CVE-2024-30715

CVE-2024-30715 is rejected/not used; this entry does not represent an active vulnerability.

CVE-2024-25832

Summary (CVE-2024-25832) : F-logic DataCube3 v1.0 is reported vulnerable to unrestricted file upload by manipulating the filename extension. The issue is classified with high impact (CVSSv3.1: 8.8, HIGH) and requires authentication with low privileges; exploitation could lead to code execution, d...

CVE-2021-46964

CVE-2021-46964 is a Linux kernel issue fixed by the patch that reserves extra IRQ vectors for qla2xxx SCSI/UFS paths. The change limits MSI‑X vectors to the number of CPUs, which affected qla83xx_iospace_config(), qla24xx_enable_msix(), and qla2x00_iospace_config() by computing max_qpairs as msix...

CVE-2024-36004

CVE-2024-36004 is a Linux kernel issue where the i40e driver's workqueue was created with the WQ_MEM_RECLAIM flag, triggering a check_flush_dependency warning when i40e and i40iw are loaded. The fix removes the flag on i40e’s workqueue, mirroring a similar fix in ice, and is documented in several...

CVE-2024-6677

Citrix uberAgent is affected in CVE-2024-6677 for versions before 7.2.1. The underlying issue is a privilege-escalation vulnerability that leverages a writable directory in the PATH environment variable, enabling local escalation with high impact to confidentiality, integrity, and availability. A...

CVE-2024-30733

CVE-2024-30733 entry is rejected/not used.

CVE-2024-35900

CVE-2024-35900 affects the Linux kernel nf_tables (netfilter). The issue arises when the dormant table flag is toggled; during commit, hooks are iterated across both existing and new chains, which can lead to an inconsistent state. This may trigger a warning when unregistering a chain that is alr...

CVE-2024-30672

This CVE entry is rejected and not used and does not represent an active vulnerability.

CVE-2024-27398

CVE-2024-27398 – Linux kernel Bluetooth SCO use-after-free . The vulnerability stems from a use-after-free in sco_sock_timeout: after a SCO connection is established, releasing the SCO socket may schedule timeout_work, but the socket can be freed yet still dereferenced by sco_sock_timeout, leadin...

CVE-2024-26656

CVE-2024-26656 affects the Linux kernel AMDGPU DRM driver. A use-after-free in amdgpu_hmm_unregister called during amdgpu_gem_object_free after an amdgpu_gem_userptr_ioctl with invalid address/size can cause access to a bad address; kernel crash may occur. The issue has a published fix, and patch...

CVE-2024-35842

Summary: CVE-2024-35842 in the Linux kernel fixes a NULL pointer dereference in ASoC: mediatek sof-common by adding a NULL check for the normal_link string in sof_conn_stream entries. The issue arises because not all sof_conn_stream entries declare a normal_link (non-SOF, direct link) string, par...

CVE-2024-30716

CVE-2024-30716 entry is rejected and not used; does not represent an active vulnerability.

CVE-2023-52442

CVE-2023-52442 concerns the Linux kernel KSMBD SMB server. The issue arises in compound SMB2 requests where smb2_get_msg() would return the first command header, causing the tree ID check to be skipped if SMB2_TREE_CONNECT_HE is first. The root cause is incorrect command selection within a compou...

CVE-2024-35844

CVE-2024-35844 concerns a Linux kernel f2fs compress reserve_cblocks counting bug that occurs when a file needs only one direct_node and the filesystem runs out of space. The issue can leave a file unrecoverable because, on ENOSPC return, reserved_blocks is not updated, causing fsck to miss repai...

CVE-2024-30712

CVE-2024-30712 entry is rejected/not used; this ID does not represent an active vulnerability.

CVE-2024-30665

CVE-2024-30665 has been withdrawn; the initial entry states “Rejected reason: DO NOT USE THIS CANDIDATE NUMBER” and notes no evidence of a vulnerability. Connected sources (NVD, CNNVD) repeat that this candidate was withdrawn/not applicable. The PT security entry about ROS Melodic Morenia and rel...

CVE-2024-30675

CVE-2024-30675 entry is rejected/not used and does not represent an active vulnerability entry.

