Skip to main content
CVE-2024-39464 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but only waiting_list and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-39461 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-39371 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: io_uring: check for non-NULL file pointer in io_file_can_poll() In earlier kernels, it was possible to trigger a NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-39301 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/9p: fix uninit-value in p9_client_rpc() Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-39298 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Code Injection Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-39276 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Syzbot reports a warning as follows:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-38661 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Linux Denial Of Service IBM Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-38385 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-6302 MEDIUM This Month

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Conduit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-30112 MEDIUM This Month

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Connections
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37820 MEDIUM PATCH This Month

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-36819 MEDIUM PATCH This Month

MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Map Os
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28831 MEDIUM This Month

Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Checkmk
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-34142 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-34141 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21739 MEDIUM This Month

Geehy APM32F103CCT6, APM32F103RCT6, APM32F103RCT7, and APM32F103VCT6 devices have Incorrect Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-6238 MEDIUM PATCH This Month

pgAdmin <= 8.8 has an installation Directory permission issue. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Debian Red Hat Pgadmin 4
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-0171 MEDIUM This Month

Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. Rated medium severity (CVSS 5.3). No vendor patch available.

Authentication Bypass Dell Poweredge R6615 Firmware Poweredge R7615 Firmware Poweredge R6625 Firmware +3
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-37087 MEDIUM This Month

The vCenter Server contains a denial-of-service vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-6300 MEDIUM This Month

Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Conduit
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-32111 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal WordPress
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-28832 MEDIUM This Month

Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Checkmk
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-39296 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bonding: fix oops during rmmod "rmmod bonding" causes an oops ever since commit cc317ea3d927 ("bonding: remove redundant NULL check. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-39293 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-38306 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: protect folio::private when attaching extent buffer folios [BUG] Since v6.8 there are rare kernel crashes reported by. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-37354 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-32855 MEDIUM This Month

Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dell Memory Corruption Inspiron 3480 Firmware Inspiron 3580 Firmware +72
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-22385 MEDIUM This Month

Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.1.0 before 3.7.4. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-3249 MEDIUM This Month

The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-37167 MEDIUM PATCH This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Tuleap
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-6295 LOW Monitor

udn News Android APP stores the unencrypted user session in the local database when user log into the application. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 3.1
3.9
EPSS
0.2%
CVE-2024-6294 LOW Monitor

udn News Android APP stores the user session in logcat file when user log into the APP. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 3.1
3.9
EPSS
0.2%
CVE-2024-6299 LOW Monitor

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Conduit
NVD
CVSS 3.1
3.7
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy