Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 6.7

    CVSS31
    CVE-2022-21505

    In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure B... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 8.2

    CVSS30
    CVE-2019-2483

    Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 0.0

    NONE
    CVE-2024-43441

    Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 8.0

    CVSS31
    CVE-2024-12746

    A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver ver... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 8.0

    CVSS31
    CVE-2024-12745

    A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver versi... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 8.0

    CVSS31
    CVE-2024-12744

    A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 6.1

    CVSS31
    CVE-2024-12096

    The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 0.0

    NONE
    CVE-2024-55947

    Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.... Read more

    Affected Products :
    • Published: Dec. 23, 2024
    • Modified: Dec. 24, 2024
  • 4.3

    CVSS31
    CVE-2024-12897

    A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The ma... Read more

    Affected Products :
    • Published: Dec. 23, 2024
    • Modified: Dec. 24, 2024
  • 5.3

    CVSS31
    CVE-2024-12896

    A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Affected by this issue is some unknown functionality of the file /web_caps/webCapsConfig of the component Web In... Read more

    Affected Products :
    • Published: Dec. 22, 2024
    • Modified: Dec. 24, 2024
  • 0.0

    NONE
    CVE-2024-53163

    In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_420xx - fix off by one in uof_get_name() This is called from uof_get_name_420xx() where "num_objs" is the ARRAY_SIZE() of fw_objs[]. The > needs to be >= to prevent an ... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 0.0

    NONE
    CVE-2024-53162

    In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_4xxx - fix off by one in uof_get_name() The fw_objs[] array has "num_objs" elements so the > needs to be >= to prevent an out of bounds read.... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 0.0

    NONE
    CVE-2024-53161

    In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ct... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 0.0

    NONE
    CVE-2024-53160

    In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the krcp->monitor_work.timer.expires variable in the schedule_delayed_monitor_work() fun... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 0.0

    NONE
    CVE-2024-53159

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix overflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtoul() results in an overflow if a large number such as 18446744073709551615 is prov... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 0.0

    NONE
    CVE-2024-53158

    In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration.... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 0.0

    NONE
    CVE-2024-53157

    In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfs_info.opp_count... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 0.0

    NONE
    CVE-2024-53156

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 0.0

    NONE
    CVE-2024-53155

    In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_it... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
  • 0.0

    NONE
    CVE-2024-53154

    In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference error.... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024
Showing 20 of 93 Results
© cvefeed.io
Latest DB Update: Dec. 24, 2024 22:44