Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2431 | 2 Fedoraproject, Kubernetes | 2 Fedora, Kubernetes | 2024-12-12 | N/A | 3.4 LOW |
| A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. | |||||
| CVE-2021-47151 | 1 Linux | 1 Linux Kernel | 2024-12-12 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: bcm-voter: add a missing of_node_put() Add a missing of_node_put() in of_bcm_voter_get() to avoid the reference leak. | |||||
| CVE-2023-34163 | 1 Huawei | 1 Emui | 2024-12-12 | N/A | 7.5 HIGH |
| Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2023-34159 | 1 Huawei | 1 Emui | 2024-12-12 | N/A | 9.8 CRITICAL |
| Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality. | |||||
| CVE-2024-53110 | 1 Linux | 1 Linux Kernel | 2024-12-11 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and visit undefined memory. | |||||
| CVE-2024-26007 | 1 Fortinet | 1 Fortios | 2024-12-11 | N/A | 5.3 MEDIUM |
| An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests. | |||||
| CVE-2023-52520 | 1 Linux | 1 Linux Kernel | 2024-12-11 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using kset_find_obj(), a reference to that attribute is returned which needs to be disposed accordingly using kobject_put(). Move the setting name validation into a separate function to allow for this change without having to duplicate the cleanup code for this setting. As a side note, a very similar bug was fixed in commit 7295a996fdab ("platform/x86: dell-sysman: Fix reference leak"), so it seems that the bug was copied from that driver. Compile-tested only. | |||||
| CVE-2021-46962 | 1 Linux | 1 Linux Kernel | 2024-12-11 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: mmc: uniphier-sd: Fix a resource leak in the remove function A 'tmio_mmc_host_free()' call is missing in the remove function, in order to balance a 'tmio_mmc_host_alloc()' call in the probe. This is done in the error handling path of the probe, but not in the remove function. Add the missing call. | |||||
| CVE-2024-8357 | 1 Visteon | 1 Infotainment | 2024-12-11 | N/A | 7.8 HIGH |
| Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-23759. | |||||
| CVE-2024-12357 | 1 Mayurik | 1 Best House Rental Management System | 2024-12-10 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-25150 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-12-10 | N/A | 4.3 MEDIUM |
| Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names. | |||||
| CVE-2021-47054 | 1 Linux | 1 Linux Kernel | 2024-12-10 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: bus: qcom: Put child node before return Put child node before return to fix potential reference count leak. Generally, the reference count of child is incremented and decremented automatically in the macro for_each_available_child_of_node() and should be decremented manually if the loop is broken in loop body. | |||||
| CVE-2022-42834 | 1 Apple | 1 Macos | 2024-12-10 | N/A | 3.3 LOW |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression | |||||
| CVE-2024-36461 | 1 Zabbix | 1 Zabbix | 2024-12-10 | N/A | 9.1 CRITICAL |
| Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine. | |||||
| CVE-2021-47051 | 1 Linux | 1 Linux Kernel | 2024-12-09 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. Fix it by replacing it with pm_runtime_resume_and_get to keep usage counter balanced. | |||||
| CVE-2024-42156 | 1 Linux | 1 Linux Kernel | 2024-12-09 | N/A | 4.1 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key. | |||||
| CVE-2023-29931 | 1 Laravels Project | 1 Laravels | 2024-12-06 | N/A | 9.8 CRITICAL |
| laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php. | |||||
| CVE-2022-45287 | 1 Temenos | 1 Cwx | 2024-12-06 | N/A | 8.8 HIGH |
| An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands. | |||||
| CVE-2020-36782 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in lpi2c_imx_master_enable. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. | |||||
| CVE-2020-36778 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in xiic_xfer and xiic_i2c_remove. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. | |||||