Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-48956 |
Description: Serviceware Processes 6.0 through 7.3 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-46901 |
Description: Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.
All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.
Repositories served via other access methods are not affected.
CVSS: LOW (3.1) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-46841 |
Description: In the Linux kernel, the following vulnerability has been resolved:
btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()
We handle errors here properly, ENOMEM isn't fatal, return the error.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-46749 |
Description: In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()
This adds a check before freeing the rx->skb in flush and close
functions to handle the kernel crash seen while removing driver after FW
download fails or before FW download completes.
dmesg log:
[ 54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080
[ 54.643398] Mem abort info:
[ 54.646204] ESR = 0x0000000096000004
[ 54.649964] EC = 0x25: DABT (current EL), IL = 32 bits
[ 54.655286] SET = 0, FnV = 0
[ 54.658348] EA = 0, S1PTW = 0
[ 54.661498] FSC = 0x04: level 0 translation fault
[ 54.666391] Data abort info:
[ 54.669273] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 54.674768] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 54.674771] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000
[ 54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000
[ 54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[ 54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv ...
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-46742 |
Description: In the Linux kernel, the following vulnerability has been resolved:
smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)
and parse_lease_state() return NULL.
Fix this by check if 'lease_ctx_info' is NULL.
Additionally, remove the redundant parentheses in
parse_durable_handle_context().
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-46718 |
Description: In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Don't overmap identity VRAM mapping
Overmapping the identity VRAM mapping is triggering hardware bugs on
certain platforms. Use 2M pages for the last unaligned (to 1G) VRAM
chunk.
v2:
- Always use 2M pages for last chunk (Fei Yang)
- break loop when 2M pages are used
- Add assert for usable_size being 2M aligned
v3:
- Fix checkpatch
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-46705 |
Description: In the Linux kernel, the following vulnerability has been resolved:
drm/xe: reset mmio mappings with devm
Set our various mmio mappings to NULL. This should make it easier to
catch something rogue trying to mess with mmio after device removal. For
example, we might unmap everything and then start hitting some mmio
address which has already been unmamped by us and then remapped by
something else, causing all kinds of carnage.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-46547 |
Description: A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3.2.6) where unauthorized users could access sensitive information due to improper access control validation via PHP Info Page. This issue can lead to data leaks.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-46455 |
Description: unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-45761 |
Description: Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|