Report Name: Linux Patch Wednesday August 2024
Generated: 2024-08-22 16:56:58

Vulristics Vulnerability Scores
Basic Vulnerability Scores
Products

Product NamePrevalenceUCHMLAComment
Apache HTTP Server0.9112Apache HTTP Server is a free and open-source web server that delivers web content through the internet
Intel(R) Processor0.9112Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings
Linux Kernel0.92116262380The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Chromium0.832023Chromium is a free and open-source web browser project, mainly developed and maintained by Google
GLPI0.817112342GLPI is an open source IT Asset Management, issue tracking system and service desk system
Mozilla Firefox0.81410116Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Node.js0.8123Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
PHP0.8121116PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
RPC0.811Remote Procedure Call Runtime
Safari0.8527Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
Zabbix0.844Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services
.NET and Visual Studio0.711.NET and Visual Studio
Apache Traffic Server0.733The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
BIND0.744BIND is a suite of software for interacting with the Domain Name System
Calibre0.7123Calibre is a cross-platform free and open-source suite of e-book software
Curl0.7112Curl is a command-line tool for transferring data specified with URL syntax
Envoy0.7112Envoy is a cloud-native, open-source edge and service proxy
FFmpeg0.7112FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
Kubernetes0.711Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
Minio0.7213Minio is a Multi-Cloud Object Storage framework
Neat VNC0.711A liberally licensed VNC server library with a clean interface
Oracle MySQL0.71515MySQL is an open-source relational database management system
Oracle VM VirtualBox0.718211Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
QEMU0.711QEMU is a generic and open source machine & userspace emulator and virtualizer
vim0.7112Vim is a free and open-source, screen-based text editor program
Oracle Java SE0.633Oracle Java SE
Perl0.6123Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
Python0.6156Python is a high-level, general-purpose programming language
Roundcube0.633Roundcube is a web-based IMAP email client
Rust Standard Library0.611The Rust Standard Library is the foundation of portable Rust software, a set of minimal and battle-tested shared abstractions for the broader Rust ecosystem
wpa_supplicant0.611wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku
Consul0.511Product detected by a:hashicorp:consul (exists in CPE dict)
FRRouting0.511Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD
Filebeat0.511Product detected by a:elastic:filebeat (exists in CPE dict)
Flask0.5112Flask is a lightweight WSGI web application framework
HID0.511HID
JupyterHub0.511Product detected by a:jupyter:jupyterhub (exists in CPE dict)
Moby Project0.511Moby is an open-source project, created by Docker, to enable and accelerate software containerization
NVIDIA GPU Display Driver0.511A NVIDIA driver is a software program that enables communication between your computer and the NVIDIA graphics processor installed in your system
Newlib0.511Product detected by a:newlib_project:newlib (exists in CPE dict)
Nova0.511Product detected by a:openstack:nova (exists in CPE dict)
RabbitMQ Java Client0.511Product detected by a:vmware:rabbitmq_java_client (exists in CPE dict)
TLS0.5314TLS
Vault0.533Product detected by a:hashicorp:vault (exists in CPE dict)
Virtual GPU0.522Product detected by a:nvidia:virtual_gpu (exists in CPE dict)
assimp0.511Product detected by a:assimp:assimp (exists in CPE dict)
django0.5145Product detected by a:djangoproject:django (exists in CPE dict)
fugit0.511Product detected by a:floraison:fugit (does NOT exist in CPE dict)
libcurl0.511Product detected by a:haxx:libcurl (exists in CPE dict)
libtiff0.511Product detected by a:libtiff:libtiff (exists in CPE dict)
moodle0.511Product detected by a:moodle:moodle (exists in CPE dict)
nginx_open_source0.511Product detected by a:f5:nginx_open_source (does NOT exist in CPE dict)
ofono0.544Product detected by a:ofono_project:ofono (does NOT exist in CPE dict)
pdfio0.511Product detected by a:msweet:pdfio (does NOT exist in CPE dict)
postgresql0.511Product detected by a:postgresql:postgresql (exists in CPE dict)
stb_image.h0.511Product detected by a:nothings:stb_image.h (exists in CPE dict)
webob0.511Product detected by a:pylonsproject:webob (does NOT exist in CPE dict)
Flatpak0.411Flatpak is a utility for software deployment and package management for Linux
GPAC0.422GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
Git0.422Git
Oracle WebLogic Server0.411Unified and extensible platform for developing, deploying and running enterprise applications
Unknown Product0312758Unknown Product


Vulnerability Types

Vulnerability TypeCriticalityUCHMLA
Remote Code Execution1.01342230
Authentication Bypass0.98517729
Code Injection0.97146415
Command Injection0.97134210
Security Feature Bypass0.962228
Elevation of Privilege0.85156
Information Disclosure0.83178
Cross Site Scripting0.8419124
Open Redirect0.7511
Denial of Service0.711847461
Path Traversal0.711
Incorrect Calculation0.577
Memory Corruption0.531015109
Spoofing0.411
Unknown Vulnerability Type042286328


