Lucene search
K

6039 matches found

Cvelist
Cvelist
added 2024/05/21 3:22 p.m.26 views

CVE-2023-52705 nilfs2: fix underflow in second superblock position calculations

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix underflow in second superblock position calculations Macro NILFSSB2OFFSETBYTES, which computes the position of the second superblock, underflows when the argument device size is less than 4096 bytes. Therefore, when...

6.4AI score0.00254EPSS
Exploits0References7
OSV
OSV
added 2024/05/21 3:15 p.m.3 views

UBUNTU-CVE-2021-47427

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix iscsitask use after free Commit d39df158518c "scsi: iscsi: Have abort handler get ref to conn" added iscsigetconn/iscsiputconn calls during abort handling but then also changed the handling of the case where we...

7.8CVSS5.7AI score0.00217EPSS
Exploits0References5
CVE
CVE
added 2024/05/21 2:35 p.m.73 views

CVE-2021-47341

CVE-2021-47341 concerns the Linux kernel KVM mmio path, where a use-after-free flaw in kvm_vm_ioctl_unregister_coalesced_mmio could enable a flawed memory read (8 bytes) via a read access after the object is freed. The issue is in the ARM64 KVM coalesced_mmio code path and Trace shows a use-after...

7.8CVSS6.8AI score0.00252EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/05/21 2:35 p.m.85 views

CVE-2021-47309

CVE-2021-47309 affects the Linux kernel's net/tunnel code: skb_tunnel_info() may return a pointer to lwtstate->data without validating its type, risking out-of-bounds reads such as during VXLAN routing. Connected advisories (SUSE-SU-2024:2561-1 and related OSV/Nessus entries) confirm the fix i...

7.1CVSS6.7AI score0.00247EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2024/05/21 2:35 p.m.22 views

CVE-2021-47309

In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate-data before returning from skbtunnelinfo skbtunnelinfo returns pointer of lwtstate-data as iptunnelinfo type without validation. lwtstate-data can have various types such as mplsiptunnelencap, etc and these...

7.1CVSS6.2AI score0.00247EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/05/21 2:35 p.m.12 views

CVE-2021-47299 xdp, net: Fix use-after-free in bpf_xdp_link_release

In the Linux kernel, the following vulnerability has been resolved: xdp, net: Fix use-after-free in bpfxdplinkrelease The problem occurs between devgetbyindex and devxdpattachlink. At this point, devxdpuninstall is called. Then xdp link will not be detached automatically when dev is released. But...

6.7AI score0.00226EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/05/21 2:19 p.m.14 views

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users

A new attack campaign dubbed CLOUDREVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. "The VBScript and PowerShell scripts in the CLOUDREVERSER inherently involves command-and-control-like activities by using Google...

6.7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2024/05/21 1:58 a.m.6 views

SUSE CVE-2024-35988

In the Linux kernel, the following vulnerability has been resolved: riscv: Fix TASKSIZE on 64-bit NOMMU On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of TASKSIZE is wrong if any RAM exists above 4G, causing spurious failures in the userspace access...

5.5CVSS6.6AI score0.00212EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/21 12:0 a.m.6 views

PT-2024-11234 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises when the XRSTOR instruction fails with a PF exception but still modifies the register state, which is considered architecturally valid by both Intel and AMD. This migh...

7.1CVSS8.6AI score0.00222EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/05/21 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which can be exploited by an attacker to cause a portion of the FPU state that the fpurestoresig function attempts to load ...

7.1CVSS5.9AI score0.00222EPSS
Exploits0References5
NVD
NVD
added 2024/05/20 10:15 a.m.28 views

CVE-2024-35997

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2CHIDREADPENDING flag to prevent lock-up The flag I2CHIDREADPENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantl...

5.5CVSS5.3AI score0.00177EPSS
Exploits0References11
NVD
NVD
added 2024/05/20 10:15 a.m.16 views

CVE-2024-35991

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue drainworkqueue cannot be called safely in a spinlocked context due to possible task rescheduling. In the multi-task scenario, calling queuework while drainworkqueue...

5.5CVSS6.4AI score0.00164EPSS
Exploits0References3
OSV
OSV
added 2024/05/20 10:15 a.m.1 views

DEBIAN-CVE-2024-35988

In the Linux kernel, the following vulnerability has been resolved: riscv: Fix TASKSIZE on 64-bit NOMMU On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of TASKSIZE is wrong if any RAM exists above 4G, causing spurious failures in the userspace access...

5.5CVSS5.5AI score0.00212EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/05/20 10:15 a.m.22 views

CVE-2024-35991

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue drainworkqueue cannot be called safely in a spinlocked context due to possible task rescheduling. In the multi-task scenario, calling queuework while drainworkqueue...

5.5CVSS6.3AI score0.00164EPSS
Exploits0References10
OSV
OSV
added 2024/05/20 10:15 a.m.1 views

UBUNTU-CVE-2024-35988

In the Linux kernel, the following vulnerability has been resolved: riscv: Fix TASKSIZE on 64-bit NOMMU On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of TASKSIZE is wrong if any RAM exists above 4G, causing spurious failures in the userspace access...

5.5CVSS6.1AI score0.00212EPSS
Exploits0References22
CVE
CVE
added 2024/05/20 9:47 a.m.163 views

CVE-2024-35991

CVE-2024-35991: In the Linux kernel, idxd dmaengine code changed from a spinlock-protected event log workqueue to a mutex-protected approach to safely call drain_workqueue(). The root cause was calling drain_workqueue() while holding a spinlock, risking a Call Trace due to possible task reschedul...

5.5CVSS6.6AI score0.00164EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/05/20 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of more than 4G of RAM, where the current definition of TASKSIZE is incorrect, leading to...

5.5CVSS6.5AI score0.00212EPSS
Exploits0References9
NVD
NVD
added 2024/05/17 11:15 p.m.17 views

CVE-2024-23583

An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems...

6.7CVSS6.5AI score0.00157EPSS
Exploits0References1
OSV
OSV
added 2024/05/17 11:15 p.m.4 views

CVE-2024-23583

An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems...

6.7CVSS5.8AI score0.00157EPSS
Exploits0References1
CVE
CVE
added 2024/05/17 11:6 p.m.59 views

CVE-2024-23583

CVE-2024-23583 affects HCL BigFix Platform, specifically the Windows Client Deploy Tool, with root cause described as insufficiently protected credentials. The vulnerability could allow an attacker to intercept credentials via Task Manager and gain unauthorized access to the Client Deploy Tool on...

6.7CVSS6.8AI score0.00157EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder