7.5

CVSS3.1

CVE-2023-1973 - Undertow: unrestricted request storage leads to memory exhaustion

A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS3.1

CVE-2024-26804 - net: ip_tunnel: prevent perpetual headroom growth

In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 Read of size 1 at addr ffff88812fb4000e by…

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 12:54 p.m.

6.4

CVSS3.1

CVE-2024-2660 - Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, …

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: Aug. 8, 2025, 7 p.m.

9.1

CVSS3.1

CVE-2023-36645 -

SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function.

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: April 24, 2025, 2:28 p.m.

7.5

CVSS3.1

CVE-2023-36643 -

Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function.

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: April 24, 2025, 2:52 p.m.

5.5

CVSS3.1

CVE-2024-26796 - drivers: perf: ctr_get_width function for legacy is not defined

In the Linux kernel, the following vulnerability has been resolved: drivers: perf: ctr_get_width function for legacy is not defined With parameters CONFIG_RISCV_PMU_LEGACY=y and CONFIG_RISCV_PMU_SBI=n linux kernel crashes when you try perf record: $ perf record ls [ 46.749286] Unable to handle k…

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 8:56 a.m.

5.5

CVSS3.1

CVE-2024-26788 - dmaengine: fsl-qdma: init irq after reg initialization

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after reg initialization Initialize the qDMA irqs after the registers are configured so that interrupts that may have been pending from a primary kernel don't get processed by the irq handler before …

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 8:56 a.m.

7.8

CVSS3.1

CVE-2024-26797 - drm/amd/display: Prevent potential buffer overflow in map_hw_resources

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent potential buffer overflow in map_hw_resources Adds a check in the map_hw_resources function to prevent a potential buffer overflow. The function was accessing arrays using an index that could potentially …

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 8:56 a.m.

7.8

CVSS3.1

CVE-2024-26793 - gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_newlink() The gtp_link_ops operations structure for the subsystem must be registered after registering the gtp_net_ops pernet operations structure. Syzkaller hit 'general protect…

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 8:56 a.m.

7.1

CVSS3.1

CVE-2024-26791 - btrfs: dev-replace: properly validate device names

In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getname_kern…

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: Jan. 5, 2026, 10:34 a.m.
Total resulsts: 349182
Page 10437 of 34,919
Β« previous page Β» next page
Filters