6.1
CVE-2024-41640 -
Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 allows an attacker to run arbitrary code via crafted GET request using the id parameter.
7.8
CVE-2024-41071 - kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.1
CVE-2024-28804 -
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored Cross-site scripting (XSS) can occur via POST.
5.3
CVE-2024-40794 - webkitgtk: webkit2gtk: Private Browsing tabs may be accessed without authentication
This issue was addressed through improved state management. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Private Browsing tabs may be accessed without authentication.
5.5
CVE-2024-42065 - drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init Add an explicit check to ensure that the mgr is not NULL.
4.7
CVE-2024-41020 - filelock: Fix fcntl/close race recovery compat path
In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was patching: The normalβ¦
5.5
CVE-2024-41017 - jfs: don't walk off the end of ealist
In the Linux kernel, the following vulnerability has been resolved: jfs: don't walk off the end of ealist Add a check before visiting the members of ea to make sure each ea stays within the ealist.
5.5
CVE-2024-41016 - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although thisβ¦
5.5
CVE-2024-42096 - x86: stop playing stack games in profile_pc()
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc() The 'profile_pc()' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack lβ¦
5.5
CVE-2024-42073 - mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems The following two shared buffer operations make use of the Shared Buffer Status Register (SBSR): # devlink sb occupancy snapshot pci/0000:01:00.0 # devlink β¦