5.5
CVE-2024-42130 - kernel: nfc/nci: Add the inconsistency check between the input data length and count
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
9.8
CVE-2024-41611 -
In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands.
5.4
CVE-2024-41304 -
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.
5.5
CVE-2024-42145 - IB/core: Implement a limit on UMAD receive List
In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extract packets from thiβ¦
5.5
CVE-2024-42106 - inet_diag: Initialize pad field in struct inet_diag_req_v2
In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol. This field correspβ¦
9.8
CVE-2024-38984 -
Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via the __proto__ property.
9.8
CVE-2024-38986 -
Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects.
7.8
CVE-2024-42138 - mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file
In the Linux kernel, the following vulnerability has been resolved: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file In case of invalid INI file mlxsw_linecard_types_init() deallocates memory but doesn't reset pointer to NULL and returns 0. In case of any error ocβ¦
5.5
CVE-2024-42100 - clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common In order to set the rate range of a hw sunxi_ccu_probe calls hw_to_ccu_common() assuming all entries in desc->ccu_clks are contained in a ccu_common struct. β¦
5.5
CVE-2024-42141 - Bluetooth: ISO: Check socket flag instead of hcon
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Check socket flag instead of hcon This fixes the following Smatch static checker warning: net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: we previously assumed 'pi->conn->hcon' could be null (line 1359) net/bβ¦