368410 matches found
CVE-2023-52585
The CVE-2023-52585 vulnerability affects the Linux kernel AMDGPU driver (drm/amdgpu). A NULL dereference could occur in amdgpu_ras_query_error_status_helper() when handling error info and an invalid block id; the fix returns -EINVAL for invalid block ids and prevents the NULL dereference. Affecte...
CVE-2024-26981
CVE-2024-26981 affects the Linux kernel nilfs2 implementation. The flaw is an out-of-bounds access in nilfs_set_de_type: the index into nilfs_type_by_mode is computed as (mode & S_IFMT) >> S_SHIFT, but the array size is defined as S_IFMT >> S_SHIFT, which can produce an OOB when mode ...
CVE-2024-26966
CVE-2024-26966 pertains to the Linux kernel clk: qcom: mmcc-apq8084 issue. The vulnerability arose because frequency table arrays were not terminated with an empty element, risking out-of-bounds access when traversed by qcom_find_freq() or qcom_find_freq_floor(). The fix adds a terminating empty ...
CVE-2024-27038
The CVE-2024-27038 issue is a NULL dereference in clk_core_get() during hw dereferencing of clk->core. A NULL hw is produced when __clk_get_hw() returns NULL, and clk_core_get() dereferences hw->core. The fix, described in the kernel patch and reflected in Astra Linux/IBM advisories, change...
CVE-2024-27074
The CVE-2024-27074 entry concerns a Linux kernel memory leak in the media go7007 path. Specifically, in go7007_load_encoder the bounce object (go->boot_fw) is allocated but not deallocated, and is freed later via kfree(go) after the call chain saa7134_go7007_init -> go7007_boot_encoder ->...
CVE-2024-25850
CVE-2024-25850 affects Netis WF2780 firmware v2.1.40144. The vulnerability is a command-injection issue exploitable via the wps_ap_ssid5g parameter, with an apparent impact on confidentiality, integrity, and availability. CVSS v3.1 metrics indicate a 9.8 (CRITICAL) base score, network attack vect...
CVE-2024-1673
CVE-2024-1673 affects Google Chrome/Chromium: a use-after-free in Accessibility in the renderer prior to 122.0.6261.57 can allow a remote attacker to potentially cause heap corruption via specific UI gestures. Affected product: Chromium/Chrome (Accessibility component) with root cause described a...
CVE-2024-26961
CVE-2024-26961 affects the Linux kernel, related to mac802154_llsec_key_del freeing key resources outside the required RCU grace period. The issue can lead to a use-after-free when llsec_lookup_key() traverses the key list in parallel with a deletion. The provided connected documents describe the...
CVE-2023-50379
CVE-2023-50379 affects Apache Ambari prior to 2.7.8, enabling an authenticated attacker to inject malicious code by manipulating a request and achieve root access on the cluster’s main host. The vulnerability stems from a code-injection flaw in Ambari’s request handling, with impact described as ...
CVE-2024-27078
CVE-2024-27078 affects the Linux kernel component media: v4l2-tpg . The issue is a resource leak in the tpg_alloc error paths where allocated resources were not always deallocated, leading to memleaks because tpg_free was only called when tpg_alloc returned 0. The patch ensures deallocation occur...
CVE-2024-1672
CVE-2024-1672 affects Google Chrome/Chromium CSP handling. The vulnerability arises from an inappropriate CSP policy implementation that allows bypass via a crafted HTML page. Root cause: CSP module in Chromium is improperly enforcing policy. Affected: Chrome/Chromium builds prior to 122.0.6261.5...
CVE-2024-26974
CVE-2024-26974 affects the Linux kernel crypto/qat driver. A race during PCI AER error recovery could cause a use-after-free of the reset_data container used for completion notification after a device restart, triggering a KFENCE use-after-free notice. The fix alters memory lifetime: the containe...
