CVE-2024-33059

CVE-2024-33059 involves memory corruption in Qualcomm chipsets caused by processing frame command IOCTL calls. Reported impact per metrics includes High confidentiality, integrity, and availability with Local, Low-Complexity, Low-Privileges requirements (no user interaction). No exploitation deta...

CVE-2024-33059 Use After Free in Computer Vision

Memory corruption while processing frame command IOCTL calls...

CVE-2024-33059 Use After Free in Computer Vision

Memory corruption while processing frame command IOCTL calls...

CVE-2024-33055

CVE-2024-33055 describes memory corruption occurring when invoking IOCTL calls to unmap DMA buffers in Qualcomm chipsets. Connected sources confirm the issue affects memory handling in the DMA buffer unmapping path and classify the impact at the memory-corruption level; several advisories referen...

CVE-2024-33055 Use After Free in Computer Vision

Memory corruption while invoking IOCTL calls to unmap the DMA buffers...

CVE-2024-33055 Use After Free in Computer Vision

Memory corruption while invoking IOCTL calls to unmap the DMA buffers...

CVE-2024-33041 Use of Out-of-range Pointer Offset in Computer Vision

Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,...

CVE-2024-38415 Use After Free in Computer Vision

Memory corruption while handling session errors from firmware...

CVE-2024-38415 Use After Free in Computer Vision

Memory corruption while handling session errors from firmware...

CVE-2024-47063

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate a...

CVE-2024-47064

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access t...

CVE-2024-47172 Computer Vision Annotation Tool (CVAT) access control is broken in several PATCH endpoints

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as...

CVE-2024-47064 Computer Vision Annotation Tool (CVAT) contains a reflected XSS via request endpoints

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access t...

CVE-2024-47063

CVAT (Computer Vision Annotation Tool) contains a stored XSS vulnerability via the quality report data endpoint. A malicious user with task-creation/edit permissions can lure another logged-in user to a crafted URL, potentially executing scripts in the victim’s browser. Affected versions are prio...

CVE-2024-47063 Computer Vision Annotation Tool (CVAT) contains a stored XSS via the quality report data endpoint

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate a...

Computer Vision Annotation Tool 安全漏洞

Computer Vision Annotation Tool CVAT is a cvat.ai open source interactive video and image annotation tool for computer vision. A security vulnerability exists in Computer Vision Annotation Tool versions 2.0.0 through 2.19.0 that originates from an attacker with an account that can retrieve certai...

PT-2024-32382 · Unknown · Computer Vision Annotation Tool

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.19.0 Description: The issue allows an attacker to initiate API calls on behalf of a logged-in user if they can trick the user into visiting a maliciously-constructed URL. This gives the...

CVE-2024-45393

Summary: CVAT prior to 2.18.0 is affected by a vulnerability where an account holder can access webhook delivery information for any webhook (including others’) and can redeliver past deliveries or trigger a ping event. The underlying issue is missing authorization for webhook delivery endpoints....

CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...

CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...