Total
28533 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-26606 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.5 Medium |
In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indefinitely for an event leaving their work unhandled. What is worse, subsequent commands won't trigger a wakeup either as the thread has pending work. | ||||
CVE-2024-26601 | 2 Linux, Redhat | 2 Linux Kernel, Rhel Eus | 2024-08-02 | 5.5 Medium |
In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd ("ext4: remove redundant mb_regenerate_buddy()") and reintroduces mb_regenerate_buddy(). Based on code in mb_free_blocks(), fast commit replay can end up marking as free blocks that are already marked as such. This causes corruption of the buddy bitmap so we need to regenerate it in that case. | ||||
CVE-2024-26581 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2024-08-02 | 7.8 High |
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active. | ||||
CVE-2024-26602 | 2 Linux, Redhat | 9 Linux Kernel, Enterprise Linux, Openshift and 6 more | 2024-08-02 | 5.5 Medium |
In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to prevent the ability for this to be called at too high of a frequency and saturate the machine. | ||||
CVE-2024-26314 | 3 Iconics, Jungo, Mitsubishielectric | 49 Genesis64, Windriver, C Controller Module Setting And Monitoring Tool and 46 more | 2024-08-02 | 7.8 High |
Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code. | ||||
CVE-2024-26247 | 1 Microsoft | 2 Edge, Edge Chromium | 2024-08-02 | 4.7 Medium |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
CVE-2024-26246 | 1 Microsoft | 1 Edge | 2024-08-02 | 3.9 Low |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
CVE-2024-26169 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2024-08-01 | 7.8 High |
Windows Error Reporting Service Elevation of Privilege Vulnerability | ||||
CVE-2024-26163 | 1 Microsoft | 1 Edge Chromium | 2024-08-01 | 4.7 Medium |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
CVE-2024-26196 | 1 Microsoft | 1 Edge | 2024-08-01 | 4.3 Medium |
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | ||||
CVE-2024-25679 | 1 Pquic | 1 Pquic | 2024-08-01 | 6.5 Medium |
In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation. | ||||
CVE-2024-25675 | 1 Misp | 1 Misp | 2024-08-01 | 9.8 Critical |
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. | ||||
CVE-2024-25678 | 1 Litespeedtech | 1 Lsquic | 2024-08-01 | 9.8 Critical |
In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. | ||||
CVE-2024-25086 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-08-01 | 7.8 High |
Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. | ||||
CVE-2024-25088 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-08-01 | 7.8 High |
Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code. | ||||
CVE-2024-25087 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-08-01 | 5.5 Medium |
Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue screen error. | ||||
CVE-2024-25064 | 1 Hikvision | 1 Hikcentral Professional | 2024-08-01 | 4.3 Medium |
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values. | ||||
CVE-2024-25063 | 1 Hikvision | 1 Hikcentral Professional | 2024-08-01 | 7.5 High |
Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to. | ||||
CVE-2024-24936 | 1 Jetbrains | 1 Teamcity | 2024-08-01 | 4.3 Medium |
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed | ||||
CVE-2024-24919 | 1 Checkpoint | 5 Cloudguard Network Security, Quantum Security Gateway, Quantum Security Gateway Firmware and 2 more | 2024-08-01 | 8.6 High |
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. |