CVE-2024-27076
CVE-2024-27076 affects the Linux kernel in the media: imx: csc/scaler path. The root cause is a memory leak in v4l2_ctrl_handler: memory allocated in v4l2_ctrl_handler_init was not freed on release. The patch fixes this by freeing the allocated memory on release, mitigating a local-vector memory ...
CVE-2024-25065
CVE-2024-25065 affects Apache OFBiz. A path traversal issue allows authentication bypass. The issue impacts OFBiz versions before 18.12.12. Upgrade to 18.12.12 (or later) to fix; multiple sources (NVD, Red Hat, PRIoN, OSV) corroborate the vulnerability and fix. If applying mitigations, ensure ver...
CVE-2022-34310
The CVE-2022-34310 issue affects IBM CICS TX Standard and Advanced 11.1, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Public documents confirm affected products and versions (IBM CICS TX Standard and IBM CICS TX Advanced, 11....
CVE-2024-27044
The CVE CVE-2024-27044 affects the Linux kernel DRM/AMD display path. A NULL pointer dereference vulnerability occurs in dcn10_set_output_transfer_func() where the stream pointer is used before a NULL check, as reported in the patch note for drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn...
CVE-2024-26989
CVE-2024-26989: Linux kernel vulnerability on arm64 hibernate (swsusp_save) caused by saving MEMBLOCK_NOMAP pages due to kernel_page_present logic mishandling when can_set_direct_map() is false. Connected docs confirm the root cause: changes to pfn_valid() logic; fix: drop the !can_set_direct_map...
CVE-2019-11072
The issue is in lighttpd before 1.4.54 where a signed integer overflow in burl_normalize_2F_to_slash_fix could be triggered by crafted input via HTTP GET requests, potentially causing a denial of service (application crash) and possibly other impact. The vulnerability is tied to a feature introdu...
CVE-2024-25974
OpenOlat (Frentix GmbH) OpenOlat LMS is affected by a stored Cross-Site Scripting (XSS) vulnerability: authenticated users can upload SVG images via the Media Center in OpenOlat 18.1.5 and earlier, and share the uploaded files with groups (including admins), enabling JavaScript payload execution....
CVE-2023-52360
CVE-2023-52360 is a Huawei HarmonyOS baseband logic vulnerability with a network-facing attack surface that can compromise service integrity. The CVSS=7.5 (HIGH) reflects potential high impact to integrity while confidentiality/availability remain unaffected per the provided metrics. Several conn...
CVE-2023-52650
CVE-2023-52650 affects the Linux kernel's drm/tegra subsystem (dsi). The vulnerability arises from a missing check for the return value of of_find_device_by_node(), risking a NULL pointer dereference. The issue has a formal fix in the kernel: add the check and return an error when of_find_device_...
CVE-2023-52370
CVE-2023-52370 is a stack overflow vulnerability in the network acceleration module that can lead to unauthorized file access. The NVD entry assigns a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, low attack complexity, no privileges or user interaction required, and impacts ...
CVE-2024-27077
CVE-2024-27077 affects the Linux kernel via a memleak in media: v4l2-mem2mem, specifically in v4l2_m2m_register_entity where entity->name is allocated but not freed on subsequent error paths. The patch adds deallocation of entity->name in error-handling paths to prevent the leak. Public adv...
CVE-2024-24479
CVE-2024-24479 describes a potential buffer overflow in Wireshark before 4.2.0, via wsutil/to_str.c and format_fractional_part_nsecs, which could lead to a remote DoS. The initial entry notes the vendor disputes that 4.2.0 or any release was affected, so the applicability of this CVE is contested...
CVE-2023-52620
CVE-2023-52620 (Linux kernel) affects the nf_tables component of the Linux kernel, where the vulnerability arises from allowing a timeout parameter on anonymous sets and disallowing such parameters from userspace. The CVSS vector provided in the initial document indicates a Local, Low-severity im...
CVE-2024-30203
CVE-2024-30203 affects GNU Emacs prior to 29.3, where Gnus treats inline MIME contents as trusted. Public advisories from multiple sources (e.g., ALAS/ALAS2) recommend upgrading Emacs to a newer version (29.3 or later) to apply the fix. The issue is limited to Emacs/Gnus handling of inline MIME; ...
CVE-2024-25730
The CVE-2024-25730 issue affects Hitron CODA-4582 and CODA-4589 devices where default PSKs are derived from a 5-digit hex value concatenated with the string “Hitron,” producing very low entropy (roughly one million possibilities). This has been documented across multiple sources (NVD, Red Hat, CN...
CVE-2024-7701
CVE-2024-7701 concerns Percona Toolkit1 3.6.0, where use of a password hash with insufficient computational effort enables encryption brute-forcing. The available sources identify the affected component (percona-toolkit 3.6.0) and the general vulnerability class, but do not provide deeper root-ca...
CVE-2024-27046
CVE-2024-27046 is a Linux kernel vulnerability affecting the nfp: flower path. The issue occurs when kmalloc_array() in nfp_fl_lag_do_work() returns NULL under memory pressure, which can lead to a NULL pointer dereference when accessing acti_netdevs. The accompanying patch adds a check for alloca...
CVE-2024-2611
CVE-2024-2611 describes a clickjacking-type vulnerability in Firefox and Thunderbird where a missing delay in pointer lock handling could trick a user into granting permissions. Affected products include Firefox (versions before 124 and ESR before 115.9) and Thunderbird (before 115.9). Connected ...
CVE-2024-24478
Wireshark CVE-2024-24478 concerns a remote denial-of-service in Wireshark before 4.2.0 via the BGP dissector (packet-bgp.c, dissect_bgp_open). The issue is reported to affect the BGP Open handling, with an alleged vulnerability path through optlen, leading to resource exhaustion. Several connecte...
CVE-2024-36012
CVE-2024-36012 affects the Linux kernel Bluetooth stack (msft): slab-use-after-free in msft_do_close() when msft_data is freed in msft_unregister via hci_release_dev(). The fix ties msft_data lifetime to hdev and frees it in hci_release_dev(), preventing use-after-free in msft->filter_lock. Af...
CVE-2024-24720
Affected software: Innovaphone PBX prior to version 14r1. Vulnerability: The Forgot password function leaks user existence information and provides divergent responses to requests, enabling information disclosure. Root cause (as described): Response behavior differences reveal whether a user exis...
CVE-2021-40854
Product/affected: AnyDesk Desktop (Windows). Vulnerability: Local privilege escalation via the Open Chat Log feature, which can launch a privileged Notepad process to spawn other applications. Root cause: Privilege escalation path through a trusted UI component enabling elevated process creation....
CVE-2024-12801
CVE-2024-12801 describes a Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback up to 1.5.12 on the Java platform, enabling forging requests via compromised XML configuration via modification of the DOCTYPE declaration. The connected IBM Security Bulletin for this CVE lists af...
CVE-2021-47006
CVE-2021-47006 relates to the ARM hw_breakpoint path in the Linux kernel. The issue arises from perf_event_alloc() setting a default event->overflow_handler and replacing the overflow_handler check with is_default_overflow_handler(), but one condition remains missing: bp->overflow_handler m...
CVE-2024-25198
CVE-2024-25198 affects Open Robotics ROS 2 and Nav2 humble. The issue is an incorrect pointer order in amcl_node.cpp: laser_scan_filter_.reset() is called before tf_listener_.reset(), causing a use-after-free. Connected documents point to the Nav2/amcl changes and related GitHub PRs (e.g., naviga...
CVE-2024-27051
CVE-2024-27051 centers on the Linux kernel’s cpufreq/brcmstb-avs-cpufreq code. The underlying issue is that cpufreq_cpu_get could return NULL, risking a NULL dereference. The fix adds a check and returns 0 on error, as described in the advisory lines: “cpufreq_cpu_get may return NULL. To avoid NU...
