5.5
CVE-2024-40908 - bpf: Set run context for rawtp test_run callback
In the Linux kernel, the following vulnerability has been resolved: bpf: Set run context for rawtp test_run callback syzbot reported crash when rawtp program executed through the test_run interface calls bpf_get_attach_cookie helper or any other helper that touches task->bpf_ctx pointer. Settingβ¦
7.8
CVE-2024-40901 - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory There is a potential out-of-bounds access when using test_bit() on a single word. The test_bit() and set_bit() functions operate on long values, and when testiβ¦
7.8
CVE-2024-40900 - cachefiles: remove requests from xarray during flushing requests
In the Linux kernel, the following vulnerability has been resolved: cachefiles: remove requests from xarray during flushing requests Even with CACHEFILES_DEAD set, we can still read the requests, so in the following concurrency the request may be used after it has been freed: mount | daeβ¦
7.8
CVE-2024-39494 - ima: Fix use-after-free on a dentry's dname.name
In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its parent, ->i_rwsem exclusβ¦
6.2
CVE-2024-40551 -
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
4.7
CVE-2024-40946 - kernel: hid: asus: asus_report_fixup: fix potential read out of bounds
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
8.8
CVE-2024-40552 -
PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java.
8.8
CVE-2024-40550 -
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
8.8
CVE-2024-40546 -
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
6.3
CVE-2024-40542 -
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset.