8
CVE-2024-44400 -
A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.
5.5
CVE-2024-44968 - tick/broadcast: Move per CPU pointer access into the atomic section
In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer more reliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilerโฆ
5.5
CVE-2024-44972 - btrfs: do not clear page dirty inside extent_write_locked_range()
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5
CVE-2024-45002 - rtla/osnoise: Prevent NULL dereference in error handling
In the Linux kernel, the following vulnerability has been resolved: rtla/osnoise: Prevent NULL dereference in error handling If the "tool->data" allocation fails then there is no need to call osnoise_free_top() and, in fact, doing so will lead to a NULL dereference.
5.5
CVE-2024-44984 - bnxt_en: Fix double DMA unmapping for XDP_REDIRECT
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT Remove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT code path. This should have been removed when we let the page pool handle the DMA mapping. This bug causes tโฆ
7.8
CVE-2024-44987 - ipv6: prevent UAF in ip6_send_skb()
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer can safely dereference rt, unless we hold rcu_read_lock(). A similar issue has been fixed in commโฆ
4.3
CVE-2024-44082 - openstack-ironic: Specially crafted image may allow authenticated users to gain access to potentialโฆ
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. Thโฆ
5.5
CVE-2024-44976 - ata: pata_macio: Fix DMA table overflow
In the Linux kernel, the following vulnerability has been resolved: ata: pata_macio: Fix DMA table overflow Kolbjรธrn and Jonรกลก reported that their 32-bit PowerMacs were crashing in pata-macio since commit 09fe2bfa6b83 ("ata: pata_macio: Fix max_segment_size with PAGE_SIZE == 64K"). For example: โฆ
5.5
CVE-2024-44960 - usb: gadget: core: Check for unset descriptor
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint foโฆ
7.5
CVE-2024-44820 -
A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo() function, which exposes detailed information about the PHP eโฆ