CVE-2023-41506
CVE-2023-41506 affects the Student Enrollment In PHP software (v1.0). The vulnerability is an arbitrary file upload in the Update/Edit Student’s Profile Picture function, enabling code execution by uploading a crafted PHP file. Public sources describe it as a critical issue (CVSS v3.1: 9.8, high ...
CVE-2024-26969
In CVE-2024-26969, the Linux kernel clk: qcom: gcc-ipq8074 fix terminates frequency table arrays by adding an empty element at the end. Missing termination could cause out-of-bounds access when traversed by qcom_find_freq() or qcom_find_freq_floor(). The issue is fixed in the kernel code and only...
CVE-2010-3972
Summary (CVE-2010-3972): A heap-based buffer overflow in the FTP service of Microsoft IIS (ftpsvc.dll) on IIS 7.0/7.5 enables remote code execution or DoS via a crafted FTP command. Affects Microsoft IIS FTP Service; root cause is improper handling of Telnet IAC data in TELNET_STREAM_CONTEXT::OnS...
CVE-2024-36011
CVE-2024-36011 affects the Linux kernel where the Bluetooth HCI code could dereference a NULL pointer in hci_le_big_sync_established_evt(). The vulnerability is local (per CVSS vector: AV:L, AC:L, PR:L, UI:N) with a MEDIUM base score of 5.5 and an ADMIN/availability impact of HIGH. The connected ...
CVE-2024-27355
CVE-2024-27355 affects phpseclib when parsing the ASN.1 certificate OID, where a crafted sub-identifier can cause a denial of service due to excessive CPU usage during decodeOID. Affected versions are 1.x < 1.0.23, 2.x < 2.0.47, and 3.x
CVE-2018-16550
CVE-2018-16550 affects TeamViewer 10.x–13.x. A remote attacker can bypass the brute‑force authentication protection by skipping the Cancel step, making it easier to determine the default 4‑digit PIN. The vulnerability is documented with a CVSS v3 base score of 9.8 (CRITICAL) and vector AV:N/AC:L/...
CVE-2024-27030
CVE-2024-27030 – Verified in connected advisories: the issue is fixed in the Linux kernel by introducing separate interrupt handlers for octeontx2-af, addressing a race condition where PF→AF and VF→AF interrupt vectors used the same handler, causing two CPUs to handle the same event and corrupt d...
CVE-2022-1388
CVE-2022-1388 affects F5 BIG-IP iControl REST authentication. Affected: BIG-IP 16.1.x before 16.1.2.2; 15.1.x before 15.1.5.1; 14.1.x before 14.1.4.6; 13.1.x before 13.1.5; and all 12.1.x and 11.6.x. Root cause per CNVD/CISA: authentication bypass via iControl REST, enabling unauthenticated acces...
CVE-2024-25828
CMSEasy v7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php. From the documents: vulnerable component is the file lib/admin/template_admin.php; impact is arbitrary file deletion with no confidentiality impact but potential integrity/availability effects; attack v...
CVE-2024-26958
CVE-2024-26958 is a Linux kernel vulnerability in the NFS direct write path that could cause use-after-free (refcount underflow) when completing nfs_direct_request twice in a row. A patch fixes the double-completion scenario; the CVSS 3.1 base score is 7.8 (High) with Local attack and High impact...
CVE-2024-22988
CVE-2024-22988 – ZKTeco ZKBio WDMS : Affects ZKBio WDMS prior to 9.0.2 Build 20250526. The vulnerability allows an attacker to download a database backup via the /files/backup/ component because the backup filename is based on a predictable timestamp, enabling unauthorized access to backups. Red ...
CVE-2024-27047
CVE-2024-27047 affects the Linux kernel: net: phy: fix phy_get_internal_delay accessing an empty array. The issue occurs when a driver calls phy_get_internal_delay without defining delay_values and rx-/tx-internal-delay-ps is 0 in device-tree, risking a NULL pointer dereference and kernel oops. A...