4
CVE-2024-20065 -
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID: MSV-1394.
5.3
CVE-2024-5590 - Netentsec NS-ASG Application Security Gateway JSON Content uploadiscuser.php sql injection
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulation of the argument messagecontent leads to sβ¦
5.3
CVE-2024-5589 - Netentsec NS-ASG Application Security Gateway sql injection
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/config_MT.php?action=delete. The manipulation of the argument Mid leads to sql injection. It is possible to initiate the attack remotelβ¦
7.8
CVE-2024-36963 - tracefs: Reset permissions on remount if permissions are options
In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's permβ¦
6.2
CVE-2024-36962 - net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs
In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Currently the driver uses local_bh_disable()/local_bh_enable() in its IRQ handler to avoid triggering net_rx_action() softirq on exit from netif_rx(). The net_β¦
5.5
CVE-2024-36961 - thermal/debugfs: Fix two locking issues with thermal zone debug
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointeβ¦
7.1
CVE-2024-36960 - drm/vmwgfx: Fix invalid reads in fence signaled events
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure instead of to the drβ¦
4.9
CVE-2025-0620 - Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.
5.5
CVE-2024-36964 - fs/9p: only translate RWX permissions for plain 9P2000
In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent since the unix extenβ¦
7.5
CVE-2024-4540 - Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an informatioβ¦