2024-7143 – Affected: Pulp RBAC object creation using AutoAddObjPermsMixin; root cause is that the system determines the object creator from the current authenticated user, which on tasks is inherited from the oldest user with task permissions. As a result, permissions on objects created with...

8.3CVSS6.4AI score0.0061EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/08/07 4:15 p.m.2 views

DEBIAN-CVE-2024-42245

In the Linux kernel, the following vulnerability has been resolved: Revert "sched/fair: Make sure to try to detach at least one movable task" This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06. b0defa7ae03ec changed the load balancing logic to ignore env.maxloop if all tasks examined to...

5.5CVSS5.8AI score0.00166EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/08/07 3:14 p.m.15 views

CVE-2024-42245

In the Linux kernel, the following vulnerability has been resolved: Revert "sched/fair: Make sure to try to detach at least one movable task" This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06. b0defa7ae03ec changed the load balancing logic to ignore env.maxloop if all tasks examined to...

5.5CVSS5.8AI score0.00166EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/07 12:0 a.m.4 views

PT-2024-38106

Name of the Vulnerable Software and Affected Versions Pulp affected versions not specified Description A flaw was found in the Pulp package related to role-based access control RBAC objects. When an RBAC object is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin,...

8.6CVSS6.8AI score0.0061EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2024/08/06 1:59 a.m.2 views

SUSE CVE-2024-42135

In the Linux kernel, the following vulnerability has been resolved: vhosttask: Handle SIGKILL by flushing work and exiting Instead of lingering until the device is closed, this has us handle SIGKILL by: 1. marking the worker as killed so we no longer try to use it with new virtqueues and new flus...

5.5CVSS7.7AI score0.00227EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/07/31 9:14 a.m.25 views

CVE-2024-41050

In the Linux kernel, the following vulnerability has been resolved: cachefiles: cyclic allocation of msgid to avoid reuse Reusing the msgid after a maliciously completed reopen request may cause a read request to remain unprocessed and result in a hung, as shown below: t1 | t2 | t3...

4.7CVSS7.3AI score0.00282EPSS
Exploits0References4
OSV
OSV
added 2024/07/30 8:15 a.m.4 views

AZL-54098 CVE-2024-42135 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: vhosttask: Handle SIGKILL by flushing work and exiting Instead of lingering until the device is closed, this has us handle SIGKILL by: 1. marking the worker as killed so we no longer try to use it with new virtqueues and new flus...

5.5CVSS5.6AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2024/07/30 8:15 a.m.2 views

DEBIAN-CVE-2024-42135

In the Linux kernel, the following vulnerability has been resolved: vhosttask: Handle SIGKILL by flushing work and exiting Instead of lingering until the device is closed, this has us handle SIGKILL by: 1. marking the worker as killed so we no longer try to use it with new virtqueues and new flus...

5.5CVSS5.1AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2024/07/30 8:15 a.m.16 views

CVE-2024-42103

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfsreclaimbgswork and adding to the unused list. Since the block group is removed from...

5.5CVSS0.00242EPSS
Exploits0References6
Rows per page
Query Builder