A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.
Max CVSS
4.7
EPSS Score
0.04%
Published
2023-09-28
Updated
2023-10-24
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
Max CVSS
4.3
EPSS Score
0.09%
Published
2023-08-11
Updated
2023-12-20
A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.
Max CVSS
4.4
EPSS Score
0.05%
Published
2023-10-09
Updated
2024-01-11
A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.
Max CVSS
4.7
EPSS Score
0.04%
Published
2023-11-16
Updated
2024-02-08
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
Max CVSS
4.3
EPSS Score
0.11%
Published
2023-11-16
Updated
2024-01-11
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
Max CVSS
4.8
EPSS Score
0.05%
Published
2024-01-03
Updated
2024-02-23
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Max CVSS
4.4
EPSS Score
0.12%
Published
2023-12-10
Updated
2024-01-25
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
Max CVSS
4.3
EPSS Score
0.18%
Published
2023-12-10
Updated
2024-01-25
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
Max CVSS
4.7
EPSS Score
0.05%
Published
2023-10-25
Updated
2024-01-31
A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.
Max CVSS
4.7
EPSS Score
0.04%
Published
2023-10-03
Updated
2024-01-25
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.
Max CVSS
4.5
EPSS Score
0.06%
Published
2023-11-06
Updated
2024-02-23
A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.
Max CVSS
4.6
EPSS Score
0.05%
Published
2023-07-31
Updated
2023-08-04
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.
Max CVSS
4.4
EPSS Score
0.04%
Published
2023-06-23
Updated
2024-01-11
A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.
Max CVSS
4.4
EPSS Score
0.05%
Published
2023-04-24
Updated
2023-05-04
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
Max CVSS
4.3
EPSS Score
0.09%
Published
2022-05-18
Updated
2022-12-21
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
Max CVSS
4.9
EPSS Score
0.13%
Published
2022-09-01
Updated
2023-02-12
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-09-25
Updated
2023-10-02
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.
Max CVSS
4.5
EPSS Score
0.05%
Published
2022-12-16
Updated
2023-02-06
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-09-23
Updated
2023-09-26
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.
Max CVSS
4.8
EPSS Score
0.06%
Published
2022-12-08
Updated
2022-12-12
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.
Max CVSS
4.9
EPSS Score
0.07%
Published
2022-09-01
Updated
2022-11-07
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
Max CVSS
4.3
EPSS Score
0.05%
Published
2022-04-29
Updated
2022-05-10
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
Max CVSS
4.3
EPSS Score
0.07%
Published
2022-03-25
Updated
2022-10-27
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.
Max CVSS
4.9
EPSS Score
0.12%
Published
2022-08-29
Updated
2023-07-21
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.
Max CVSS
4.9
EPSS Score
0.07%
Published
2022-02-09
Updated
2022-02-22
672 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!