Latest CVE Feed
-
6.7
CVSS31CVE-2022-21505
In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure B... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
8.2
CVSS30CVE-2019-2483
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
0.0
NONECVE-2024-43441
Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
8.0
CVSS31CVE-2024-12746
A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver ver... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
8.0
CVSS31CVE-2024-12745
A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver versi... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
8.0
CVSS31CVE-2024-12744
A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
6.1
CVSS31CVE-2024-12096
The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
0.0
NONECVE-2024-55947
Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.... Read more
Affected Products :- Published: Dec. 23, 2024
- Modified: Dec. 24, 2024
-
4.3
CVSS31CVE-2024-12897
A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The ma... Read more
Affected Products :- Published: Dec. 23, 2024
- Modified: Dec. 24, 2024
-
5.3
CVSS31CVE-2024-12896
A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Affected by this issue is some unknown functionality of the file /web_caps/webCapsConfig of the component Web In... Read more
Affected Products :- Published: Dec. 22, 2024
- Modified: Dec. 24, 2024
-
0.0
NONECVE-2024-53163
In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_420xx - fix off by one in uof_get_name() This is called from uof_get_name_420xx() where "num_objs" is the ARRAY_SIZE() of fw_objs[]. The > needs to be >= to prevent an ... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
0.0
NONECVE-2024-53162
In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_4xxx - fix off by one in uof_get_name() The fw_objs[] array has "num_objs" elements so the > needs to be >= to prevent an out of bounds read.... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
0.0
NONECVE-2024-53161
In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ct... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
0.0
NONECVE-2024-53160
In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the krcp->monitor_work.timer.expires variable in the schedule_delayed_monitor_work() fun... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
0.0
NONECVE-2024-53159
In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix overflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtoul() results in an overflow if a large number such as 18446744073709551615 is prov... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
0.0
NONECVE-2024-53158
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration.... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
0.0
NONECVE-2024-53157
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfs_info.opp_count... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
0.0
NONECVE-2024-53156
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
0.0
NONECVE-2024-53155
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_it... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024
-
0.0
NONECVE-2024-53154
In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference error.... Read more
Affected Products :- Published: Dec. 24, 2024
- Modified: Dec. 24, 2024