Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-50628
An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve...
Description: An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-50627
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an...
Description: An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific permissions) to upload and execute malicious files, potentially leading to unauthorized system access.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-50626
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the...
Description: An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-50625
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation...
Description: An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, potentially enabling privilege escalation when combined with other vulnerabilities.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-50286
ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create
Description: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create There is a race condition between ksmbd_smb2_session_create and ksmbd_expire_session. This patch add missing sessions_table_lock while adding/deleting session from global session table.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-50285
ksmbd: check outstanding simultaneous SMB operations
Description: In the Linux kernel, the following vulnerability has been resolved: ksmbd: check outstanding simultaneous SMB operations If Client send simultaneous SMB operations to ksmbd, It exhausts too much memory through the "ksmbd_work_cacheā€. It will cause OOM issue. ksmbd has a credit mechanism but it can't handle this problem. This patch add the check if it exceeds max credits to prevent this problem by assuming that one smb request consumes at least one credit.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-50283
ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp
Description: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp ksmbd_user_session_put should be called under smb3_preauth_hash_rsp(). It will avoid freeing session before calling smb3_preauth_hash_rsp().

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-50263
fork: only invoke khugepaged, ksm hooks if no error
Description: In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") makes this more pertinent as we may be in a state where entries in the maple tree are not yet consistent. Their placement early in dup_mmap() only appears to have been meaningful for early error checking, and since functionally it'd require a very small allocation to fail (in practice 'too small to fail') that'd only occur in the most dire circumstances, meaning the fork would fail or be OOM'd in any case. Since both khugepaged and KSM tracking are there to provide optimisations to memory performance rather than critical functionality, it doesn't really matter all that much if, under such dire memory pressure, we fail to register an mm with these. As a result, we follow the example of commit d2081b2bf819 ("mm: khugepaged: make khugepaged_enter() void function") and make ksm_fork() a void function also. We only expose the mm to these functions once we are done with them and only if no error occurred in the fork operation.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-50248
ntfs3: Add bounds checking to mi_enum_attr()
Description: In the Linux kernel, the following vulnerability has been resolved: ntfs3: Add bounds checking to mi_enum_attr() Added bounds checking to make sure that every attr don't stray beyond valid memory region.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-50247
fs/ntfs3: Check if more than chunk-size bytes are written
Description: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check if more than chunk-size bytes are written A incorrectly formatted chunk may decompress into more than LZNT_CHUNK_SIZE bytes and a index out of bounds will occur in s_max_off.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)