Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-29476 |
Description: In Menlo On-Premise Appliance before 2.88, web policy may not be consistently applied properly to intentionally malformed client requests. This is fixed in 2.88.2+, 2.89.1+, and 2.90.1+.
EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-56082 |
Description: ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disableParsingRawHTML set to true.
EPSS Score: 0.05%
December 16th, 2024 (4 months ago)
|
|
CVE-2024-56074 |
Description: gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.
EPSS Score: 0.05%
December 16th, 2024 (4 months ago)
|
|
CVE-2024-55969 |
Description: DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the resaving of a DOCX document with an external reference XML, aka I640714.
EPSS Score: 0.04%
December 16th, 2024 (4 months ago)
|
|
CVE-2024-11858 |
Description: A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing​
EPSS Score: 0.04%
December 16th, 2024 (4 months ago)
|
|
CVE-2023-4387 |
Description: A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.
EPSS Score: 0.04%
December 16th, 2024 (4 months ago)
|
|
CVE-2024-50275 |
Description: In the Linux kernel, the following vulnerability has been resolved:
arm64/sve: Discard stale CPU state when handling SVE traps
The logic for handling SVE traps manipulates saved FPSIMD/SVE state
incorrectly, and a race with preemption can result in a task having
TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state
is stale (e.g. with SVE traps enabled). This has been observed to result
in warnings from do_sve_acc() where SVE traps are not expected while
TIF_SVE is set:
| if (test_and_set_thread_flag(TIF_SVE))
| WARN_ON(1); /* SVE access shouldn't have trapped */
Warnings of this form have been reported intermittently, e.g.
https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgqpdBj+QwDLeSg=JhGg@mail.gmail.com/
https://lore.kernel.org/linux-arm-kernel/[email protected]/
The race can occur when the SVE trap handler is preempted before and
after manipulating the saved FPSIMD/SVE state, starting and ending on
the same CPU, e.g.
| void do_sve_acc(unsigned long esr, struct pt_regs *regs)
| {
| // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled
| // task->fpsimd_cpu is 0.
| // per_cpu_ptr(&fpsimd_last_state, 0) is task.
|
| ...
|
| // Preempted; migrated from CPU 0 to CPU 1.
| // TIF_FOREIGN_FPSTATE is set.
|
| get_cpu_fpsimd_context();
|
| if (test_and_set_thread_flag(TIF_SVE))
| WARN_ON(1); /* SVE ac...
EPSS Score: 0.04%
December 15th, 2024 (4 months ago)
|
|
CVE-2024-50258 |
Description: In the Linux kernel, the following vulnerability has been resolved:
net: fix crash when config small gso_max_size/gso_ipv4_max_size
Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow
in sk_dst_gso_max_size(), which may trigger a BUG_ON crash,
because sk->sk_gso_max_size would be much bigger than device limits.
Call Trace:
tcp_write_xmit
tso_segs = tcp_init_tso_segs(skb, mss_now);
tcp_set_skb_tso_segs
tcp_skb_pcount_set
// skb->len = 524288, mss_now = 8
// u16 tso_segs = 524288/8 = 65535 -> 0
tso_segs = DIV_ROUND_UP(skb->len, mss_now)
BUG_ON(!tso_segs)
Add check for the minimum value of gso_max_size and gso_ipv4_max_size.
EPSS Score: 0.04%
December 15th, 2024 (4 months ago)
|
|
CVE-2024-50055 |
Description: In the Linux kernel, the following vulnerability has been resolved:
driver core: bus: Fix double free in driver API bus_register()
For bus_register(), any error which happens after kset_register() will
cause that @priv are freed twice, fixed by setting @priv with NULL after
the first free.
EPSS Score: 0.04%
December 15th, 2024 (4 months ago)
|
|
CVE-2024-49996 |
Description: In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix buffer overflow when parsing NFS reparse points
ReparseDataLength is sum of the InodeType size and DataBuffer size.
So to get DataBuffer size it is needed to subtract InodeType's size from
ReparseDataLength.
Function cifs_strndup_from_utf16() is currentlly accessing buf->DataBuffer
at position after the end of the buffer because it does not subtract
InodeType size from the length. Fix this problem and correctly subtract
variable len.
Member InodeType is present only when reparse buffer is large enough. Check
for ReparseDataLength before accessing InodeType to prevent another invalid
memory access.
Major and minor rdev values are present also only when reparse buffer is
large enough. Check for reparse buffer size before calling reparse_mkdev().
EPSS Score: 0.04%
December 15th, 2024 (4 months ago)
|