Comments

SourceUCHMLA
almalinux314522
debian326210244483
oraclelinux3151331
redhat4161030
redos41332696124
ubuntu185242103


Vulnerabilities

Urgent (5)

1. Remote Code Execution - PHP (CVE-2024-4577) - Urgent [966]

Description: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), NVD:CISAKEV websites
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:labs.watchtowr.com, Vulners:PublicExploit:GitHub:TAM-K592:CVE-2024-4577, Vulners:PublicExploit:GitHub:SH0CKFR:CVE-2024-4577, Vulners:PublicExploit:GitHub:BUGHUNTAR:CVE-2024-4577, Vulners:PublicExploit:GitHub:JUNP0:CVE-2024-4577, Vulners:PublicExploit:GitHub:CYBERSAGOR:CVE-2024-4577, Vulners:PublicExploit:GitHub:CHOCAPIKK:CVE-2024-4577, Vulners:PublicExploit:GitHub:A-ROSHBAIK:CVE-2024-4577-PHP-RCE, Vulners:PublicExploit:GitHub:ZEPHRFISH:CVE-2024-4577-POC, Vulners:PublicExploit:GitHub:JAKABAKOS:CVE-2024-4577-PHP-CGI-ARGUMENT-INJECTION-RCE, Vulners:PublicExploit:GitHub:ZEPHRFISH:CVE-2024-4577-PHP-RCE, Vulners:PublicExploit:GitHub:WANLICHANGCHENGWANLICHANG:CVE-2024-4577-RCE-EXP, Vulners:PublicExploit:GitHub:XCANWIN:CVE-2024-4577-PHP-RCE, Vulners:PublicExploit:GitHub:NEMU1K5MA:CVE-2024-4577, Vulners:PublicExploit:GitHub:GOTR00T0DAY:CVE-2024-4577, Vulners:PublicExploit:GitHub:YUKIIOZ:CVE-2024-4577, Vulners:PublicExploit:GitHub:BIBO318:CVE-2024-4577-RCE-ATTACK, Vulners:PublicExploit:GitHub:11WHOAMI99:CVE-2024-4577, Vulners:PublicExploit:GitHub:WAIVED:CVE-2024-4577-PHP-RCE, Vulners:PublicExploit:GitHub:IT-T4MPAN:CHECK_CVE_2024_4577.SH, Vulners:PublicExploit:GitHub:SUG4R-WR41TH:CVE-2024-4577, Vulners:PublicExploit:GitHub:ENTROPT:CVE-2024-4577_ANALYSIS, Vulners:PublicExploit:GitHub:K3YSTR0K3R:CVE-2024-4577-EXPLOIT, Vulners:PublicExploit:GitHub:AMANDINEVDW:CVE-2024-4577, Vulners:PublicExploit:GitHub:PIZZABOIBESTLEGITS:CVE-2024-4577, Vulners:PublicExploit:GitHub:ATDANNY:CVE-2024-4577, Vulners:PublicExploit:GitHub:JCCCCCX:CVE-2024-4577, Vulners:PublicExploit:GitHub:MANUELKY08:CVE-2024-4577---RR, Vulners:PublicExploit:GitHub:MANUELINFOSEC:CVE-2024-4577, Vulners:PublicExploit:GitHub:L0N3M4N:CVE-2024-4577-RCE, Vulners:PublicExploit:GitHub:WATCHTOWRLABS:CVE-2024-4577, Vulners:PublicExploit:GitHub:FA-RREL:CVE-2024-4577-RCE, Vulners:PublicExploit:GitHub:BL4CKSKU11:CVE-2024-4577, Vulners:PublicExploit:GitHub:ZOMASEC:CVE-2024-4577, Vulners:PublicExploit:GitHub:CHARIS3306:CVE-2024-4577, Vulners:PublicExploit:GitHub:GHOSTTROOPS:TOP, Vulners:PublicExploit:GitHub:HKTALENT:TOP, Vulners:PublicExploit:PACKETSTORM:179140, Vulners:PublicExploit:PACKETSTORM:179085, Vulners:PublicExploit:MSF:EXPLOIT-WINDOWS-HTTP-PHP_CGI_ARG_INJECTION_RCE_CVE_2024_4577-, Vulners:PublicExploit:EDB-ID:52047, Vulners:PublicExploit:1337DAY-ID-39659, BDU:PublicExploit websites
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile1.010EPSS Probability is 0.9632, EPSS Percentile is 0.99585

redos: CVE-2024-4577 was patched at 2024-08-16

2. Information Disclosure - Minio (CVE-2023-28432) - Urgent [895]

Description: Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), AttackerKB, NVD:CISAKEV, BDU websites
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, Vulners:PublicExploit:GitHub:C1PH3RX13:CVE-2023-28432, Vulners:PublicExploit:GitHub:ACHEIII:CVE-2023-28432, Vulners:PublicExploit:GitHub:0XRULEZ:CVE-2023-28432, Vulners:PublicExploit:GitHub:STEPONEERROR:CVE-2023-28432-, Vulners:PublicExploit:GitHub:MZZDTOT:CVE-2023-28432, Vulners:PublicExploit:GitHub:XK-MT:CVE-2023-28432, Vulners:PublicExploit:GitHub:MAJUS527:MINIO_CVE-2023-28432, Vulners:PublicExploit:GitHub:CUERZ:CVE-2023-28432, Vulners:PublicExploit:GitHub:BINGTANGBANLI:CVE-2023-28432, Vulners:PublicExploit:GitHub:TAROBALLZCHEN:CVE-2023-28432-METASPLOIT-SCANNER, Vulners:PublicExploit:GitHub:FHANSO:CVE-2023-28432, Vulners:PublicExploit:GitHub:OKAYTC:MINIO_UNAUTH_CHECK, Vulners:PublicExploit:GitHub:NETUSERADMINISTRATOR:CVE-2023-28432, Vulners:PublicExploit:GitHub:LHXHL:MINIO-CVE-2023-28432, Vulners:PublicExploit:GitHub:ROMANC9:GUI-POC-TEST, Vulners:PublicExploit:MSF:AUXILIARY-GATHER-MINIO_BOOTSTRAP_VERIFY_INFO_DISC- websites
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714Minio is a Multi-Cloud Object Storage framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile1.010EPSS Probability is 0.91182, EPSS Percentile is 0.98936

redos: CVE-2023-28432 was patched at 2024-08-07

3. Command Injection - Oracle WebLogic Server (CVE-2015-4852) - Urgent [894]

Description: The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), AttackerKB, NVD:CISAKEV websites
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:www.exploit-db.com, Vulners:PublicExploit:SAINT:EA211AC1CE6B335FAB2D22929BF61475, Vulners:PublicExploit:SAINT:38F4E0E6CE11A2F3EC10321A6DF373E2, Vulners:PublicExploit:SAINT:364F42DDB229F6E8A0EF4BB04CE504D2, Vulners:PublicExploit:SAINT:B8E045060F9ACF0F8D488745DBF66B54, Vulners:PublicExploit:1337DAY-ID-30269, Vulners:PublicExploit:1337DAY-ID-28661, Vulners:PublicExploit:PACKETSTORM:152268, Vulners:PublicExploit:PACKETSTORM:144405, Vulners:PublicExploit:MSF:EXPLOIT-MULTI-MISC-WEBLOGIC_DESERIALIZE_RAWOBJECT-, Vulners:PublicExploit:EXPLOITPACK:028DB84C4840B8D96405811A4FA47345, Vulners:PublicExploit:EDB-ID:42806, Vulners:PublicExploit:EDB-ID:46628, Vulners:PublicExploit:WEBLOGIC_T3_DESERIALIZATION, Vulners:PublicExploit:GitHub:ZHZHDOAI:WEBLOGIC_VULN, Vulners:PublicExploit:GitHub:GHOSTTROOPS:TOP, Vulners:PublicExploit:GitHub:HKTALENT:TOP, BDU:PublicExploit websites
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.414Unified and extensible platform for developing, deploying and running enterprise applications
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile1.010EPSS Probability is 0.96729, EPSS Percentile is 0.99698

ubuntu: CVE-2015-4852 was patched at 2024-07-31

4. Denial of Service - Minio (CVE-2023-28434) - Urgent [872]

Description: Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), AttackerKB, NVD:CISAKEV websites
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, Vulners:PublicExploit:GitHub:ABELCHE:EVIL_MINIO, BDU:PublicExploit websites
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Minio is a Multi-Cloud Object Storage framework
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.910EPSS Probability is 0.06841, EPSS Percentile is 0.94004

redos: CVE-2023-28434 was patched at 2024-08-07

5. Code Injection - GLPI (CVE-2023-36808) - Urgent [800]

Description: GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.910CVSS Base Score is 8.6. According to NVD data source
EPSS Percentile0.610EPSS Probability is 0.00189, EPSS Percentile is 0.56903

redos: CVE-2023-36808 was patched at 2024-08-12

Critical (16)

6. Code Injection - GLPI (CVE-2023-35924) - Critical [788]

Description: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.910CVSS Base Score is 8.6. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00132, EPSS Percentile is 0.48972

redos: CVE-2023-35924 was patched at 2024-08-12

7. Authentication Bypass - GLPI (CVE-2023-35940) - Critical [778]

Description: GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00162, EPSS Percentile is 0.53494

redos: CVE-2023-35940 was patched at 2024-08-12

8. Authentication Bypass - GLPI (CVE-2023-35939) - Critical [766]

Description: GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.810CVSS Base Score is 8.1. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00081, EPSS Percentile is 0.35553

redos: CVE-2023-35939 was patched at 2024-08-12

9. Code Injection - GLPI (CVE-2024-27096) - Critical [741]

Description: GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.810CVSS Base Score is 7.7. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

redos: CVE-2024-27096 was patched at 2024-08-12

10. Code Injection - GLPI (CVE-2024-29889) - Critical [717]

Description: GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.710CVSS Base Score is 7.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

redos: CVE-2024-29889 was patched at 2024-08-12

11. Code Injection - GLPI (CVE-2022-31061) - Critical [699]

Description: GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:VU0R1-SEC:CVE-2022-31061, Vulners:PublicExploit:GitHub:VU0R1:CVE-2022-31061, BDU:PublicExploit websites
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.610EPSS Probability is 0.0018, EPSS Percentile is 0.55822

redos: CVE-2022-31061 was patched at 2024-07-26

12. Command Injection - PHP (CVE-2024-5585) - Critical [699]

Description: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, Vulners:PublicExploit:GitHub:TGCOHCE:CVE-2024-1874, BDU:PublicExploit websites
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.7. According to NVD data source
EPSS Percentile0.810EPSS Probability is 0.00438, EPSS Percentile is 0.75192

redos: CVE-2024-5585 was patched at 2024-08-16

13. Denial of Service - PHP (CVE-2024-2757) - Critical [692]

Description: In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. 

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

redos: CVE-2024-2757 was patched at 2024-08-16

14. Remote Code Execution - Calibre (CVE-2024-6782) - Critical [688]

Description: Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:ZANGJIAHE:CVE-2024-6782, Vulners:PublicExploit:GitHub:JDPSL:CVE-2024-6782, Vulners:PublicExploit:PACKETSTORM:180007, Vulners:PublicExploit:MSF:EXPLOIT-MULTI-MISC-CALIBRE_EXEC-, Vulners:PublicExploit:1337DAY-ID-39714 websites
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Calibre is a cross-platform free and open-source suite of e-book software
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.610EPSS Probability is 0.00188, EPSS Percentile is 0.56881

debian: CVE-2024-6782 was patched at 2024-08-21

15. Command Injection - Apache HTTP Server (CVE-2024-40898) - Critical [668]

Description: SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. 

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:TAM-K592:CVE-2024-40725-CVE-2024-40898 website
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.910CVSS Base Score is 9.1. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00079, EPSS Percentile is 0.34965

redos: CVE-2024-40898 was patched at 2024-07-29

16. Remote Code Execution - Mozilla Firefox (CVE-2024-2605) - Critical [651]

Description: An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

redos: CVE-2024-2605 was patched at 2024-08-20

17. Authentication Bypass - Neat VNC (CVE-2024-42458) - Critical [625]

Description: {'nvd_cve_data_all': 'server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:SSV:72008, Vulners:PublicExploit:SSV:20911, Vulners:PublicExploit:MSF:AUXILIARY-ADMIN-VNC-REALVNC_41_BYPASS-, Vulners:PublicExploit:MSF:AUXILIARY-SCANNER-VNC-VNC_NONE_AUTH-, Vulners:PublicExploit:EXPLOITPACK:18D918324953F769DBD3618BAF3852A4, Vulners:PublicExploit:PACKETSTORM:104471, Vulners:PublicExploit:REALVNC_NOAUTH, Vulners:PublicExploit:EDB-ID:36932, Vulners:PublicExploit:EDB-ID:17719 websites
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714A liberally licensed VNC server library with a clean interface
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.10865

debian: CVE-2024-42458 was patched at 2024-08-21

18. Remote Code Execution - GLPI (CVE-2023-33971) - Critical [621]

Description: Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of `##FULLFORM##` for rendering. This could result in arbitrary javascript code execution in an admin/tech context. A patch is unavailable as of time of publication. As a workaround, one may use a regular expression to remove `< > "` in all fields.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.610CVSS Base Score is 6.1. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00066, EPSS Percentile is 0.29918

redos: CVE-2023-33971 was patched at 2024-08-12

19. Command Injection - Rust Standard Library (CVE-2024-24576) - Critical [618]

Description: Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected. The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument. On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted. One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution. Due to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an `InvalidInput` error when it cannot safely escape an argument. This error will be emitted when spawning the process. The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:LPN:CVE-2024-24576.JL, Vulners:PublicExploit:GitHub:FOXOMAN:CVE-2024-24576-POC---NIM, Vulners:PublicExploit:GitHub:FROSTB1TEN:CVE-2024-24576, Vulners:PublicExploit:GitHub:AYDINNYUNUS:CVE-2024-24576-EXPLOIT, Vulners:PublicExploit:GitHub:MISHALHOSSIN:CVE-2024-24576-POC-PYTHON, Vulners:PublicExploit:GitHub:FROSTB1TEN:CVE-2024-24576-POC, Vulners:PublicExploit:GitHub:CORYSABOL:BATBADBUT-DEMO, Vulners:PublicExploit:GitHub:P14T1NUM:CVE-2024-24576-PYTHON, Vulners:PublicExploit:GitHub:SHEL3G:CVE-2024-24576-POC-BATBADBUT, Vulners:PublicExploit:GitHub:BRAINS93:CVE-2024-24567-POC-PYTHON, Vulners:PublicExploit:GitHub:BRAINS93:CVE-2024-24576-POC-PYTHON websites
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.614The Rust Standard Library is the foundation of portable Rust software, a set of minimal and battle-tested shared abstractions for the broader Rust ecosystem
CVSS Base Score1.010CVSS Base Score is 10.0. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17736

redos: CVE-2024-24576 was patched at 2024-08-05

20. Authentication Bypass - Flask (CVE-2024-6221) - Critical [603]

Description: A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:huntr.com website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.514Flask is a lightweight WSGI web application framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00084, EPSS Percentile is 0.36498

debian: CVE-2024-6221 was patched at 2024-08-21

21. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21103) - Critical [601]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

redos: CVE-2024-21103 was patched at 2024-07-24

High (54)

22. Authentication Bypass - Moby Project (CVE-2024-41110) - High [591]

Description: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:VVPOGLAZOV:CVE-2024-41110-CHECKER, Vulners:PublicExploit:GitHub:PAULOPAROPP:CVE-2024-41110-SCAN, Vulners:PublicExploit:GitHub:SECSABURO:CVE-2024-41110- websites
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.514Moby is an open-source project, created by Docker, to enable and accelerate software containerization
CVSS Base Score1.010CVSS Base Score is 9.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00045, EPSS Percentile is 0.14847

debian: CVE-2024-41110 was patched at 2024-08-01

redos: CVE-2024-41110 was patched at 2024-07-29

23. Command Injection - GLPI (CVE-2022-39276) - High [580]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by administrator. This issue has been patched, please upgrade to 10.0.4. There are currently no known workarounds.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:huntr.dev, BDU:PublicExploit websites
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.310CVSS Base Score is 3.5. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00068, EPSS Percentile is 0.30701

redos: CVE-2022-39276 was patched at 2024-07-26

24. Authentication Bypass - Nova (CVE-2024-40767) - High [579]

Description: In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:launchpad.net website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.514Product detected by a:openstack:nova (exists in CPE dict)
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00067, EPSS Percentile is 0.30077

redhat: CVE-2024-40767 was patched at 2024-08-07, 2024-08-08

ubuntu: CVE-2024-40767 was patched at 2024-07-23

25. Code Injection - Calibre (CVE-2024-7009) - High [563]

Description: Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:starlabs.sg website
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.714Calibre is a cross-platform free and open-source suite of e-book software
CVSS Base Score0.410CVSS Base Score is 4.2. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00049, EPSS Percentile is 0.18846

debian: CVE-2024-7009 was patched at 2024-08-21

26. Denial of Service - Curl (CVE-2024-6197) - High [563]

Description: libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

redos: CVE-2024-6197 was patched at 2024-08-12

27. Denial of Service - Envoy (CVE-2024-27919) - High [563]

Description: Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:LOCKNESS-KO:CVE-2024-27316 website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Envoy is a cloud-native, open-source edge and service proxy
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16405

redos: CVE-2024-27919 was patched at 2024-08-05

28. Cross Site Scripting - GLPI (CVE-2022-39262) - High [561]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue has been patched, please upgrade to version 10.0.4.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:huntr.dev, BDU:PublicExploit websites
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.510CVSS Base Score is 5.2. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00053, EPSS Percentile is 0.22147

redos: CVE-2022-39262 was patched at 2024-07-26

29. Cross Site Scripting - GLPI (CVE-2022-39277) - High [561]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS) attack. This issue has been patched, please upgrade to GLPI 10.0.4. There are currently no known workarounds.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:huntr.dev, BDU:PublicExploit websites
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.510CVSS Base Score is 4.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00053, EPSS Percentile is 0.22147

redos: CVE-2022-39277 was patched at 2024-07-26

30. Cross Site Scripting - Calibre (CVE-2024-7008) - High [557]

Description: Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:starlabs.sg website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714Calibre is a cross-platform free and open-source suite of e-book software
CVSS Base Score0.510CVSS Base Score is 5.4. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.0007, EPSS Percentile is 0.31205

debian: CVE-2024-7008 was patched at 2024-08-21

31. Denial of Service - stb_image.h (CVE-2023-43281) - High [553]

Description: Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:nothings:stb_image.h (exists in CPE dict)
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00154, EPSS Percentile is 0.52398

debian: CVE-2023-43281 was patched at 2024-08-21

32. Denial of Service - Python (CVE-2024-7592) - High [546]

Description: There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00049, EPSS Percentile is 0.1958

debian: CVE-2024-7592 was patched at 2024-08-21

33. Denial of Service - RabbitMQ Java Client (CVE-2023-46120) - High [541]

Description: The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, BDU:PublicExploit websites
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:vmware:rabbitmq_java_client (exists in CPE dict)
CVSS Base Score0.510CVSS Base Score is 4.9. According to NVD data source
EPSS Percentile0.610EPSS Probability is 0.00208, EPSS Percentile is 0.59167

redos: CVE-2023-46120 was patched at 2024-08-06

34. Authentication Bypass - Apache HTTP Server (CVE-2024-40725) - High [539]

Description: {'nvd_cve_data_all': 'A partial fix for\xa0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. ', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A partial fix for\xa0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.62, which fixes this issue.\n\n', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:TAM-K592:CVE-2024-40725-CVE-2024-40898, BDU:PublicExploit websites
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-40725 was patched at 2024-07-18

redos: CVE-2024-40725 was patched at 2024-08-12

ubuntu: CVE-2024-40725 was patched at 2024-07-18

35. Memory Corruption - FFmpeg (CVE-2024-7272) - High [539]

Description: A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, BDU:PublicExploit websites
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.610CVSS Base Score is 6.3. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00121, EPSS Percentile is 0.47058

debian: CVE-2024-7272 was patched at 2024-08-14, 2024-08-21

36. Security Feature Bypass - Linux Kernel (CVE-2024-42318) - High [525]

Description: In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on cred_transfer When a process' cred struct is replaced, this _almost_ always invokes the cred_prepare LSM hook; but in one special case (when KEYCTL_SESSION_TO_PARENT updates the parent's credentials), the cred_transfer LSM hook is used instead. Landlock only implements the cred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes all information on Landlock restrictions to be lost. This basically means that a process with the ability to use the fork() and keyctl() syscalls can get rid of all Landlock restrictions on itself. Fix it by adding a cred_transfer hook that does the same thing as the existing cred_prepare hook. (Implemented by having hook_cred_prepare() call hook_cred_transfer() so that the two functions are less likely to accidentally diverge in the future.)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:PACKETSTORM:180261 website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13709

debian: CVE-2024-42318 was patched at 2024-08-21

37. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21113) - High [523]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17029

redos: CVE-2024-21113 was patched at 2024-07-24

38. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21114) - High [523]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17029

redos: CVE-2024-21114 was patched at 2024-07-24

39. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21115) - High [523]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17029

redos: CVE-2024-21115 was patched at 2024-07-24

40. Open Redirect - webob (CVE-2024-42353) - High [514]

Description: WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common0.514Product detected by a:pylonsproject:webob (does NOT exist in CPE dict)
CVSS Base Score0.610CVSS Base Score is 6.1. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17727

debian: CVE-2024-42353 was patched at 2024-08-21

41. Denial of Service - GPAC (CVE-2023-46929) - High [513]

Description: An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17727

redos: CVE-2023-46929 was patched at 2024-08-07

42. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21116) - High [511]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17029

redos: CVE-2024-21116 was patched at 2024-07-24

43. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21110) - High [500]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
CVSS Base Score0.710CVSS Base Score is 7.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17029

redos: CVE-2024-21110 was patched at 2024-07-24

44. Code Injection - GLPI (CVE-2022-35947) - High [497]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could leverage to simulate an arbitrary user login. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should disable the `Enable login with external token` API configuration.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score1.010CVSS Base Score is 10.0. According to NVD data source
EPSS Percentile0.610EPSS Probability is 0.0018, EPSS Percentile is 0.55822

redos: CVE-2022-35947 was patched at 2024-07-26

45. Denial of Service - pdfio (CVE-2024-42358) - High [494]

Description: PDFio is a simple C library for reading and writing PDF files. There is a denial of service (DOS) vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability. An infinite loop occurs in the read_camp function by nGroups value. The ttf.h library is vulnerable. A value called nGroups is extracted from the file, and by changing that value, you can cause the program to utilize 100% of the Memory and enter an infinite loop. If the value of nGroups in the file is small, an infinite loop will not occur. This library, whether used as a standalone binary or as part of another application, is vulnerable to DOS attacks when parsing certain types of files. Automated systems, including web servers that use this code to convert PDF submissions into plaintext, can be DOSed if an attacker uploads a malicious TTF file. This issue has been addressed in release version 1.3.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:msweet:pdfio (does NOT exist in CPE dict)
CVSS Base Score0.610CVSS Base Score is 6.2. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13333

debian: CVE-2024-42358 was patched at 2024-08-21

46. Memory Corruption - libcurl (CVE-2024-7264) - High [482]

Description: libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:hackerone.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Product detected by a:haxx:libcurl (exists in CPE dict)
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00056, EPSS Percentile is 0.23844

debian: CVE-2024-7264 was patched at 2024-08-01

redos: CVE-2024-7264 was patched at 2024-08-16

ubuntu: CVE-2024-7264 was patched at 2024-08-05, 2024-08-20

47. Denial of Service - GPAC (CVE-2023-50120) - High [477]

Description: MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, BDU:PublicExploit websites
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13333

redos: CVE-2023-50120 was patched at 2024-08-07

48. Authentication Bypass - GLPI (CVE-2022-24867) - High [463]

Description: GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldap_pass is not filtered and when you look at the source code of the rendered page, we can see the password for the root dn. Users are advised to upgrade. There is no known workaround for this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00133, EPSS Percentile is 0.49191

redos: CVE-2022-24867 was patched at 2024-07-26

49. Authentication Bypass - Minio (CVE-2023-28433) - High [458]

Description: {'nvd_cve_data_all': 'Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. This issue is patched in RELEASE.2023-03-20T20-16-18Z. There are no known workarounds.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. This issue is patched in RELEASE.2023-03-20T20-16-18Z. There are no known workarounds.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714Minio is a Multi-Cloud Object Storage framework
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00128, EPSS Percentile is 0.48251

