|
21
|
8.1
-
|
HIGH
Network
|
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote a…
|
CWE-362
Race Condition
|
CVE-2024-6387
|
cpe:2.3:o:debian:debian_linux:12.0:*
|
|
|
|
|
2024-11-21 18:49
2024-07-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
9.1
-
|
CRITICAL
Network
|
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
|
NVD-CWE-Other
|
CVE-2024-37371
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:*
|
|
|
|
|
2024-11-21 18:23
2024-06-29
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
4.3
-
|
MEDIUM
Network
|
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox E…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-5690
|
cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 18:48
2024-06-11
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
6.1
-
|
MEDIUM
Network
|
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
|
CWE-79
Cross-site Scripting
|
CVE-2024-37383
|
cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 18:23
2024-06-7
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
8.1
-
|
HIGH
Network
|
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memo…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-5629
|
cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 18:48
2024-06-6
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
7.8
-
|
HIGH
Local
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_dump_full_key()
Skip sessions that are being teared down (status == SES_EXITING) to
avoid …
|
CWE-416
Use After Free
|
CVE-2024-35866
|
cpe:2.3:o:debian:debian_linux:11.0:*
|
|
|
|
|
2026-04-22 04:07
2024-05-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
5.5
-
|
MEDIUM
Local
|
In the Linux kernel, the following vulnerability has been resolved:
fat: fix uninitialized field in nostale filehandles
When fat_encode_fh_nostale() encodes file handle without a parent it
stores o…
|
-
|
CVE-2024-26973
|
cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2025-03-4 02:47
2024-05-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
5.5
-
|
MEDIUM
Local
|
In the Linux kernel, the following vulnerability has been resolved:
serial/pmac_zilog: Remove flawed mitigation for rx irq flood
The mitigation was intended to stop the irq completely. That may be
…
|
-
|
CVE-2024-26999
|
cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2025-03-4 02:47
2024-05-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
5.5
-
|
MEDIUM
Local
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix command flush on cable pull
System crash due to command failed to flush back to SCSI layer.
BUG: unable to h…
|
-
|
CVE-2024-26931
|
cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2025-03-4 02:47
2024-05-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
7.0
-
|
HIGH
Local
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/srpt: Do not register event handler until srpt device is fully setup
Upon rare occasions, KASAN reports a use-after-free Wri…
|
-
|
CVE-2024-26872
|
cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2025-03-4 02:47
2024-04-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|