CVE-2024-1671

CVE-2024-1671 applies to Google Chrome, stemming from an improper Site Isolation implementation that allowed a remote attacker to bypass the Content Security Policy via a crafted HTML page. The vulnerability is described as affecting Chrome versions prior to 122.0.6261.57 . Public advisories indi...

CVE-2023-52369

CVE-2023-52369 is a stack overflow vulnerability in the NFC module with a reported impact on availability and integrity. NVD records a CVSS v3.1 base score of 9.1 (CRITICAL) with network access, low complexity, no privileges required, and no user interaction, affecting the NFC-related component a...

CVE-2024-27401

CVE-2024-27401 affects the Linux kernel’s firewire nosy code path. The vulnerability arises because packet_buffer_get could read beyond the user-supplied length if the head packet length exceeded user_length, potentially allowing a user-space overflow. The fix ensures the function returns 0 when ...

CVE-2023-52363

CVE-2023-52363 describes a defect introduced in the design process in the Control Panel module with potential to cause app processes to start by mistake. Public sources reference Huawei HarmonyOS/EMUI context and generic design-phase vulnerability impact. The available documents do not provide co...

CVE-2024-26891

CVE-2024-26891 is a Linux kernel local-privilege issue in the IOMMU/VT-d path where ATS invalidation can be sent for a hotplug-disconnected device, potentially causing a hard lockup/system hang. The linked advisories show concrete fixes in Linux kernel streams for AL2 kernels: Amazon Linux 2 kern...

CVE-2024-23700

CVE-2024-23700 is referenced in a Wear OS security bulletin as a Framework‑level vulnerability that could enable local privilege escalation by a malicious app with no extra privileges. PT-2026-3764 notes a PoC and claims the exploit can silently obtain permissions to read/write contacts, SMS, cal...

CVE-2024-30701

This CVE-2024-30701 entry is rejected and does not represent an active vulnerability.

CVE-2023-52387

The CVE-2023-52387 entry describes a Resource Reuse vulnerability in the GPU module that can affect confidentiality. Connected CNVD/CNNVD and related records map this issue to Huawei EMUI and Huawei HarmonyOS (mobile OSes) with a resource reuse flaw in the GPU component. The NVD/NVD-derived metri...

CVE-2023-52365

CVE-2023-52365 is an out-of-bounds read vulnerability in the smart activity recognition module, reported across Huawei EMUI and Huawei HarmonyOS. The root cause is an out-of-bounds read that can cause features to behave abnormally. Public technical details are limited in the provided documents, b...

CVE-2024-30674

CVE-2024-30674 entry is rejected/not used and does not represent an active vulnerability.

CVE-2024-30718

CVE-2024-30718 entry is rejected/not used and does not represent an active vulnerability.

CVE-2023-42853

CVE-2023-42853 involves a logic issue in macOS components that could allow an app to access user-sensitive data. The issue is addressed by improved checks and is fixed in macOS updates: Sonoma 14.1, Monterey 12.7.1, and Ventura 13.6.1. The available connected documents confirm the root cause as a...

CVE-2023-52373

Summary of CVE-2023-52373 : A permission verification flaw in the Huawei HarmonyOS/EMUI share box module's content sharing pop-up allows unauthorized file sharing. The vulnerability is described across multiple sources (NVD, Red Hat CVE page, CNVD/CNNVD entries) with a high impact on confidential...

CVE-2023-52375

CVE-2023-52375 concerns Huawei HarmonyOS/EMUI’s WMS (WindowManagerService) module. Connected sources describe a privilege control vulnerability in the WMS, which can affect usability and, per the NVD entry, may impact availability. The CVE’s description notes a permission control issue in WindowM...

CVE-2024-30702

CVE-2024-30702 entry is rejected; not an active vulnerability entry.

CVE-2024-26870

CVE-2024-26870 describes a Linux kernel vulnerability in NFSv4.2 where listxattr could trigger a kernel BUG in mm/usercopy.c when size handling is incorrect. The connected Astra Linux entry mirrors the issue and provides a concrete fix: modify nfs4_listxattr() so that if size > 0 and the funct...

CVE-2022-20931

CVE-2022-20931 concerns Cisco TelePresence CE Software used on Cisco Touch 10 devices, where weak version control allows an unauthenticated, adjacent attacker to downgrade to an older software version. The root cause is insufficient version control in the software update flow, enabling installati...

