CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

106 matches found

Debian CVE•added 2024/02/28 8:13 a.m.•16 views

CVE-2021-46996

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix a memleak from userdata error path in new objects Release object name if userdata allocation fails...

5.5CVSS6.1AI score0.00036EPSS

Exploits0

SUSE CVE•added 2023/02/15 4:0 a.m.•1 views

SUSE CVE-2020-10236

An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of createUserdataConf in...

6.1CVSS5.8AI score0.00139EPSS

Exploits0References3

Veracode•added 2022/12/28 8:38 a.m.•19 views

Denial Of Service (DoS)

github.com/ecnepsnai/web is vulnerable to denial of service. The vulnerability exists in the socketHandler function in websocket.go because the AuthenticateMethod is not called, and UserData will be nil in request methods which will attempt to read the UserDataand may result in a panic...

9.8CVSS3.5AI score0.00454EPSS

Exploits1References3Affected Software1

Github Security Blog•added 2022/12/28 12:30 a.m.•15 views

Duplicate Advisory: ecnepsnai/web vulnerable to Uncontrolled Resource Consumption

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gjg-jgh4-gppm. This link is maintained to preserve external references. Original Description Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if t...

9.8CVSS8.2AI score0.00454EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2022/06/30 12:0 a.m.•2 views

PT-2022-10670 · Myadmin · Myadmin

Name of the Vulnerable Software and Affected Versions: MyAdmin version 1.0 Description: The issue is related to an incorrect access control vulnerability in viewing the personal center. This vulnerability is exploited through the "/api/user/userData" endpoint, specifically when the userCode is se...

4.9CVSS4.9AI score0.00275EPSS

Exploits1References4

Github Security Blog•added 2022/05/24 7:7 p.m.•14 views

Xen Orchestra Mishandles Authorization

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

4.3CVSS6.7AI score0.0015EPSS

Exploits1References3Affected Software2

OSV•added 2021/06/23 5:26 p.m.•12 views

GHSA-5GJG-JGH4-GPPM Websocket requests did not call AuthenticateMethod

Impact Depending on implementation, a denial-of-service or privilege escalation vulnerability may occur in software that uses the github.com/ecnepsnai/web package with Web Sockets that have an AuthenticateMethod. The AuthenticateMethod is not called, and UserData will be nil in request methods...

9.8CVSS9.7AI score0.00454EPSS

Exploits1References5

Kitploit•added 2021/06/19 9:30 p.m.•176 views

FalconEye - Real-time detection software for Windows process injections

FalconEye is a windows endpoint detection software for real-time process injections. It is a kernel-mode driver that aims to catch process injections as they are happening real-time. Since FalconEye runs in kernel mode, it provides a stronger and reliable defense against process injection...

7.5AI score

Exploits0References11

OSV•added 2021/05/31 3:39 p.m.•11 views

UVI-2021-1000327 netfilter: nftables: Fix a memleak from userdata error path in new objects

netfilter: nftables: Fix a memleak from userdata error path in new objects This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.38 by commit...

7.2AI score

Exploits0

Positive Technologies•added 2021/05/05 12:0 a.m.•1 views

PT-2024-11101 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been resolved in the Linux kernel, specifically in the netfilter: nftables component. The issue occurred when userdata allocation failed in the error path of ne...

5.5CVSS8.3AI score0.00036EPSS

Exploits0References20

OSV•added 2020/06/05 12:15 a.m.•0 views

CVE-2020-13843

An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 June 2020...

5.5CVSS6.1AI score0.00015EPSS

Exploits0References1