Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-35946
wifi: rtw89: fix null pointer access when abort scan
Description: In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix null pointer access when abort scan During cancel scan we might use vif that weren't scanning. Fix this by using the actual scanning vif.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-33122
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function.
Description: Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-27407
fs/ntfs3: Fixed overflow check in mi_enum_attr()
Description: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr()

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-26980
ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
Description: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf If ->ProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request size validation could be skipped. if request size is smaller than sizeof(struct smb2_query_info_req), slab-out-of-bounds read can happen in smb2_allocate_rsp_buf(). This patch allocate response buffer after decrypting transform request. smb3_decrypt_req() will validate transform request size and avoid slab-out-of-bound in smb2_allocate_rsp_buf().

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-26936
ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
Description: In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate request buffer size in smb2_allocate_rsp_buf() The response buffer should be allocated in smb2_allocate_rsp_buf before validating request. But the fields in payload as well as smb2 header is used in smb2_allocate_rsp_buf(). This patch add simple buffer size validation to avoid potencial out-of-bounds in request buffer.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-26811
ksmbd: validate payload size in ipc response
Description: In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid memory overrun or slab-out-of-bounds. This patch validate 3 ipc response that has payload.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-26686
fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats
Description: In the Linux kernel, the following vulnerability has been resolved: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call do_task_stat() at the same time and the process has NR_THREADS, it will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change do_task_stat() to use sig->stats_lock to gather the statistics outside of ->siglock protected section, in the likely case this code will run lockless.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-12393
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-12174
An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept...
Description: An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.

CVSS: LOW (2.7)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-12057
User credentials recorded in log files
Description: User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end. By exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability could lead to unauthorized access to the application.

CVSS: LOW (1.8)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)