Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53272 |
Description: Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `login` and `social media` function in `RegisterLoginReset.vue` contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim’s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch.
CVSS: MEDIUM (5.0) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-53095 |
Description: In the Linux kernel, the following vulnerability has been resolved:
smb: client: Fix use-after-free of network namespace.
Recently, we got a customer report that CIFS triggers oops while
reconnecting to a server. [0]
The workload runs on Kubernetes, and some pods mount CIFS servers
in non-root network namespaces. The problem rarely happened, but
it was always while the pod was dying.
The root cause is wrong reference counting for network namespace.
CIFS uses kernel sockets, which do not hold refcnt of the netns that
the socket belongs to. That means CIFS must ensure the socket is
always freed before its netns; otherwise, use-after-free happens.
The repro steps are roughly:
1. mount CIFS in a non-root netns
2. drop packets from the netns
3. destroy the netns
4. unmount CIFS
We can reproduce the issue quickly with the script [1] below and see
the splat [2] if CONFIG_NET_NS_REFCNT_TRACKER is enabled.
When the socket is TCP, it is hard to guarantee the netns lifetime
without holding refcnt due to async timers.
Let's hold netns refcnt for each socket as done for SMC in commit
9744d2bf1976 ("smc: Fix use-after-free in tcp_write_timer_handler().").
Note that we need to move put_net() from cifs_put_tcp_session() to
clean_demultiplex_info(); otherwise, __sock_create() still could touch a
freed netns while cifsd tries to reconnect from cifs_demultiplex_thread().
Also, maybe_get_net() cannot be put just before __sock_create() because
the code is not under RCU a...
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-53057 |
Description: In the Linux kernel, the following vulnerability has been resolved:
net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed
to be either root or ingress. This assumption is bogus since it's valid
to create egress qdiscs with major handle ffff:
Budimir Markovic found that for qdiscs like DRR that maintain an active
class list, it will cause a UAF with a dangling class pointer.
In 066a3b5b2346, the concern was to avoid iterating over the ingress
qdisc since its parent is itself. The proper fix is to stop when parent
TC_H_ROOT is reached because the only way to retrieve ingress is when a
hierarchy which does not contain a ffff: major handle call into
qdisc_lookup with TC_H_MAJ(TC_H_ROOT).
In the scenario where major ffff: is an egress qdisc in any of the tree
levels, the updates will also propagate to TC_H_ROOT, which then the
iteration must stop.
net/sched/sch_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-52537 |
Description: Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-5154 |
Description: A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-51460 |
Description: IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-50931 |
Description: Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-50930 |
Description: An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-50928 |
Description: Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with the controller.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-50921 |
Description: Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|