5.5
CVE-2024-26785 - iommufd: Fix protection fault in iommufd_test_syz_conv_iova
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix protection fault in iommufd_test_syz_conv_iova Syzkaller reported the following bug: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in β¦
5.4
CVE-2023-25199 -
A reflected cross-site scripting (XSS) vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser.
5.5
CVE-2024-26801 - Bluetooth: Avoid potential use-after-free in hci_error_reset
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Avoid potential use-after-free in hci_error_reset While handling the HCI_EV_HARDWARE_ERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism would free the hci_dev and lead to a use-aftβ¦
6
CVE-2024-3447 - Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting β¦
2.6
CVE-2024-30261 - Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in inβ¦
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
8.8
CVE-2024-30565 -
An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php.
5.5
CVE-2024-26794 - kernel: btrfs: fix race between ordered extent completion and fiemap
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
9.8
CVE-2024-29375 -
CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters.
5.5
CVE-2024-26803 - net: veth: clear GRO when clearing XDP even when down
In the Linux kernel, the following vulnerability has been resolved: net: veth: clear GRO when clearing XDP even when down veth sets NETIF_F_GRO automatically when XDP is enabled, because both features use the same NAPI machinery. The logic to clear NETIF_F_GRO sits in veth_disable_xdp() which isβ¦
7.5
CVE-2023-36644 -
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin.