9.8
CVE-2014-5470 -
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation.
9.1
CVE-2012-6664 -
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands.
5.5
CVE-2024-36288 - SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token->pages[] array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range [0x04a2013400000008-0xβ¦
5.4
CVE-2024-38874 -
An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated usβ¦
4.4
CVE-2024-38391 - kernel: cxl/region: Fix cxlr_pmem leaks
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
10
CVE-2024-36532 -
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
7.1
CVE-2024-38621 - media: stk1160: fix bounds checking in stk1160_copy_video()
In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The ->length is the length of the buffer. The ->bytesused is how many bytes we have copied thus far. When the condition isβ¦
5.5
CVE-2024-36244 - net/sched: taprio: extend minimum interval restriction to entire cycle too
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time differβ¦
7.8
CVE-2024-38627 - stm class: Fix a double free in stm_register_device()
In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free.
5.5
CVE-2024-36478 - null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
In the Linux kernel, the following vulnerability has been resolved: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script: modprobe null_blk nr_devices=0 mkdir -p /sys/kernel/confiβ¦