Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-46905 |
Description: In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.
CVSS: HIGH (8.8) EPSS Score: 0.06%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-46054 |
Description: OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-44949 |
Description: In the Linux kernel, the following vulnerability has been resolved:
parisc: fix a possible DMA corruption
ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be
possible that two unrelated 16-byte allocations share a cache line. If
one of these allocations is written using DMA and the other is written
using cached write, the value that was written with DMA may be
corrupted.
This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -
that's the largest possible cache line size.
As different parisc microarchitectures have different cache line size, we
define arch_slab_minalign(), cache_line_size() and
dma_get_cache_alignment() so that the kernel may tune slab cache
parameters dynamically, based on the detected cache line size.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-43053 |
Description: Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-43052 |
Description: Memory corruption while processing API calls to NPU with invalid input.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-43050 |
Description: Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-43049 |
Description: Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-43048 |
Description: Memory corruption when invalid input is passed to invoke GPU Headroom API call.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-42322 |
Description: In the Linux kernel, the following vulnerability has been resolved:
ipvs: properly dereference pe in ip_vs_add_service
Use pe directly to resolve sparse warning:
net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression
CVSS: LOW (0.0) EPSS Score: 0.05%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-42158 |
Description: In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
Replace memzero_explicit() and kfree() with kfree_sensitive() to fix
warnings reported by Coccinelle:
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|