CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-47474 In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not assume that the tx and rx buffer... | 7.8 | HIGH | — | 0 |
| CVE-2021-47475 In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sa... | 7.8 | HIGH | — | 0 |
| CVE-2021-47477 In the Linux kernel, the following vulnerability has been resolved: comedi: dt9812: fix DMA buffers on stack USB transfer buffers are typically mapped for DMA and must not be allocated on the stack ... | 7.8 | HIGH | — | 0 |
| CVE-2021-47479 In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use-after-free in rtl8712_dl_fw Syzbot reported use-after-free in rtl8712_dl_fw(). The problem was in race c... | 7.0 | HIGH | — | 0 |
| CVE-2021-47480 In the Linux kernel, the following vulnerability has been resolved: scsi: core: Put LLD module refcnt after SCSI device is released SCSI host release is triggered when SCSI device is freed. We have ... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47481 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR Normally the zero fill would hide the missing initialization, but an ... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47507 In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix nsfd startup race (again) Commit bd5ae9288d64 ("nfsd: register pernet ops last, unregister first") has re-opened rpc_pip... | 4.7 | MEDIUM | — | 0 |
| CVE-2021-47491 In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for filesystems will collapse THP for files opened rea... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47492 In the Linux kernel, the following vulnerability has been resolved: mm, thp: bail out early in collapse_file for writeback page Currently collapse_file does not explicitly check PG_writeback, instea... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47493 In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix race between searching chunks and release journal_head from buffer_head Encountered a race between ocfs2_test_bg_bit_al... | 4.7 | MEDIUM | — | 0 |
| CVE-2021-47494 In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix management registrations locking The management registrations locking was broken, the list was locked for each wdev,... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47495 In the Linux kernel, the following vulnerability has been resolved: usbnet: sanity check for maxpacket maxpacket of 0 makes no sense and oopses as we need to divide by it. Give up. V2: fixed typo i... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47497 In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic ... | 7.8 | HIGH | — | 0 |
| CVE-2024-5194 A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assoc_table.php. The manipulation of the arg... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-5195 A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file /diag_s.php. The manipulation of the argument customer... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-36010 In the Linux kernel, the following vulnerability has been resolved: igb: Fix string truncation warnings in igb_set_fw_version Commit 1978d3ead82c ("intel: fix string truncation warnings") fixes '-Wf... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47508 In the Linux kernel, the following vulnerability has been resolved: btrfs: free exchange changeset on failures Fstests runs on my VMs have show several kmemleak reports like the following. unrefe... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-5196 A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an unknown part of the file /tools_command.php. The manipulation of the argument cmb_header/txt_command leads... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-35591 An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-5273 Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefir... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-47502 In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd934x: handle channel mappping list correctly Currently each channel is added as list to dai channel list, however... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47504 In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure task_work gets run as part of cancelations If we successfully cancel a work item but that work item needs to be p... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-11836 Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | 7.5 | HIGH | — | 0 |
| CVE-2021-47509 In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Limit the period size to 16MB Set the practical limit to the period size (the fragment shift in OSS) instead of a ... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47510 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix re-dirty process of tree-log nodes There is a report of a transaction abort of -EAGAIN with the following script. #!... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47511 In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix negative period/buffer sizes The period size calculation in OSS layer may receive a negative value as an error... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47515 In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving interf... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47531 In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object function") we sw... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47523 In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr This buffer is currently allocated in hfi1_init(): if (reinit) ret = init_after_r... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47524 In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: fix minor-number leak on probe errors Make sure to release the allocated minor number before returning on probe ... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47527 In the Linux kernel, the following vulnerability has been resolved: serial: core: fix transmit-buffer reset and memleak Commit 761ed4a94582 ("tty: serial_core: convert uart_close to use tty_port_clo... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47530 In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix wait_fence submitqueue leak We weren't dropping the submitqueue reference in all paths. In particular, when the fenc... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-5413 A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. This vulnerabilities cou... | 7.1 | HIGH | — | 0 |
| CVE-2021-47569 In the Linux kernel, the following vulnerability has been resolved: io_uring: fail cancellation for EXITING tasks WARNING: CPU: 1 PID: 20 at fs/io_uring.c:6269 io_try_cancel_userdata+0x3c5/0x640 fs/... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-31859 Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a c... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-32045 Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows member... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-34029 Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 and 8.1.x <= 8.1.12 fail to perform a proper authorization check in the /api/v4/groups/<group-id>/channels/<channel-id>/link endpoint which allows a ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-34152 Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channe... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-36241 Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command | 3.1 | LOW | — | 0 |
| CVE-2024-36255 Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as anot... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-5270 Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Ema... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-5272 Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to restrict the audience of the "custom_playbooks_playbook_run_updated" webhook event, which allows a guest on a channel with a... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-34477 configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vu... | 7.8 | HIGH | — | 0 |
| CVE-2023-52881 In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Ros... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-34715 Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the ... | 2.3 | LOW | — | 0 |
| CVE-2024-35434 Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow via the function rtp_check_packet at /sngrep/src/rtp.c. This vulnerability allows attackers to cause a Denial of Service (DoS) vi... | 7.5 | HIGH | — | 0 |
| CVE-2024-35504 A cross-site scripting (XSS) vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-36018 In the Linux kernel, the following vulnerability has been resolved: nouveau/uvmm: fix addr/range calcs for remap operations dEQP-VK.sparse_resources.image_rebind.2d_array.r64i.128_128_8 was causing ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-10439 The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by a... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-36021 In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during pf initialization The devlink reload process will access the hardware resou... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.