redos: CVE-2023-28433 was patched at 2024-08-07

50. Command Injection - Apache Traffic Server (CVE-2024-35161) - High [456]

Description: Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score0.910CVSS Base Score is 9.1. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00125, EPSS Percentile is 0.47913

debian: CVE-2024-35161 was patched at 2024-08-01

51. Remote Code Execution - Mozilla Firefox (CVE-2024-7520) - High [454]

Description: A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00068, EPSS Percentile is 0.3041

almalinux: CVE-2024-7520 was patched at 2024-08-14, 2024-08-15

oraclelinux: CVE-2024-7520 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7520 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19

ubuntu: CVE-2024-7520 was patched at 2024-08-19

52. Authentication Bypass - Mozilla Firefox (CVE-2024-7525) - High [451]

Description: It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.1. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00071, EPSS Percentile is 0.31455

almalinux: CVE-2024-7525 was patched at 2024-08-14, 2024-08-15

debian: CVE-2024-7525 was patched at 2024-08-07, 2024-08-08, 2024-08-21

oraclelinux: CVE-2024-7525 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7525 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19

ubuntu: CVE-2024-7525 was patched at 2024-08-19

53. Code Injection - GLPI (CVE-2022-39323) - High [449]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.710CVSS Base Score is 7.4. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00142, EPSS Percentile is 0.50717

redos: CVE-2022-39323 was patched at 2024-07-26

54. Command Injection - Apache Traffic Server (CVE-2023-38522) - High [444]

Description: Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00125, EPSS Percentile is 0.47913

debian: CVE-2023-38522 was patched at 2024-08-01

55. Authentication Bypass - Chromium (CVE-2024-6995) - High [439]

Description: {'nvd_cve_data_all': 'Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17727

debian: CVE-2024-6995 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-6995 was patched at 2024-08-07

56. Authentication Bypass - GLPI (CVE-2023-34106) - High [439]

Description: GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should upgrade to version 10.0.8 to receive a patch.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00081, EPSS Percentile is 0.35553

redos: CVE-2023-34106 was patched at 2024-08-12

57. Authentication Bypass - GLPI (CVE-2023-34107) - High [439]

Description: GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00081, EPSS Percentile is 0.35553

redos: CVE-2023-34107 was patched at 2024-08-12

58. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21112) - High [434]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00065, EPSS Percentile is 0.29543

redos: CVE-2024-21112 was patched at 2024-07-24

59. Memory Corruption - vim (CVE-2024-41965) - High [434]

Description: Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Product detected by a:vim:vim (exists in CPE dict)
CVSS Base Score0.410CVSS Base Score is 4.2. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-41965 was patched at 2024-08-21

60. Remote Code Execution - Chromium (CVE-2024-7256) - High [430]

Description: Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-7256 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-7256 was patched at 2024-08-07

61. Security Feature Bypass - Chromium (CVE-2024-7005) - High [425]

Description: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17727

debian: CVE-2024-7005 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-7005 was patched at 2024-08-07

62. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21109) - High [422]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
CVSS Base Score0.610CVSS Base Score is 5.9. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00169, EPSS Percentile is 0.54458

redos: CVE-2024-21109 was patched at 2024-07-24

63. Code Injection - GLPI (CVE-2022-35946) - High [413]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used to access low-level API of Plugin class. An attacker can, for instance, alter database data. Attacker must have "General setup" update rights to be able to perform this attack. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should remove the `front/plugin.form.php` script.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00063, EPSS Percentile is 0.27722

redos: CVE-2022-35946 was patched at 2024-07-26

64. Code Injection - PHP (CVE-2023-41884) - High [413]

Description: ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 7.1. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2023-41884 was patched at 2024-08-21

65. Command Injection - GLPI (CVE-2024-27098) - High [413]

Description: GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.610CVSS Base Score is 6.4. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00062, EPSS Percentile is 0.27078

redos: CVE-2024-27098 was patched at 2024-08-12

66. Security Feature Bypass - Mozilla Firefox (CVE-2024-7529) - High [413]

Description: The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 8.1. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00058, EPSS Percentile is 0.24811

almalinux: CVE-2024-7529 was patched at 2024-08-14, 2024-08-15

debian: CVE-2024-7529 was patched at 2024-08-07, 2024-08-08, 2024-08-21

oraclelinux: CVE-2024-7529 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7529 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19

ubuntu: CVE-2024-7529 was patched at 2024-08-19

67. Code Injection - django (CVE-2024-42005) - High [411]

Description: An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.514Product detected by a:djangoproject:django (exists in CPE dict)
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00068, EPSS Percentile is 0.3059

