ID | CVSS | Summary | Last (major) update | Published | |
CVE-2024-47757 | None |
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential oob read in nilfs_btree_check_delete()
The function nilfs_btree_check_delete(), which checks whether degeneration
to direct mapping occurs before deleting a b
|
22-10-2024 - 15:54 | 21-10-2024 - 13:15 | |
CVE-2024-49857 | None |
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: set the cipher for secured NDP ranging
The cipher pointer is not set, but is derefereced trying to set its
content, which leads to a NULL pointer dereference.
F
|
22-10-2024 - 15:48 | 21-10-2024 - 13:15 | |
CVE-2024-47755 | None |
In the Linux kernel, the following vulnerability has been resolved:
nvdimm: Fix devs leaks in scan_labels()
scan_labels() leaks memory when label scanning fails and it falls back
to just creating a default "seed" namespace for userspace to configur
|
22-10-2024 - 15:46 | 21-10-2024 - 13:15 | |
CVE-2024-9892 | None |
The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authe
|
22-10-2024 - 15:46 | 18-10-2024 - 05:15 | |
CVE-2024-47743 | None |
In the Linux kernel, the following vulnerability has been resolved:
KEYS: prevent NULL pointer dereference in find_asymmetric_key()
In find_asymmetric_key(), if all NULLs are passed in the id_{0,1,2}
arguments, the kernel will first emit WARN but t
|
22-10-2024 - 15:45 | 21-10-2024 - 13:15 | |
CVE-2024-47744 | None |
In the Linux kernel, the following vulnerability has been resolved:
KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock
Use a dedicated mutex to guard kvm_usage_count to fix a potential deadlock
on x86 due to a chain of locks and
|
22-10-2024 - 15:44 | 21-10-2024 - 13:15 | |
CVE-2024-38820 | None |
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
|
22-10-2024 - 15:42 | 18-10-2024 - 06:15 | |
CVE-2024-10199 | None |
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /manage_medicine.php of the component Manage Medicines Page. The manipulatio
|
22-10-2024 - 15:40 | 21-10-2024 - 02:15 | |
CVE-2024-10198 | None |
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The man
|
22-10-2024 - 15:39 | 21-10-2024 - 02:15 | |
CVE-2024-43300 | None |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bert Kößler Movie Database allows Stored XSS.This issue affects Movie Database: from n/a through 1.0.11.
|
22-10-2024 - 15:35 | 18-10-2024 - 11:15 | |
CVE-2023-20814 | None |
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS074535
|
22-10-2024 - 15:35 | 07-08-2023 - 04:15 | |
CVE-2023-20815 | None |
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS074535
|
22-10-2024 - 15:35 | 07-08-2023 - 04:15 | |
CVE-2023-20816 | None |
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS074535
|
22-10-2024 - 15:35 | 07-08-2023 - 04:15 | |
CVE-2023-4055 | None |
When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulner
|
22-10-2024 - 15:35 | 01-08-2023 - 16:15 | |
CVE-2024-49614 | None |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3.
|
22-10-2024 - 15:34 | 20-10-2024 - 10:15 | |
CVE-2024-49613 | None |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lodel Geraldo Simple Code Insert Shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through 1.0.
|
22-10-2024 - 15:29 | 20-10-2024 - 10:15 | |
CVE-2024-47240 | None |
Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data
|
22-10-2024 - 15:28 | 18-10-2024 - 12:15 | |
CVE-2024-9206 | None |
The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for
|
22-10-2024 - 15:27 | 18-10-2024 - 07:15 | |
CVE-2024-9364 | None |
The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and including, 1.4. This makes it possible for authenticated
|
22-10-2024 - 15:26 | 18-10-2024 - 05:15 | |
CVE-2024-9703 | None |
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attr
|
22-10-2024 - 15:25 | 18-10-2024 - 07:15 | |
CVE-2024-49859 | None |
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to check atomic_file in f2fs ioctl interfaces
Some f2fs ioctl interfaces like f2fs_ioc_set_pin_file(),
f2fs_move_file_range(), and f2fs_defragment_range() missed to
check
|
22-10-2024 - 15:24 | 21-10-2024 - 13:15 | |
CVE-2024-49855 | None |
In the Linux kernel, the following vulnerability has been resolved:
nbd: fix race between timeout and normal completion
If request timetout is handled by nbd_requeue_cmd(), normal completion
has to be stopped for avoiding to complete this requeued
|
22-10-2024 - 15:17 | 21-10-2024 - 13:15 | |
CVE-2024-26271 | None |
Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through
|
22-10-2024 - 15:15 | 22-10-2024 - 15:15 | |
CVE-2024-26272 | None |
Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allo
|
22-10-2024 - 15:15 | 22-10-2024 - 15:15 | |
CVE-2024-26273 | None |
Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update
|
22-10-2024 - 15:15 | 22-10-2024 - 15:15 | |
CVE-2024-38002 | None |
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating
|
22-10-2024 - 15:15 | 22-10-2024 - 15:15 | |
CVE-2024-43173 | None |
IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
|
22-10-2024 - 15:15 | 22-10-2024 - 15:15 | |
CVE-2024-43177 | None |
IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
|
22-10-2024 - 15:15 | 22-10-2024 - 15:15 | |
CVE-2024-8980 | None |
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2
|
22-10-2024 - 15:15 | 22-10-2024 - 15:15 | |
CVE-2024-26718 | None |
In the Linux kernel, the following vulnerability has been resolved:
dm-crypt, dm-verity: disable tasklets
Tasklets have an inherent problem with memory corruption. The function
tasklet_action_common calls tasklet_trylock, then it calls the tasklet
|
22-10-2024 - 15:15 | 03-04-2024 - 15:15 | |
CVE-2024-43845 | None |
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix bogus checksum computation in udf_rename()
Syzbot reports uninitialized memory access in udf_rename() when updating
checksum of '..' directory entry of a moved directory.
