Latest CVE Feed
-
6.1
CVSS31CVE-2024-30618
A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.... Read more
Affected Products :- Published: Nov. 04, 2024
- Modified: Nov. 05, 2024
-
7.5
CVSS31CVE-2024-51739
Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the use... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50138
In the Linux kernel, the following vulnerability has been resolved: bpf: Use raw_spinlock_t in ringbuf The function __bpf_ringbuf_reserve is invoked from a tracepoint, which disables preemption. Using spinlock_t in this context can lead to a "sleep in a... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50137
In the Linux kernel, the following vulnerability has been resolved: reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC data->asserted will be NULL on JH7110 SoC since commit 82327b127d41 ("reset: starfive: Add StarFive JH7110 reset dr... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50136
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: [ 682.589148] --... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50135
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix race condition between reset and nvme_dev_disable() nvme_dev_disable() modifies the dev->online_queues field, therefore nvme_pci_update_nr_queues() should avoid racing aga... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50134
In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Replace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a "memcpy: dete... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50133
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Don't crash in stack_top() for tasks without vDSO Not all tasks have a vDSO mapped, for example kthreads never do. If such a task ever ends up calling stack_top(), it will de... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50132
In the Linux kernel, the following vulnerability has been resolved: tracing/probes: Fix MAX_TRACE_ARGS limit handling When creating a trace_probe we would set nr_args prior to truncating the arguments to MAX_TRACE_ARGS. However, we would only initialize... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50131
In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length,... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50130
In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: must hold reference on net namespace BUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0 Read of size 8 at addr ffff8880106fe400 by task repro/72= bp... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50129
In the Linux kernel, the following vulnerability has been resolved: net: pse-pd: Fix out of bound for loop Adjust the loop limit to prevent out-of-bounds access when iterating over PI structures. The loop should not reach the index pcdev->nr_lines since... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50128
In the Linux kernel, the following vulnerability has been resolved: net: wwan: fix global oob in wwan_rtnl_policy The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. E... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50127
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical secti... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50126
In the Linux kernel, the following vulnerability has been resolved: net: sched: use RCU read-side critical section in taprio_dump() Fix possible use-after-free in 'taprio_dump()' by adding RCU read-side critical section there. Never seen on x86 but foun... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50125
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part ... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50124
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part ... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50123
In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPF_LINK_TYPE invocation for sockmap There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap link fd. Fix it by adding the missing BPF_LINK_TYPE in... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50122
In the Linux kernel, the following vulnerability has been resolved: PCI: Hold rescan lock while adding devices during host probe Since adding the PCI power control code, we may end up with a race between the pwrctl platform device rescanning the bus and... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
0.0
NONECVE-2024-50121
In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the normal case, when we excute `echo 0 > /proc/fs/nfsd/threads`, the function `nfs4_state_destroy_net` in ... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024