Latest CVE Feed
-
0.0
NONECVE-2024-47685
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use skb_... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47683
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link [why] Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47682
In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix off-by-one error in sd_read_block_characteristics() Ff the device returns page 0xb1 with length 8 (happens with qemu v2.x, for example), sd_read_block_characteristics() ma... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47680
In the Linux kernel, the following vulnerability has been resolved: f2fs: check discard support for conventional zones As the helper function f2fs_bdev_support_discard() shows, f2fs checks if the target block devices support discard by calling bdev_max_... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47679
In the Linux kernel, the following vulnerability has been resolved: vfs: fix race between evice_inodes() and find_inode()&iput() Hi, all Recently I noticed a bug[1] in btrfs, after digged it into and I believe it'a race in vfs. Let's assume there's a ... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47678
In the Linux kernel, the following vulnerability has been resolved: icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1) host wide ratelimit (icmp_global_al... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-47675
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() If bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the error_free label and frees the array of bpf_uprobe's with... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
7.6
CVSS31CVE-2024-47328
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Automation By Autonami allows SQL Injection.This issue affects Automation By Autonami: from n/a through 3.1.2.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
6.5
CVSS31CVE-2024-43945
Cross-Site Request Forgery (CSRF) vulnerability in Latepoint LatePoint allows Cross Site Request Forgery.This issue affects LatePoint: from n/a through 4.9.91.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
8.8
CVSS31CVE-2024-10202
Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
7.5
CVSS31CVE-2024-10200
Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
8.8
CVSS31CVE-2024-10201
Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-48930
secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In `elliptic`-based version, `loadUncompressedPublicKey` has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, howev... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
6.5
CVSS31CVE-2024-8305
prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions pr... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
8.2
CVSS31CVE-2024-6519
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-45309
OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-49862
In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: Fix off by one in get_rpi() The rp->priv->rpi array is either rpi_msr or rpi_tpmi which have NR_RAPL_PRIMITIVES number of elements. Thus the > needs to be >= to p... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-49861
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps Lonial found an issue that despite user- and BPF-side frozen BPF map (like in case of .rodata), it was still possible to write into it from a BP... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-49860
In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024
-
0.0
NONECVE-2024-49858
In the Linux kernel, the following vulnerability has been resolved: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption The TPM event log table is a Linux specific construct, where the data produced by the GetEventLog() boot service i... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 21, 2024