Lucene search
K

165 matches found

RedHat Linux
RedHat Linux
added 2021/03/02 9:2 p.m.5 views

grub2: Use-after-free in rmmod command

A flaw was found in grub2. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The...

8.2CVSS5.9AI score0.01152EPSS
Exploits0References4
OSV
OSV
added 2021/02/16 7:36 a.m.14 views

ALBA-2021:0561 kmod bug fix and enhancement update

The kmod packages provide various programs needed for automatic loading and unloading of modules under 2.6, 3.x, and later kernels, as well as other module management programs. Bug Fixes and Enhancements: Symbolic links are not created after applying an errata kernel BZ1915253...

7.2AI score
Exploits0
AlmaLinux
AlmaLinux
added 2021/02/16 7:36 a.m.17 views

kmod bug fix and enhancement update

The kmod packages provide various programs needed for automatic loading and unloading of modules under 2.6, 3.x, and later kernels, as well as other module management programs. Bug Fixes and Enhancements: Symbolic links are not created after applying an errata kernel BZ1915253...

1.9AI score
Exploits0
PyPA
PyPA
added 2020/10/28 5:15 p.m.7 views

PYSEC-2020-267

Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By...

7.7CVSS7AI score0.01065EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/23 12:42 p.m.34 views

Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management

Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2019-18806 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the qlalloclargebuffers function in...

5.5CVSS0.2AI score0.00348EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/09/15 7:15 p.m.21 views

CVE-2020-15172

The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with unload act can render this exploi...

8.8CVSS0.01825EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/09/15 6:45 p.m.23 views

CVE-2020-15172 Remote Code Execution in Act module

The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with unload act can render this exploi...

8.7CVSS8.9AI score0.01825EPSS
Exploits0References2
OSV
OSV
added 2020/05/12 7:25 p.m.5 views

USN-4355-1 pulseaudio vulnerability

PulseAudio in Ubuntu contains additional functionality to mediate audio recording for snap packages and it was discovered that this functionality did not mediate PulseAudio module unloading. An attacker-controlled snap with only the audio-playback interface connected could exploit this to bypass...

3.3CVSS5.8AI score0.0033EPSS
Exploits0References3
OSV
OSV
added 2020/05/05 6:15 a.m.1 views

DEBIAN-CVE-2020-12656

gssmechfree in net/sunrpc/authgss/gssmechswitch.c in the rpcsecgsskrb5 implementation in the Linux kernel through 5.6.10 lacks certain domainrelease calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a...

5.5CVSS6.5AI score0.00334EPSS
Exploits0References1
OSV
OSV
added 2020/05/05 6:15 a.m.7 views

CVE-2020-12656

gssmechfree in net/sunrpc/authgss/gssmechswitch.c in the rpcsecgsskrb5 implementation in the Linux kernel through 5.6.10 lacks certain domainrelease calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a...

5.5CVSS7.1AI score0.00334EPSS
Exploits0References5
OSV
OSV
added 2020/05/05 6:15 a.m.3 views

UBUNTU-CVE-2020-12656

gssmechfree in net/sunrpc/authgss/gssmechswitch.c in the rpcsecgsskrb5 implementation in the Linux kernel through 5.6.10 lacks certain domainrelease calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a...

5.5CVSS6.7AI score0.00334EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/05/04 12:0 a.m.27 views

PT-2020-3071 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.10 Description: The issue is related to a memory leak in the Linux kernel's rpcsec gss krb5 implementation, specifically in the gss mech free function. This leak occurs when unloading a specific kernel module...

10CVSS6AI score0.78684EPSS
Exploits171References2238
OSV
OSV
added 2020/04/16 12:0 a.m.3 views

UBUNTU-CVE-2020-11931

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue...

3.3CVSS5.8AI score0.0033EPSS
Exploits0References4
Veracode
Veracode
added 2020/04/10 12:50 a.m.28 views

Denial Of Service (DoS)

SystemTap is vulnerable to denial of service DoS.It is possible because staprun did not check if the module to be unloaded was previously loaded by SystemTap. A local, unprivileged user could use this flaw to unload an arbitrary kernel module that was not in use...

2.1CVSS3.9AI score0.00396EPSS
Exploits0References18Affected Software1
OSV
OSV
added 2019/07/31 10:15 p.m.35 views

UBUNTU-CVE-2019-10186

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey CSRF token was not being utilised by the XML loading/unloading admin tool...

8.8CVSS6.7AI score0.01093EPSS
Exploits0References4
Cvelist
Cvelist
added 2019/07/31 9:40 p.m.37 views

CVE-2019-10186

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey CSRF token was not being utilised by the XML loading/unloading admin tool...

6.5CVSS8.8AI score0.01093EPSS
Exploits0References3
NVD
NVD
added 2019/06/14 5:29 p.m.37 views

CVE-2018-11947

The txrx stats req might be double freed in the pdev detach when the host driver is unloading in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and...

5.5CVSS6.5AI score0.00195EPSS
Exploits0References1
n0where
n0where
added 2018/07/10 6:24 p.m.34 views

Query Windows Machine for RAM Artifacts: memtriage

Allows you to quickly query a live Windows machine for RAM artifacts. This tool utilizes the Winpmem drivers to access physical memory, and Volatility for analysis. Caveats: Doesn’t work with Device Guard enabled. Should be tested on machines before deploying. Example Usage usage: memtriage.exe -...

6.9AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/09/15 7:39 a.m.9 views

kernel: compat IPT_SO_SET_REPLACE setsockopt

A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled wit...

7.8CVSS7.2AI score0.05676EPSS
Exploits10References4
RedHat Linux
RedHat Linux
added 2016/09/15 7:38 a.m.9 views

kernel: compat IPT_SO_SET_REPLACE setsockopt

A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled wit...

7.8CVSS7.2AI score0.05676EPSS
Exploits10References4
Rows per page
Query Builder