|
811
|
6.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix stack corruption
When tc filters are first added to a net device, the corresponding local
port gets…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-26586
|
2024-11-5 19:15 |
2024-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
812
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
llc: call sock_orphan() at release time
syzbot reported an interesting trace [1] caused by a stale sk->sk_wq
pointer in a closed …
Update
|
-
|
CVE-2024-26625
|
2024-11-5 19:15 |
2024-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
813
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: qualcomm: rmnet: fix global oob in rmnet_policy
The variable rmnet_link_ops assign a *bigger* maxtype which leads to a
globa…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2024-26597
|
2024-11-5 19:15 |
2024-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
814
|
- |
|
-
|
-
|
In vdec, there is a possible out of bounds read due to improper structure design. This could lead to local information disclosure with System execution privileges needed. User interaction is not need…
New
|
-
|
CVE-2024-20122
|
2024-11-5 17:35 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
815
|
4.4 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to…
Update
|
CWE-22
Path Traversal
|
CVE-2024-9675
|
2024-11-5 17:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
816
|
4.7 |
MEDIUM
Local
|
-
|
-
|
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrar…
Update
|
CWE-20
Improper Input Validation
|
CVE-2024-9407
|
2024-11-5 17:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
817
|
6.5 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may …
Update
|
CWE-457
Use of Uninitialized Variable
|
CVE-2024-9355
|
2024-11-5 17:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
818
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw a…
Update
|
CWE-59
Link Following
|
CVE-2024-9341
|
2024-11-5 17:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
819
|
7.5 |
HIGH
Network
libtiff
redhat
|
libtiff
enterprise_linux
enterprise_linux_server_aus
enterprise_linux_for_power_little_endian_eus
enterprise_linux_for_arm_64
|
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap sp…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-7006
|
2024-11-5 17:15 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
820
|
- |
|
-
|
-
|
A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulat…
Update
|
CWE-285
CWE-266
CWE-639
Improper Authorization
Incorrect Privilege Assignment
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10654
|
2024-11-5 16:15 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
