Lucene search
K

6043 matches found

OSV
OSV
added 2024/07/30 8:15 a.m.4 views

AZL-54098 CVE-2024-42135 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: vhosttask: Handle SIGKILL by flushing work and exiting Instead of lingering until the device is closed, this has us handle SIGKILL by: 1. marking the worker as killed so we no longer try to use it with new virtqueues and new flus...

5.5CVSS5.6AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2024/07/30 8:15 a.m.2 views

DEBIAN-CVE-2024-42135

In the Linux kernel, the following vulnerability has been resolved: vhosttask: Handle SIGKILL by flushing work and exiting Instead of lingering until the device is closed, this has us handle SIGKILL by: 1. marking the worker as killed so we no longer try to use it with new virtqueues and new flus...

5.5CVSS5.1AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2024/07/30 8:15 a.m.16 views

CVE-2024-42103

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfsreclaimbgswork and adding to the unused list. Since the block group is removed from...

5.5CVSS0.00242EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a vulnerability in the vhosttask module that should be handled by marking a job as killed when a SIGKILL...

5.5CVSS6.3AI score0.00227EPSS
Exploits0References4
OSV
OSV
added 2024/07/29 3:15 p.m.7 views

AZL-57740 CVE-2024-41023 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix taskstruct reference leak During the execution of the following stress test with linux-rt: stress-ng --cyclic 30 --timeout 30 --minimize --quiet kmemleak frequently reported a memory leak concerning the...

5.5CVSS6.6AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 3:15 p.m.2 views

DEBIAN-CVE-2024-41023

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix taskstruct reference leak During the execution of the following stress test with linux-rt: stress-ng --cyclic 30 --timeout 30 --minimize --quiet kmemleak frequently reported a memory leak concerning the...

5.5CVSS6.1AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 3:15 p.m.1 views

UBUNTU-CVE-2024-41023

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix taskstruct reference leak During the execution of the following stress test with linux-rt: stress-ng --cyclic 30 --timeout 30 --minimize --quiet kmemleak frequently reported a memory leak concerning the...

5.5CVSS6.7AI score0.00272EPSS
Exploits0References15
Cvelist
Cvelist
added 2024/07/29 2:57 p.m.25 views

CVE-2024-41070 KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()

In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvmspaprtceattachiommugroup Al reported a possible use-after-free UAF in kvmspaprtceattachiommugroup. It looks up stt from tablefd, but then continues to use it after doing fdput on the returne...

0.00225EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/07/29 2:57 p.m.23 views

CVE-2024-41058 cachefiles: fix slab-use-after-free in fscache_withdraw_volume()

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscachewithdrawvolume We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: slab-use-after-free in...

7.1AI score0.00281EPSS
Exploits0References4
CVE
CVE
added 2024/07/29 2:32 p.m.113 views

CVE-2024-41050

CVE-2024-41050 (Linux kernel) affects the cachefiles subsystem, specifically the ondemand path handling of object reopening. The vulnerability arises from cyclic re-use of msg_id after a malicious reopen, which can cause a read request to remain unprocessed and lead to a hang. The root cause is r...

7.8CVSS6.5AI score0.00282EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/29 2:32 p.m.21 views

CVE-2024-41050 cachefiles: cyclic allocation of msg_id to avoid reuse

In the Linux kernel, the following vulnerability has been resolved: cachefiles: cyclic allocation of msgid to avoid reuse Reusing the msgid after a maliciously completed reopen request may cause a read request to remain unprocessed and result in a hung, as shown below: t1 | t2 | t3...

6.6AI score0.00282EPSS
Exploits0References4
Rapid7 Blog
Rapid7 Blog
added 2024/07/29 2:0 p.m.5 views

Key Takeaways From The Take Command Summit: Building Resilient Cyber Defenses Through AI

One of the most talked-about sessions at the Take Command 2024 Cybersecurity Virtual Summit,"Control the Chaos: Building Resilient Cyber Defenses Through AI," featured experts from AWS and Rapid7 exploring how artificial intelligence is transforming cybersecurity and sharing practical guidance on...

7.3AI score
Exploits0
vulnersOsv
vulnersOsv
added 2024/07/25 12:32 p.m.8 views

org.springframework.cloud.stream.app:spring-cloud-starter-stream-sink-task-launcher-dataflow (>=1.0.0.RELEASE <=1.0.2.RELEASE), org.springframework.cloud.stream.app:spring-cloud-stream-app-starters-docs (>=Einstein.RELEASE <=Einstein.SR5) +46 more potentially affected by CVE-2024-37084 via org.springframework.cloud:spring-cloud-skipper (>=1.0.0.RELEASE <=2.11.3)

org.springframework.cloud:spring-cloud-skipper MAVEN version =1.0.0.RELEASE, =1.0.0.RELEASE, =Einstein.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =1.1.1.RELEASE, =Clark.SR1, =2.11.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =1.6.0.RELEASE, =2.0.0.RELEASE, =2.11.3 -...

9.8CVSS5.8AI score0.35211EPSS
Exploits4
OSV
OSV
added 2024/07/25 6:15 a.m.4 views

CVE-2024-6972

In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...

6.5CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2024/07/25 5:16 a.m.28 views

CVE-2024-6972

In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...

6.5CVSS0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/25 5:16 a.m.12 views

CVE-2024-6972

In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...

6.5CVSS6.8AI score0.00228EPSS
Exploits0References1
CVE
CVE
added 2024/07/25 5:16 a.m.55 views

CVE-2024-6972

CVE-2024-6972 affects Octopus Server. Under certain circumstances, sensitive variables can be printed in clear-text in task logs. The CVSS v3.1 base score is 6.5 (MEDIUM) with high impact on confidentiality; exploitation requires no user interaction but does not require network access (attack vec...

6.5CVSS6.8AI score0.00228EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.6 views

PT-2024-38011 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue allows sensitive variables to be printed in the task log in clear-text under certain circumstances. Recommendations: At the moment, there is no information about a newer...

6.5CVSS6AI score0.00228EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/07/25 12:0 a.m.5 views

Octopus Server 安全漏洞

Octopus Server is a deployment automation and release management tool for continuous delivery from Octopus Australia. A security vulnerability exists in Octopus Server that stems from the fact that under certain circumstances, sensitive variables may be printed in plaintext in the task log...

6.5CVSS6.7AI score0.00228EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/07/22 12:0 a.m.4 views

The vulnerability of the PAM system for JumpServer is related to incorrect restrictions on the path name to the restricted directory. This allows a intruder to gain unauthorized access to read any files in the Celery container.

The vulnerability of the PAM system for privileged access control in JumpServer is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized read access to arbitrary files i...

7.7CVSS8.1AI score0.00861EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder