Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-36618
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a...
Description: FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-36617
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
Description: FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-36616
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application...
Description: An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-36612
Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.
Description: Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-36610
A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in...
Description: A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-36478
null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
Description: In the Linux kernel, the following vulnerability has been resolved: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script: modprobe null_blk nr_devices=0 mkdir -p /sys/kernel/config/nullb/nullb0 while true; do echo 1 > submit_queues; echo 4 > submit_queues; done & while true; do echo 1 > power; echo 0 > power; done Test result: BUG: kernel NULL pointer dereference, address: 0000000000000148 Oops: 0000 [#1] PREEMPT SMP RIP: 0010:__lock_acquire+0x41d/0x28f0 Call Trace: lock_acquire+0x121/0x450 down_write+0x5f/0x1d0 simple_recursive_removal+0x12f/0x5c0 blk_mq_debugfs_unregister_hctxs+0x7c/0x100 blk_mq_update_nr_hw_queues+0x4a3/0x720 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] nullb_device_submit_queues_store+0x79/0xf0 [null_blk] configfs_write_iter+0x119/0x1e0 vfs_write+0x326/0x730 ksys_write+0x74/0x150 This is because del_gendisk() can concurrent with blk_mq_update_nr_hw_queues(): nullb_device_power_store nullb_apply_submit_queues null_del_dev del_gendisk nullb_update_nr_hw_queues if (!dev->nullb) // still set while gendisk is deleted return 0 blk_mq_update_nr_hw_queues dev->nullb = NULL Fix this problem by resuing the global mutex to protect nullb_device_power_store() and nullb_update_nr_hw_queues() from configfs.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-36244
net/sched: taprio: extend minimum interval restriction to entire cycle too
Description: In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time different from (and potentially shorter than) the sum of entry intervals. We need one more restriction, which is that the cycle time itself must be larger than N * ETH_ZLEN bit times, where N is the number of schedule entries. This restriction needs to apply regardless of whether the cycle time came from the user or was the implicit, auto-calculated value, so we move the existing "cycle == 0" check outside the "if "(!new->cycle_time)" branch. This way covers both conditions and scenarios. Add a selftest which illustrates the issue triggered by syzbot.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-35964
Bluetooth: ISO: Fix not validating setsockopt user input
Description: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not validating setsockopt user input Check user input length before copying data.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-35451
LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF.
Description: LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-35371
Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the...
Description: Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 3rd, 2024 (5 months ago)