Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-53104
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
🚨 Marked as known exploited on February 4th, 2025 (3 months ago).
Description: In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-53103
hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
Description: In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-53096
mm: resolve faulty mmap_region() error path behaviour
Description: In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmap_region() error path behaviour The mmap_region() function is somewhat terrifying, with spaghetti-like control flow and numerous means by which issues can arise and incomplete state, memory leaks and other unpleasantness can occur. A large amount of the complexity arises from trying to handle errors late in the process of mapping a VMA, which forms the basis of recently observed issues with resource leaks and observable inconsistent state. Taking advantage of previous patches in this series we move a number of checks earlier in the code, simplifying things by moving the core of the logic into a static internal function __mmap_region(). Doing this allows us to perform a number of checks up front before we do any real work, and allows us to unwind the writable unmap check unconditionally as required and to perform a CONFIG_DEBUG_VM_MAPLE_TREE validation unconditionally also. We move a number of things here: 1. We preallocate memory for the iterator before we call the file-backed memory hook, allowing us to exit early and avoid having to perform complicated and error-prone close/free logic. We carefully free iterator state on both success and error paths. 2. The enclosing mmap_region() function handles the mapping_map_writable() logic early. Previously the logic had the mapping_map_writable() at the point of mapping a newly allocated file-backed VMA, and a matching...

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-53073
NFSD: Never decrement pending_async_copies on error
Description: In the Linux kernel, the following vulnerability has been resolved: NFSD: Never decrement pending_async_copies on error The error flow in nfsd4_copy() calls cleanup_async_copy(), which already decrements nn->pending_async_copies.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-52800
Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI
Description: veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. This issue has not yet been patched. Users are advised to be cautious of XSLT code until a patch is available.

CVSS: LOW (2.3)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-52732
Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of the zeqp system being reused.
Description: Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of the zeqp system being reused.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-52725
SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in...
Description: SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-52724
ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php.
Description: ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-50242
fs/ntfs3: Additional check in ntfs_file_release
Description: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional check in ntfs_file_release

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-50241
NFSD: Initialize struct nfsd4_copy earlier
Description: In the Linux kernel, the following vulnerability has been resolved: NFSD: Initialize struct nfsd4_copy earlier Ensure the refcount and async_copies fields are initialized early. cleanup_async_copy() will reference these fields if an error occurs in nfsd4_copy(). If they are not correctly initialized, at the very least, a refcount underflow occurs.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)