CVE-2020-11023

The connected Astra Linux bulletin confirms CVE-2020-11023: in jQuery versions >= 1.0.3 and < 3.5.0, passing HTML containing elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) may lead to untrusted code execution. Patch released in jQuery 3.5.0. Remediat...

CVE-2024-0019

The CVE-2024-0019 issue affects Android’s AppOpsControllerImpl.setListening in the Framework. A missing check for active recordings can allow hiding the microphone privacy indicator when SystemUI restarts, enabling local denial of service without extra privileges. Impact is limited to DoS on the ...

CVE-2024-30719

CVE-2024-30719 is rejected; this candidate is not used and does not reflect an active vulnerability entry.

CVE-2024-28084

CVE-2024-28084 affects iNet wireless daemon (IWD) p2putil.c up to version 2.15. The issue stems from initialization during parsing of advertised service information, enabling denial of service via daemon crash and possibly other unspecified impact. Fedora advisories indicate fixes in iwd 2.16 and...

CVE-2023-42836

CVE-2023-42836 is a logic-issue vulnerability in Apple OSes (iOS/iPadOS/macOS) where an attacker could access connected network volumes mounted in the user’s home directory. The issue is addressed with improved checks and is fixed in iOS 17.1/iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, ...

CVE-2024-30722

This CVE entry is rejected/not used and does not represent an active vulnerability.

CVE-2024-27399

CVE-2024-27399 affects the Linux kernel Bluetooth stack (l2cap). It is caused by a race between l2cap_chan_timeout() and l2cap_chan_del(), where deleting a channel can set chan->conn to NULL but a dereference may occur in mutex_lock() inside l2cap_chan_timeout(), leading to a NULL pointer dere...

CVE-2024-41090

CVE-2024-41090 and CVE-2024-41091 pertain to the Linux kernel’s handling of short frames in TAP/TUN paths. The bug stems from missing verification of frame length in the tap_get_user_xdp() path (CVE-2024-41090) and in the tun_xdp_one()/ETH header handling (CVE-2024-41091), potentially allowing a ...

CVE-2024-1674

CVE-2024-1674 is a Chrome/Chromium vulnerability: an inappropriate Navigation implementation allowed remote bypass of navigation restrictions via a crafted HTML page. Affected product is Google Chrome (Chromium core); vulnerable builds prior to 122.0.6261.57. Impact described as navigation bypass...

CVE-2023-52371

CVE-2023-52371 corresponds to a vulnerability with null references in the motor module, affecting Huawei HarmonyOS and Huawei EMUI. The impact is an availability impact as described in multiple sources. The root cause is a null pointer/reference in the motor module. Affected products include Harm...

CVE-2024-1675

CVE-2024-1675 affects Google Chrome/Chromium prior to version 122.0.6261.57. The vulnerability stems from insufficient policy enforcement in the Chrome Download pathway, enabling a remote attacker to bypass filesystem restrictions via a crafted HTML page. The issue is categorized as high severity...

CVE-2024-0029

CVE-2024-0029 describes a logic error across multiple Android files that could allow capturing the device screen in violation of device policy, enabling local elevation of privilege with no extra execution privileges required. Exploitation details are not provided in the supplied documents. Affec...

CVE-2024-39508

CVE-2024-39508 affects the Linux kernel’s io_uring io-wq path. The advisory details data-race issues on io_worker->flags exposed under concurrency (io_worker_handle_work and io_wq_activate_free_worker) and shows that the fix refactors flag manipulation to atomic operations using set_bit() and ...

CVE-2023-42952

CVE-2023-42952 affects Apple platforms (iOS, iPadOS, macOS) where an app with root privileges may access private information. The issue is addressed with improved checks and is fixed in iOS/iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, and macOS Monterey 12.7.1. Connected sources also ref...

CVE-2024-5911

CVE-2024-5911 affects Palo Alto Networks PAN-OS Panorama web interface via an arbitrary file upload vulnerability accessible to an authenticated read-write administrator. The issue can disrupt system processes and crash Panorama, with repeated attacks potentially forcing maintenance mode requirin...

CVE-2024-0037

The CVE-2024-0037 entry describes a local information disclosure in Android’s SaveUi.java, where applyCustomDescription can view other users’ images due to a missing permission check. Exploitation is possible with local attacker privileges and does not require user interaction. Connected document...