Total
28533 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39479 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/i915/hwmon: Get rid of devm When both hwmon and hwmon drvdata (on which hwmon depends) are device managed resources, the expectation, on device unbind, is that hwmon will be released before drvdata. However, in i915 there are two separate code paths, which both release either drvdata or hwmon and either can be released before the other. These code paths (for device unbind) are as follows (see also the bug referenced below): Call Trace: release_nodes+0x11/0x70 devres_release_group+0xb2/0x110 component_unbind_all+0x8d/0xa0 component_del+0xa5/0x140 intel_pxp_tee_component_fini+0x29/0x40 [i915] intel_pxp_fini+0x33/0x80 [i915] i915_driver_remove+0x4c/0x120 [i915] i915_pci_remove+0x19/0x30 [i915] pci_device_remove+0x32/0xa0 device_release_driver_internal+0x19c/0x200 unbind_store+0x9c/0xb0 and Call Trace: release_nodes+0x11/0x70 devres_release_all+0x8a/0xc0 device_unbind_cleanup+0x9/0x70 device_release_driver_internal+0x1c1/0x200 unbind_store+0x9c/0xb0 This means that in i915, if use devm, we cannot gurantee that hwmon will always be released before drvdata. Which means that we have a uaf if hwmon sysfs is accessed when drvdata has been released but hwmon hasn't. The only way out of this seems to be do get rid of devm_ and release/free everything explicitly during device unbind. v2: Change commit message and other minor code changes v3: Cleanup from i915_hwmon_register on error (Armin Wolf) v4: Eliminate potential static analyzer warning (Rodrigo) Eliminate fetch_and_zero (Jani) v5: Restore previous logic for ddat_gt->hwmon_dev error return (Andi) | ||||
| CVE-2024-39353 | 1 Mattermost | 1 Mattermost | 2024-08-02 | 2.7 Low |
| Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents. | ||||
| CVE-2024-39028 | 1 Seacms | 1 Seacms | 2024-08-02 | 9.8 Critical |
| An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. | ||||
| CVE-2024-39118 | 1 Mommyheather | 1 Advanced Backups | 2024-08-02 | 5.5 Medium |
| Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up. | ||||
| CVE-2024-38970 | 1 Vaethink | 1 Vaethink | 2024-08-02 | 4.9 Medium |
| vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function. | ||||
| CVE-2024-39202 | 1 Dlink | 3 Dir-823x Ax3000, Dir-823x Ax3000 Firmware, Dir-823x Firmware | 2024-08-02 | 7.6 High |
| D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings. | ||||
| CVE-2024-38662 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 4.7 Medium |
| In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a sockmap/sockhash. We don't intend to support this artificial use scenario. Extend the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map. From now on only BPF programs which were previously allowed to update sockmap/sockhash can delete from these map types. | ||||
| CVE-2024-37999 | 1 Siemens | 1 Medicalis Workflow Orchestrator | 2024-08-02 | 7.8 High |
| A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges. | ||||
| CVE-2024-37769 | 1 B1ackc4t | 1 14finger | 2024-08-02 | 8.8 High |
| Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request. | ||||
| CVE-2024-37768 | 1 B1ackc4t | 1 14finger | 2024-08-02 | 9.1 Critical |
| 14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id. | ||||
| CVE-2024-37391 | 2 Microsoft, Proton | 2 Windows, Protonvpn | 2024-08-02 | 7.8 High |
| ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss. | ||||
| CVE-2024-37126 | 1 Dell | 1 Powerscale Onefs | 2024-08-02 | 6.7 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. | ||||
| CVE-2024-37134 | 1 Dell | 1 Powerscale Onefs | 2024-08-02 | 6.7 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. | ||||
| CVE-2024-37133 | 1 Dell | 1 Powerscale Onefs | 2024-08-02 | 6.7 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. | ||||
| CVE-2024-37132 | 1 Dell | 1 Powerscale Onefs | 2024-08-02 | 6.7 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges. | ||||
| CVE-2024-37014 | 1 Langflow | 1 Langflow | 2024-08-02 | 9.8 Critical |
| Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. | ||||
| CVE-2024-36500 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.8 High |
| Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-36499 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 6.8 Medium |
| Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-36501 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 5.6 Medium |
| Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity. | ||||
| CVE-2024-36041 | 1 Kde | 1 Plasma-workspace | 2024-08-02 | 7.8 High |
| KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory. | ||||