Latest CVE Feed
-
4.2
CVSS31CVE-2024-48929
Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and ... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
4.6
CVSS31CVE-2024-48927
Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice us... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
4.2
CVSS31CVE-2024-48926
Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a ses... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
0.0
CVSS31CVE-2024-48925
Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that shoul... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
4.2
CVSS31CVE-2024-47819
Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you ge... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
4.7
CVSS31CVE-2024-49859
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check atomic_file in f2fs ioctl interfaces Some f2fs ioctl interfaces like f2fs_ioc_set_pin_file(), f2fs_move_file_range(), and f2fs_defragment_range() missed to check atom... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
7.8
CVSS31CVE-2024-47676
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Syzbot reports a UAF in hugetlb_fault(). This happens because vmf_anon_prepare() could drop the per-VMA lock and allow the current... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
7.0
CVSS31CVE-2024-49855
In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbd_requeue_cmd(), normal completion has to be stopped for avoiding to complete this requeued reque... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
5.5
CVSS31CVE-2024-49850
In the Linux kernel, the following vulnerability has been resolved: bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos In case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCAL referencing a non-existing BTF type, function bpf_core... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
7.0
CVSS31CVE-2024-47747
In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to ... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
5.5
CVSS31CVE-2024-47752
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_if.c. Which leads to a kernel crash when fb is NULL.... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
5.5
CVSS31CVE-2024-47753
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning Fix a smatch static checker warning on vdec_vp8_req_if.c. Which leads to a kernel crash when fb is NULL.... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
5.5
CVSS31CVE-2024-47754
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_multi_if.c. Which leads to a kernel crash when fb is NULL.... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
5.5
CVSS31CVE-2024-47756
In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix if-statement expression in ks_pcie_quirk() This code accidentally uses && where || was intended. It potentially results in a NULL dereference. Thus, fix the if-stat... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
5.5
CVSS31CVE-2024-47749
In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Added NULL check for lookup_atid The lookup_atid() function can return NULL if the ATID is invalid or does not exist in the identifier table, which could lead to dereferenci... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
5.5
CVSS31CVE-2024-47746
In the Linux kernel, the following vulnerability has been resolved: fuse: use exclusive lock when FUSE_I_CACHE_IO_MODE is set This may be a typo. The comment has said shared locks are not allowed when this bit is set. If using shared lock, the wait in `... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
7.1
CVSS31CVE-2024-47757
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfs_btree_check_delete() The function nilfs_btree_check_delete(), which checks whether degeneration to direct mapping occurs before deleting a b-tree... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
5.5
CVSS31CVE-2024-49857
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: set the cipher for secured NDP ranging The cipher pointer is not set, but is derefereced trying to set its content, which leads to a NULL pointer dereference. Fix it... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
5.5
CVSS31CVE-2024-47755
In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix devs leaks in scan_labels() scan_labels() leaks memory when label scanning fails and it falls back to just creating a default "seed" namespace for userspace to configure. Ro... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
5.5
CVSS31CVE-2024-47743
In the Linux kernel, the following vulnerability has been resolved: KEYS: prevent NULL pointer dereference in find_asymmetric_key() In find_asymmetric_key(), if all NULLs are passed in the id_{0,1,2} arguments, the kernel will first emit WARN but then h... Read more
Affected Products : linux_kernel- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024