CVE-2024-21723

CVE-2024-21723 describes an open redirect in the Joomla! core installation application caused by inadequate URL parsing. Public docs consistently identify this as an Open Redirect vulnerability in Joomla! installation, enabling redirection to an arbitrary URL when a crafted link is processed. The...

CVE-2023-42835

The CVE-2023-42835 entry corresponds to a logic issue in macOS Sonoma that could let an attacker access user data. The connected documentation (Apple security content) confirms the flaw is addressed by the macOS Sonoma 14.1 security update, which removes the vulnerable code or strengthens checks....

CVE-2023-49250

CVE-2023-49250 affects Apache DolphinScheduler prior to 3.2.0, where the HttpUtils class fails to verify TLS certificates. This allows an attacker in a MITM position on outgoing HTTPS connections to impersonate the server, potentially impacting confidentiality, integrity, and availability of the ...

CVE-2024-3658

CVE-2024-3658 is rejected/not used and does not represent an active vulnerability entry.

CVE-2023-40093

CVE-2023-40093 is an information-disclosure vulnerability in Google Android where trimmed content could be included in PDF output due to a logic error. It allows local information disclosure with no user interaction; confidentiality is impacted. Public sources cite this CVE in Android security bu...

CVE-2023-42939

CVE-2023-42939 is a WebKit logic issue in iOS/iPadOS that may cause a user’s private browsing activity to be saved in the App Privacy Report. It is fixed in iOS 17.1 and iPadOS 17.1; no exploits or attack vectors are detailed in the provided documents.

CVE-2021-47035

CVE-2021-47035 is rejected and not an active vulnerability entry.

CVE-2024-30727

CVE-2024-30727 is rejected/not used; does not represent an active vulnerability entry.

CVE-2021-47055

CVE-2021-47055 — Linux kernel mtd ioctl protection bug Connected sources confirm a concrete Linux kernel vulnerability in the mtd subsystem: certain ioctls (MEMLOCK, MEMUNLOCK, OTPLOCK) modify protection bits and historically required write permission, with MEMLOCK potentially being write-once on...

CVE-2021-47029

CVE-2021-47029 concerns a Linux kernel issue in the mt76 Connac driver (mt76_connac_mcu_uni_add_dev) that emitted a kernel-warning trace when adding a monitor interface during EEPROM init (mt7921e path). The problem was addressed by fixing the kernel warning in the mt76_connac_mcu_uni_add_dev rou...

CVE-2021-47040

CVE-2021-47040 relates to the Linux kernel io_uring subsystem. The vulnerability stems from overflow checks in provide_buffers() for io_provide_buffers_prep(), with prior attempts not addressing the overflow/sign-extension issue. It was resolved by introducing robust overflow checks via helper fu...

CVE-2024-30728

CVE-2024-30728 is rejected/withdrawn and does not represent an active vulnerability entry.

CVE-2024-1551

The CVE-2024-1551 issue is a header-injection vulnerability in Set-Cookie handling within multipart HTTP responses. The root cause is that an attacker able to control the Content-Type header and part of the response body could inject Set-Cookie headers that the browser would honor. Affected produ...

CVE-2024-26458

CVE-2024-26458 is documented in IBM Security Bulletins as affecting IBM Application Gateway (versions 23.10–25.09) with Kerberos 5 (krb5) 1.21.2 memory leak in /krb5/src/lib/rpc/pmap_rmt.c. IBM lists remediation: update to fixed IBM Application Gateway release and container image. Upgrading via d...

CVE-2021-47036

CVE-2021-47036 concerns the Linux kernel UDP GRO path when NETIF_F_GRO_FRAGLIST or NETIF_F_GRO_UDP_FWD are enabled and UDP tunnels exist. The bug could allow udp_gro_receive() to perform L4 GRO aggregation (SKB_GSO_UDP_L4 or SKB_GSO_FRAGLIST) at the outer UDP tunnel level for packets that carry a...

CVE-2023-52453

In CVE-2023-52453, the Linux kernel vulnerability affects the hisi_acc_vfio_pci driver where the migration data pointer is not updated correctly when PRE_COPY is used. This can cause migration data corruption, and on the destination host may trigger error traces during device startup (as document...

