Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-41051 In the Linux kernel, the following vulnerability has been resolved: cachefiles: wait for ondemand_object_worker to finish when dropping object When queuing ondemand_object_worker() to re-open the ob... | 7.8 | HIGH | β | 0 |
| CVE-2024-41055 In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfn_section_valid() Commit 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing memory_section->... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41056 In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Use strnlen() instead of strlen() on the algorithm and coefficient... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41057 In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following issue in our fault injection stress test:... | 7.0 | HIGH | β | 0 |
| CVE-2024-41058 In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() We got the following issue in our fault injection stress test: =... | 7.8 | HIGH | β | 0 |
| CVE-2024-41059 In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/... | 7.1 | HIGH | β | 0 |
| CVE-2024-41060 In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bo_va->bo is non-NULL before using it The call to radeon_vm_clear_freed might clear bo_va->bo, so we have to che... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-40842 An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41062 In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work, where... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41063 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() syzbot is reporting that calling hci_release_dev() from hci_error_... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41064 In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: avoid possible crash when edev->pdev changes If a PCI device is removed during eeh_pe_report_edev(), edev->pdev will ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41065 In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc/... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41066 In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: t... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41069 In the Linux kernel, the following vulnerability has been resolved: ASoC: topology: Fix references to freed memory Most users after parsing a topology file, release memory used by it, so having poin... | 7.8 | HIGH | β | 0 |
| CVE-2024-41070 In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Al reported a possible use-after-free (UAF) in kvm_spapr_tc... | 7.8 | HIGH | β | 0 |
| CVE-2024-41072 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211_wext_siwscan()', add extra check whether number of channels pa... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41074 In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set object to close if ondemand_id < 0 in copen If copen is maliciously called in the user mode, it may delete the req... | 7.8 | HIGH | β | 0 |
| CVE-2024-42302 In the Linux kernel, the following vulnerability has been resolved: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Keith reports a use-after-free when a DPC event occurs concurrently ... | 7.8 | HIGH | β | 0 |
| CVE-2024-41075 In the Linux kernel, the following vulnerability has been resolved: cachefiles: add consistency check for copen/cread This prevents malicious processes from completing random copen/cread requests an... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41076 In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4_set_security_label We leak nfs_fattr and nfs4_label every time we set a security xattr. | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41077 In the Linux kernel, the following vulnerability has been resolved: null_blk: fix validation of block size Block size should be between 512 and PAGE_SIZE and be a power of 2. The current check does ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41078 In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix quota root leak after quota disable failure If during the quota disable we fail when cleaning the quota tree or... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41087 In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump to the err_ou... | 7.8 | HIGH | β | 0 |
| CVE-2024-41079 In the Linux kernel, the following vulnerability has been resolved: nvmet: always initialize cqe.result The spec doesn't mandate that the first two double words (aka results) for the command queue e... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41080 In the Linux kernel, the following vulnerability has been resolved: io_uring: fix possible deadlock in io_register_iowq_max_workers() The io_register_iowq_max_workers() function calls io_put_sq_data... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41081 In the Linux kernel, the following vulnerability has been resolved: ila: block BH in ila_output() As explained in commit 1378817486d6 ("tipc: block BH before using dst_cache"), net/core/dst_cache.c ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41671 Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly ... | 8.3 | HIGH | β | 0 |
| CVE-2023-52887 In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new This patch enhances error han... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41089 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes In nv17_tv_get_hd_modes(), the return value of drm_mode... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41092 In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix potential UAF by revoke of fence registers CI has been sporadically reporting the following issue triggered by ig... | 7.8 | HIGH | β | 0 |
| CVE-2024-41093 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid using null object of framebuffer Instead of using state->fb->obj[0] directly, get object from framebuffer by cal... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41095 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes In nv17_tv_get_ld_modes(), the return value of drm_mode... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43846 In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41096 In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Fix UAF in msi_capability_init KFENCE reports the following UAF: BUG: KFENCE: use-after-free read in __pci_enable_msi_r... | 7.8 | HIGH | β | 0 |
| CVE-2024-41097 In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacru_bind() Syzbot is still reporting quite an old issue [1] that occurs due to incom... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41098 In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer dereference on error If the ata_port_alloc() call in ata_host_alloc() fails, ata_host_release()... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41810 Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows a... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-41817 ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH... | 7.0 | HIGH | β | 0 |
| CVE-2024-42063 In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode syzbot reported uninit memory usages during map_{lookup,de... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-42068 In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() set_memory_ro() can fail, leaving memory unprotected. ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-42069 In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_devi... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-42070 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is con... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-22356 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue a... | 7.5 | HIGH | β | 0 |
| CVE-2024-42076 In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939_send_one() syzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one()... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-42077 In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2_dio_end_io_write() estimates number of necessary ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-42080 In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Fix potential invalid address access struct rdma_restrack_entry's kern_name was set to KBUILD_MODNAME in ib_create_... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-42082 In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN() from __xdp_reg_mem_model() syzkaller reports a warning in __xdp_reg_mem_model(). The warning occurs only if __... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-42084 In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-40843 The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system. | 5.5 | MEDIUM | β | 0 |
| CVE-2024-42085 In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock When config CONFIG_USB_DWC3_DUAL_ROLE is s... | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.