Total
648 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2544 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise. | |||||
| CVE-2007-3915 | 1 Mandriva | 1 Mondo | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Mondo 2.24 has insecure handling of temporary files. | |||||
| CVE-2005-2351 | 2 Debian, Mutt | 2 Debian Linux, Mutt | 2024-11-20 | 2.1 LOW | 5.5 MEDIUM |
| Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. | |||||
| CVE-2024-43704 | 2024-11-18 | N/A | 8.4 HIGH | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process. | |||||
| CVE-2024-24985 | 2024-11-15 | N/A | 7.2 HIGH | ||
| Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-51755 | 2024-11-08 | N/A | 2.2 LOW | ||
| Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2024-51754 | 2024-11-08 | N/A | 2.2 LOW | ||
| Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2024-42350 | 2024-08-06 | N/A | 3.0 LOW | ||
| Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a `ThirdPartyBlock` request can be sent, providing only the necessary info to generate a third-party block and to sign it: 1. the public key of the previous block (used in the signature), 2. the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair. Tokens with third-party blocks containing `trusted` annotations generated through a third party block request. This has been addressed in version 4 of the specification. Users are advised to update their implementations to conform. There are no known workarounds for this vulnerability. | |||||