CVE-2021-47014

CVE-2021-47014 affects the Linux kernel’s net/sched code, specifically the act_ct action used during IP fragment handling. The root cause was a wild memory access that occurred when a temporarily stored IP fragment was reassembled: restoring skb->cb could overwrite FRAG_CB(), causing invalid m...

CVE-2024-30703

CVE-2024-30703 entry is rejected and not used; no vulnerability exists.

CVE-2021-47011

CVE-2021-47011 is a Linux kernel memory-control (kmem/slab) issue fixed by patch series “Use obj_cgroup APIs to charge kmem pages” after Vietnam’s memcg slab work. The vulnerability revolves around certain corner objects (e.g., SLUB allocations larger than order-1 page, or pages from buddy alloca...

CVE-2024-26610

Mode C: The CVE-2024-26610 vulnerability affects the Linux kernel’s iwlwifi component (iwl_fw_ini_trigger_tlv::data) where data is a __le32*; copying to data + offset with a byte-based offset can overflow the buffer, causing memory corruption. Connected Astra Linux advisory confirms a fix in the ...

CVE-2024-30704

CVE-2024-30704 entry is rejected/not used and does not represent an active vulnerability entry.

CVE-2024-30659

CVE-2024-30659 is rejected/not used; this CVE entry is not active.

CVE-2024-30708

CVE-2024-30708 is rejected/not used; the CNA withdrew it and there is no evidence of a vulnerability.

CVE-2021-47004

CVE-2021-47004 affects Linux kernel f2fs by fixing a get_victim() GC bug in CP-disabling mode. Two issues when using LFS or SSR/AT_SSR to pick a victim: (1) GC could choose a section with checkpointed data if only current-segment checks were performed; the fix adds section-level validation so a v...

CVE-2021-46999

CVE-2021-46999 affects the Linux kernel SCTP stack. A transport use-after-free occurs when processing a duplicate COOKIE-ECHO chunk in sctp_sf_do_dupcook_a(), where COOKIE-ACK and SHUTDOWN chunks can be allocated with the transport from the new asoc but are later sent via the old asoc after the n...

CVE-2021-47016

CVE-2021-47016 is rejected/not used; not an active vulnerability entry.

CVE-2024-26615

CVE-2024-26615 affects the Linux kernel net/smc code. A crash from NULL pointer dereference occurs when dumping SMC-D connections due to illegal rmb_desc access to conn->rmb_desc during an in-progress connection. The issue is fixed by adding a check before dumping to ensure rmb_desc has been i...

CVE-2024-41091

CVE-2024-41091, in the Linux kernel, is due to missing verification of frame length in the tun_xdp_one() path. This can allow a skb with insufficient Ethernet header length to be processed, risking out-of-bounds access or header-length inconsistencies in subsequent processing. A related path (tun...

CVE-2023-52498

CVE-2023-52498 : Linux kernel sleep deadlock in system-wide PM code in low-memory conditions. root cause: system-wide resume core code could deadlock because async_schedule_dev() sometimes runs the argument synchronously and may contend for a mutex; this could cause ordering issues in resume call...

CVE-2024-26619

CVE-2024-26619 concerns the Linux kernel on riscv, where a use-after-free was introduced by the order of kfree calls during module loading. The vulnerability is resolved by reversing the free order, preventing use-after-free conditions. The available details identify the affected component as the...

CVE-2024-26611

Technical details are not publicly available in the provided documents; no specific affected kernels, versions, or patch specifics are disclosed.

CVE-2023-42889

CVE-2023-42889 : macOS privacy-bypass issue where an app may bypass certain Privacy preferences due to insufficient checks. Affected platforms/versions (per provided documents): macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Root cause described as “improved checks.” Remediation:...

CVE-2023-52482

CVE-2023-52482 is a Linux kernel issue where x86 SRSO mitigation was added to address speculative return stack overflow on Hygon processors. The connected Nessus entry for MiracleLinux 9 references kernel commits that implement x86 srso mitigation for Hygon and notes this CVE’s resolution, aligni...

CVE-2024-26617

CVE-2024-26617 (Linux kernel) : The vulnerability stems from fs/proc/task_mmu where the mmu notification mechanism was moved inside the mm lock, preventing a race with components that depend on the notifier to invalidate memory ranges. The patch tightens the notifier scope inside the mm lock, red...

