Total
277677 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46778 | 1 Linux | 1 Linux Kernel | 2025-01-16 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check UnboundedRequestEnabled's value CalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled is a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus if (p->UnboundedRequestEnabled) checks its address, not bool value. This fixes 1 REVERSE_INULL issue reported by Coverity. | ||||
| CVE-2024-42227 | 1 Linux | 1 Linux Kernel | 2025-01-16 | 4.7 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix overlapping copy within dml_core_mode_programming [WHY] &mode_lib->mp.Watermark and &locals->Watermark are the same address. memcpy may lead to unexpected behavior. [HOW] memmove should be used. | ||||
| CVE-2024-42144 | 1 Linux | 1 Linux Kernel | 2025-01-16 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data Verify that lvts_data is not NULL before using it. | ||||
| CVE-2024-42117 | 2025-01-16 | 5.2 Medium | ||
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: ASSERT when failing to find index by plane/stream id [WHY] find_disp_cfg_idx_by_plane_id and find_disp_cfg_idx_by_stream_id returns an array index and they return -1 when not found; however, -1 is not a valid index number. [HOW] When this happens, call ASSERT(), and return a positive number (which is fewer than callers' array size) instead. This fixes 4 OVERRUN and 2 NEGATIVE_RETURNS issues reported by Coverity. | ||||
| CVE-2024-42064 | 1 Linux | 1 Linux Kernel | 2025-01-16 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip pipe if the pipe idx not set properly [why] Driver crashes when pipe idx not set properly [how] Add code to skip the pipe that idx not set properly | ||||
| CVE-2024-41061 | 1 Linux | 1 Linux Kernel | 2025-01-16 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport [Why] Potential out of bounds access in dml2_calculate_rq_and_dlg_params() because the value of out_lowest_state_idx used as an index for FCLKChangeSupport array can be greater than 1. [How] Currently dml2 core specifies identical values for all FCLKChangeSupport elements. Always use index 0 in the condition to avoid out of bounds access. | ||||
| CVE-2024-27057 | 1 Redhat | 1 Enterprise Linux | 2025-01-16 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend When the system is suspended while audio is active, the sof_ipc4_pcm_hw_free() is invoked to reset the pipelines since during suspend the DSP is turned off, streams will be re-started after resume. If the firmware crashes during while audio is running (or when we reset the stream before suspend) then the sof_ipc4_set_multi_pipeline_state() will fail with IPC error and the state change is interrupted. This will cause misalignment between the kernel and firmware state on next DSP boot resulting errors returned by firmware for IPC messages, eventually failing the audio resume. On stream close the errors are ignored so the kernel state will be corrected on the next DSP boot, so the second boot after the DSP panic. If sof_ipc4_trigger_pipelines() is called from sof_ipc4_pcm_hw_free() then state parameter is SOF_IPC4_PIPE_RESET and only in this case. Treat a forced pipeline reset similarly to how we treat a pcm_free by ignoring error on state sending to allow the kernel's state to be consistent with the state the firmware will have after the next boot. | ||||
| CVE-2024-21541 | 2 Dom-iterator, Matthewmueller | 2 Dom-iterator, Dom-iterator | 2025-01-16 | 7.3 High |
| Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval. | ||||
| CVE-2024-4456 | 2025-01-16 | 4.1 Medium | ||
| In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page. | ||||
| CVE-2024-4811 | 2025-01-16 | 2.2 Low | ||
| In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts. | ||||
| CVE-2024-48463 | 1 Usebruno | 1 Bruno | 2025-01-16 | 6.5 Medium |
| Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer. | ||||
| CVE-2023-7033 | 2025-01-16 | 5.3 Medium | ||
| Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-R series CPU module, MELSEC iQ-L series CPU module, MELSEC iQ-R Ethernet Interface Module, MELSEC iQ-R CC-Link IE TSN Master/Local Module, CC-Link IE TSN Remote I/O Module, CC-Link IE TSN Analog-Digital Converter Module, CC-Link IE TSN Digital-Analog Converter Module, CC-Link IE TSN - CC-Link IE Field Network Bridge Module, CC-Link IE TSN - AnyWireASLINK Bridge Module, CC-Link IE TSN FPGA Module, CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY, MELSEC iQ-R Motion Module, MELSEC iQ-L Motion Module, MELSEC iQ-F FX5 Motion Module, MELSEC iQ-F Series CPU module, MELSEC iQ-F Series Ethernet module, MELSEC iQ-F Series Ethernet/IP module, MELSEC iQ-F Series OPC UA Module, MELSEC iQ-F Series CC-Link IE TSN master/local module, GOT2000 Series CC-Link IE TSN Communication Unit, FR-A800-E series inverters, FR-F800-E series inverters, FR-E800-E series inverters, INVERTER CC-Link IE TSN Plug-in option, INVERTER CC-Link IE TSN Safety Plug-in option, INVERTER CC-Link IE TSN communication function built-in type, MR-J5 series AC Servos MELSERVO, MR-JET series AC Servos MELSERVO, MR-MD333G series AC Servos MELSERVO, MR-JE series AC Servos MELSERVO, MELSERVO-J4 AC Servos MELSERVO and Embedded Type Servo System Controller allow a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack. | ||||
| CVE-2023-6943 | 1 Mitsubishielectric | 10 Ezsocket, Fr Configurator2, Got1000 and 7 more | 2025-01-16 | 9.8 Critical |
| Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products. | ||||
| CVE-2023-6942 | 1 Mitsubishielectric | 10 Ezsocket, Fr Configurator2, Got1000 and 7 more | 2025-01-16 | 7.5 High |
| Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally. | ||||
| CVE-2025-22904 | 2025-01-16 | N/A | ||
| RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function. | ||||
| CVE-2024-10401 | 2025-01-16 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-21384 | 2025-01-16 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2021-39275. | ||||
| CVE-2021-35685 | 2025-01-16 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2022-21371 | ||||
| CVE-2021-35684 | 2025-01-16 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2022-21306. | ||||
| CVE-2005-2773 | 1 Hp | 1 Openview Network Node Manager | 2025-01-15 | 9.8 Critical |
| HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl. | ||||