Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-50265 In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Syzkaller is able to provoke null-ptr-dereference in... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-50267 In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_edgeport: fix use after free in debug printk The "dev_dbg(&urb->dev->dev, ..." which happens after usb_free_urb(ur... | 7.8 | HIGH | β | 0 |
| CVE-2024-50268 In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() The "*cmd" variable can be controlled by the user via... | 7.1 | HIGH | β | 0 |
| CVE-2024-12729 A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). | 8.8 | HIGH | β | 0 |
| CVE-2024-50269 In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fix accessing an released usb phy Commit 6ed05c68cbca ("usb: musb: sunxi: Explicitly release USB PHY on exit") w... | 7.8 | HIGH | β | 0 |
| CVE-2024-50271 In the Linux kernel, the following vulnerability has been resolved: signal: restore the override_rlimit logic Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts") UCOUNT_... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-50272 In the Linux kernel, the following vulnerability has been resolved: filemap: Fix bounds checking in filemap_read() If the caller supplies an iocb->ki_pos value that is close to the filesystem upper ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-50273 In the Linux kernel, the following vulnerability has been resolved: btrfs: reinitialize delayed ref list after deleting it from the list At insert_delayed_ref() if we need to update the action of an... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-50275 In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state inc... | 7.0 | HIGH | β | 0 |
| CVE-2024-50276 In the Linux kernel, the following vulnerability has been resolved: net: vertexcom: mse102x: Fix possible double free of TX skb The scope of the TX skb is wider than just mse102x_tx_frame_spi(), so ... | 7.8 | HIGH | β | 0 |
| CVE-2024-50278 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpe... | 7.1 | HIGH | β | 0 |
| CVE-2024-50279 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be drop... | 7.1 | HIGH | β | 0 |
| CVE-2024-50280 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache ... | 7.8 | HIGH | β | 0 |
| CVE-2024-50287 In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: prevent the risk of a division by zero As reported by Coverity, the logic at tpg_precalculate_line() blindly resc... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-50282 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() Avoid a possible buffer overflow if size is larger than 4K. (... | 7.8 | HIGH | β | 0 |
| CVE-2024-50283 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp ksmbd_user_session_put should be called under smb3_preauth_hash_rsp(). It ... | 7.8 | HIGH | β | 0 |
| CVE-2024-50284 In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix the missing xa_store error check xa_store() can fail, it return xa_err(-EINVAL) if the entry cannot be stored in an XAr... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-50286 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create There is a race condition between ksmbd_smb2_session_create and ksmbd_... | 7.0 | HIGH | β | 0 |
| CVE-2024-50292 In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove In case of error when requesting ctrl_chan DMA channel, ctrl... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-50295 In the Linux kernel, the following vulnerability has been resolved: net: arc: fix the device for dma_map_single/dma_unmap_single The ndev->dev and pdev->dev aren't the same device, use ndev->dev.par... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-50296 In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when uninstalling driver When the driver is uninstalled and the VF is disabled concurrently, a kernel ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-50299 In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb() A size validation fix similar to that in Commit 50619dbf8db7 ("sctp: add size... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-53072 In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available Loading the amd_pmc module as: amd_pmc enable_stb=1 ...can result in ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-50301 In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds i... | 7.1 | HIGH | β | 0 |
| CVE-2005-4871 Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileF... | N/A | NONE | β | 0 |
| CVE-2024-10224 Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-11003 Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell ... | 7.8 | HIGH | β | 0 |
| CVE-2024-48990 Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled... | 7.8 | HIGH | β | 0 |
| CVE-2024-48991 Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Pytho... | 7.8 | HIGH | β | 0 |
| CVE-2024-48992 Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled R... | 7.8 | HIGH | β | 0 |
| CVE-2024-50304 In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() The per-netns IP tunnel hash table is protected by the RTNL ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-53042 In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() There are code paths from which the function is called ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-53043 In the Linux kernel, the following vulnerability has been resolved: mctp i2c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet sh... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-53052 In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write When io_uring starts a write, it'll call kiocb_start_write() to bum... | 4.4 | MEDIUM | β | 0 |
| CVE-2024-53055 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix 6 GHz scan construction If more than 255 colocated APs exist for the set of all APs found during 2.4/5 GHz... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-53057 In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to... | 7.8 | HIGH | β | 0 |
| CVE-2024-53058 In the Linux kernel, the following vulnerability has been resolved: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data In case the non-paged data of a SKB carries protocol header ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-53059 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() 1. The size of the response packet is not validated. 2. T... | 7.8 | HIGH | β | 0 |
| CVE-2024-53060 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported acpi_evaluate_object() may return AE_NOT_FOUND (failure), wh... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-53061 In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer o... | 7.8 | HIGH | β | 0 |
| CVE-2024-53063 In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behav... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-53066 In the Linux kernel, the following vulnerability has been resolved: nfs: Fix KMSAN warning in decode_getfattr_attrs() Fix the following KMSAN warning: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-53070 In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: fix fault at system suspend if device was already runtime suspended If the device was already runtime suspended then du... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-53081 In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-53082 In the Linux kernel, the following vulnerability has been resolved: virtio_net: Add hash_key_length check Add hash_key_length check in virtnet_probe() to avoid possible out of bound errors when sett... | 7.1 | HIGH | β | 0 |
| CVE-2024-53088 In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN... | 4.7 | MEDIUM | β | 0 |
| CVE-2018-9466 In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution pri... | 8.8 | HIGH | β | 0 |
| CVE-2024-52804 Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to exc... | 7.5 | HIGH | β | 0 |
| CVE-2024-11495 Buffer overflow vulnerability in OllyDbg, version 1.10, which could allow a local attacker to execute arbitrary code due to lack of proper bounds checking. | 7.5 | HIGH | β | 0 |
| CVE-2024-11491 A vulnerability was found in 115cms up to 20240807. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php/admin/web/useradmin.html. The manipula... | 3.5 | LOW | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.