CVE-2023-28120

CVE-2023-28120 affects ActiveSupport: invoking the new bytesplice method on a SafeBuffer with untrusted input can lead to cross-site scripting (CWE-79). Connected sources confirm the vulnerability exists, but the provided documents do not specify affected versions or a fixed patch version. There ...

CVE-2024-6236

CVE-2024-6236 is a Denial of Service affecting Citrix NetScaler Console, NetScaler Agent, and NetScaler SDX (SVM). Citrix CTX677998 lists affected versions: Console 14.1 before 14.1-25.53; Console 13.1 before 13.1-53.22; Console 13.0 before 13.0-92.31; SDX/Agent likewise limited to the same or re...

CVE-2024-30686

This CVE-2024-30686 entry is rejected/not used; withdrawn by its CNA and not a valid vulnerability.

CVE-2024-26616

CVE-2024-26616 affects the Linux kernel Btrfs file system, specifically the scrub path. The bug occurs when a converted ext4-converted Btrfs with chunk layout causes Scrub to split a bio and free resources twice, leading to a use-after-free in scrub_read_endio/scrub_submit_initial_read. The root ...

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

CVE-2023-52493

CVE-2023-52493 concerns the Linux kernel’s bus: mhi: host subsystem. The vulnerability arises from locking the channel by taking both read and write locks in succession during parse_xfer_event, allowing a client callback to queue buffers while holding locks, which can lead to multiple locks and a...

CVE-2023-52377

CVE-2023-52377 affects Huawei EMUI (cellular data module). The vulnerability arises from input data not being verified, potentially enabling out-of-bounds access. Reported CVSS v3.1 base score is 7.4 (HIGH) with network attack vector, high impact on confidentiality and availability, and no user i...

CVE-2024-25763

CVE-2024-25763 affects openNDS 10.2.0 with a Use-After-Free in /openNDS/src/auth.c. The Red Hat/OSV/Ubuntu/NASL entries confirm the same description across multiple sources. The CVE’s metrics show a CVSS v3.1 base score of 5.5 (Medium) with network attack vector, low attack complexity, and privil...

CVE-2024-23349

Apache Answer (github.com/apache/incubator-answer) is affected by a Cross-site Scripting (XSS) flaw in the summary field present through version 1.2.1. The root cause is improper neutralization of input during web page generation, enabling a logged-in user to inject malicious code when editing th...

CVE-2023-52491

CVE-2023-52491 concerns a use-after-free in the Linux kernel’s media/mtk-jpeg driver. The issue arises from binding jpeg->job_timeout_work to mtk_jpeg_job_timeout_work in mtk_jpeg_probe and a path in mtk_jpeg_dec_device_run where an error in mtk_jpeg_set_dec_dst leads to a worker being started...

CVE-2023-52487

The CVE-2023-52487 entry relates to the Linux kernel, specifically the mlx5 Ethernet driver area (net/mlx5e). Root cause: a refactor of mlx5e_tc_del_fdb_peer_flow() caused the DUP flag to linger when a peer flow was still referenced concurrently, leading to attempts to remove a flow from eswitch ...

CVE-2024-30706

CVE-2024-30706 entry is rejected/not used and does not represent an active vulnerability.

CVE-2021-39275

CVE-2021-39275 affects Apache HTTP Server (httpd) up to 2.4.48 and earlier. The issue is an out-of-bounds write in ap_escape_quotes() when given malicious input, potentially crashing the server or enabling code execution in some environments. Several connected sources concur this vulnerability ex...

CVE-2024-6768

CVE-2024-6768 affects the Windows Common Log File System (CLFS.sys) and can be triggered by a crafted BLF input to cause an unrecoverable state, leading to a Blue Screen of Death (BSOD). The vulnerability stems from improper validation of input quantities in CLFS, specifically manipulating the _C...

CVE-2024-26578

CVE-2024-26578 describes a race condition in Apache Answer (through 1.2.1) caused by concurrent access to a shared resource during user registration, enabling rapid scripted submissions to create multiple accounts with the same name. The issue is a synchronization flaw that can affect account cre...

CVE-2024-22220

CVE-2024-22220 affects Terminalfour and Formbank: unauthenticated stored cross-site scripting can lead to admin session hijacking via the Form Builder and Form Preview. Affected: Terminalfour 7.4–7.4.0004 QP3, Terminalfour 8–8.3.19, and Formbank up to 2.1.10-FINAL. Root cause is XSS in form-relat...