|
22-10-2024 - 15:15 | 17-08-2024 - 10:15 | |
CVE-2024-39497 | None |
In the Linux kernel, the following vulnerability has been resolved:
drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
Lack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap
allows users to call mmap with PROT_WRITE and MA
|
22-10-2024 - 15:15 | 12-07-2024 - 13:15 | |
CVE-2024-40953 | None |
In the Linux kernel, the following vulnerability has been resolved:
KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
Use {READ,WRITE}_ONCE() to access kvm->last_boosted_vcpu to ensure the
loads and stores are atomic. In the extremel
|
22-10-2024 - 15:15 | 12-07-2024 - 13:15 | |
CVE-2023-52530 | None |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix potential key use-after-free
When ieee80211_key_link() is called by ieee80211_gtk_rekey_add()
but returns 0 due to KRACK protection (identical key reinstall),
i
|
22-10-2024 - 15:15 | 02-03-2024 - 22:15 | |
CVE-2024-20420 | None |
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user.
This vulnerability is due to incor
|
22-10-2024 - 15:12 | 16-10-2024 - 17:15 | |
CVE-2024-47747 | None |
In the Linux kernel, the following vulnerability has been resolved:
net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition
In the ether3_probe function, a timer is initialized with a callback
function ether3_ledoff, boun
|
22-10-2024 - 15:09 | 21-10-2024 - 13:15 | |
CVE-2024-10192 | None |
A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remot
|
22-10-2024 - 15:09 | 20-10-2024 - 07:15 | |
CVE-2024-9366 | None |
The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for a
|
22-10-2024 - 15:09 | 18-10-2024 - 05:15 | |
CVE-2024-9373 | None |
The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac
|
22-10-2024 - 15:07 | 18-10-2024 - 05:15 | |
CVE-2024-47753 | None |
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning
Fix a smatch static checker warning on vdec_vp8_req_if.c.
Which leads to a kernel crash when fb is NULL.
|
22-10-2024 - 15:04 | 21-10-2024 - 13:15 | |
CVE-2024-47752 | None |
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Fix H264 stateless decoder smatch warning
Fix a smatch static checker warning on vdec_h264_req_if.c.
Which leads to a kernel crash when fb is NULL.
|
22-10-2024 - 15:04 | 21-10-2024 - 13:15 | |
CVE-2024-47754 | None |
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning
Fix a smatch static checker warning on vdec_h264_req_multi_if.c.
Which leads to a kernel crash when fb is N
|
22-10-2024 - 15:03 | 21-10-2024 - 13:15 | |
CVE-2024-47756 | None |
In the Linux kernel, the following vulnerability has been resolved:
PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
This code accidentally uses && where || was intended. It potentially
results in a NULL dereference.
Thus, fix the if
|
22-10-2024 - 15:02 | 21-10-2024 - 13:15 | |
CVE-2024-47749 | None |
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cxgb4: Added NULL check for lookup_atid
The lookup_atid() function can return NULL if the ATID is
invalid or does not exist in the identifier table, which
could lead to derefe
|
22-10-2024 - 15:00 | 21-10-2024 - 13:15 | |
CVE-2024-47684 | None |
In the Linux kernel, the following vulnerability has been resolved:
tcp: check skb is non-NULL in tcp_rto_delta_us()
We have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic
kernel that are running ceph and recently hit a
|
22-10-2024 - 14:59 | 21-10-2024 - 12:15 | |
CVE-2024-47681 | None |
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he
Fix the NULL pointer dereference in mt7996_mcu_sta_bfer_he
routine adding an sta interface to the mt7996
|
22-10-2024 - 14:57 | 21-10-2024 - 12:15 | |
CVE-2024-47677 | None |
In the Linux kernel, the following vulnerability has been resolved:
exfat: resolve memory leak from exfat_create_upcase_table()
If exfat_load_upcase_table reaches end and returns -EINVAL,
allocated memory doesn't get freed and while
exfat_load_defa
|
22-10-2024 - 14:55 | 21-10-2024 - 12:15 | |
CVE-2024-7890 | None |
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
|
22-10-2024 - 14:53 | 11-09-2024 - 23:15 | |
CVE-2024-7889 | None |
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
|
22-10-2024 - 14:50 | 11-09-2024 - 23:15 | |
CVE-2024-10153 | None |
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the arg
|
22-10-2024 - 14:45 | 19-10-2024 - 18:15 |