Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-36244 |
Description: In the Linux kernel, the following vulnerability has been resolved:
net/sched: taprio: extend minimum interval restriction to entire cycle too
It is possible for syzbot to side-step the restriction imposed by the
blamed commit in the Fixes: tag, because the taprio UAPI permits a
cycle-time different from (and potentially shorter than) the sum of
entry intervals.
We need one more restriction, which is that the cycle time itself must
be larger than N * ETH_ZLEN bit times, where N is the number of schedule
entries. This restriction needs to apply regardless of whether the cycle
time came from the user or was the implicit, auto-calculated value, so
we move the existing "cycle == 0" check outside the "if "(!new->cycle_time)"
branch. This way covers both conditions and scenarios.
Add a selftest which illustrates the issue triggered by syzbot.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-35964 |
Description: In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Fix not validating setsockopt user input
Check user input length before copying data.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-35451 |
Description: LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-35371 |
Description: Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-35368 |
Description: FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-35367 |
Description: FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer
CVSS: LOW (0.0) EPSS Score: 0.05%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-35366 |
Description: FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-34923 |
Description: In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, and SVIP1020 Appliance firmware 01.06.00.03 before 01.07.00.00, there is reflected cross-site scripting (XSS).
CVSS: LOW (0.0)
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-33063 |
Description: Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-33056 |
Description: Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVSS: HIGH (8.4) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|