debian: CVE-2024-42005 was patched at 2024-08-21

ubuntu: CVE-2024-42005 was patched at 2024-08-06

68. Remote Code Execution - Linux Kernel (CVE-2024-42243) - High [411]

Description: In the Linux kernel, the following vulnerability has been resolved: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray Patch series "mm/filemap: Limit page cache size to that supported by xarray", v2. Currently, xarray can't support arbitrary page cache size. More details can be found from the WARN_ON() statement in xas_split_alloc(). In our test whose code is attached below, we hit the WARN_ON() on ARM64 system where the base page size is 64KB and huge page size is 512MB. The issue was reported long time ago and some discussions on it can be found here [1]. [1] https://www.spinics.net/lists/linux-xfs/msg75404.html In order to fix the issue, we need to adjust MAX_PAGECACHE_ORDER to one supported by xarray and avoid PMD-sized page cache if needed. The code changes are suggested by David Hildenbrand. PATCH[1] adjusts MAX_PAGECACHE_ORDER to that supported by xarray PATCH[2-3] avoids PMD-sized page cache in the synchronous readahead path PATCH[4] avoids PMD-sized page cache for shmem files if needed Test program ============ # cat test.c #define _GNU_SOURCE #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <fcntl.h> #include <errno.h> #include <sys/syscall.h> #include <sys/mman.h> #define TEST_XFS_FILENAME "/tmp/data" #define TEST_SHMEM_FILENAME "/dev/shm/data" #define TEST_MEM_SIZE 0x20000000 int main(int argc, char **argv) { const char *filename; int fd = 0; void *buf = (void *)-1, *p; int pgsize = getpagesize(); int ret; if (pgsize != 0x10000) { fprintf(stderr, "64KB base page size is required\n"); return -EPERM; } system("echo force > /sys/kernel/mm/transparent_hugepage/shmem_enabled"); system("rm -fr /tmp/data"); system("rm -fr /dev/shm/data"); system("echo 1 > /proc/sys/vm/drop_caches"); /* Open xfs or shmem file */ filename = TEST_XFS_FILENAME; if (argc > 1 && !strcmp(argv[1], "shmem")) filename = TEST_SHMEM_FILENAME; fd = open(filename, O_CREAT | O_RDWR | O_TRUNC); if (fd < 0) { fprintf(stderr, "Unable to open <%s>\n", filename); return -EIO; } /* Extend file size */ ret = ftruncate(fd, TEST_MEM_SIZE); if (ret) { fprintf(stderr, "Error %d to ftruncate()\n", ret); goto cleanup; } /* Create VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); if (buf == (void *)-1) { fprintf(stderr, "Unable to mmap <%s>\n", filename); goto cleanup; } fprintf(stdout, "mapped buffer at 0x%p\n", buf); ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); if (ret) { fprintf(stderr, "Unable to madvise(MADV_HUGEPAGE)\n"); goto cleanup; } /* Populate VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_WRITE); if (ret) { fprintf(stderr, "Error %d to madvise(MADV_POPULATE_WRITE)\n", ret); goto cleanup; } /* Punch the file to enforce xarray split */ ret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - pgsize, pgsize); if (ret) fprintf(stderr, "Error %d to fallocate()\n", ret); cleanup: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); if (fd > 0) close(fd); return 0; } # gcc test.c -o test # cat /proc/1/smaps | grep KernelPageSize | head -n 1 KernelPageSize: 64 kB # ./test shmem : ------------[ cut here ]------------ WARNING: CPU: 17 PID: 5253 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set nf_tables rfkill nfnetlink vfat fat virtio_balloon \ drm fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \ virtio_net sha1_ce net_failover failover virtio_console virtio_blk \ dimlib virtio_mmio CPU: 17 PID: 5253 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #12 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TC ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42243 was patched at 2024-08-21

69. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21121) - High [410]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00065, EPSS Percentile is 0.29543

redos: CVE-2024-21121 was patched at 2024-07-24

70. Elevation of Privilege - Intel(R) Processor (CVE-2023-49141) - High [408]

Description: Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2023-49141 was patched at 2024-08-21

ubuntu: CVE-2023-49141 was patched at 2024-08-20

71. Security Feature Bypass - Apache Traffic Server (CVE-2024-35296) - High [408]

Description: Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score0.810CVSS Base Score is 8.2. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00062, EPSS Percentile is 0.27265

debian: CVE-2024-35296 was patched at 2024-08-01

72. Cross Site Scripting - GLPI (CVE-2023-34244) - High [407]

Description: GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8 to receive a patch.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00083, EPSS Percentile is 0.35951

redos: CVE-2023-34244 was patched at 2024-08-12

73. Remote Code Execution - Newlib (CVE-2024-30949) - High [404]

Description: An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Product detected by a:newlib_project:newlib (exists in CPE dict)
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-30949 was patched at 2024-08-21

74. Security Feature Bypass - Mozilla Firefox (CVE-2024-5692) - High [401]

Description: {'nvd_cve_data_all': 'On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

redos: CVE-2024-5692 was patched at 2024-08-14

75. Security Feature Bypass - Node.js (CVE-2024-42461) - High [401]

Description: In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00091, EPSS Percentile is 0.39627

debian: CVE-2024-42461 was patched at 2024-08-21

Medium (287)

76. Elevation of Privilege - Intel(R) Processor (CVE-2024-24853) - Medium [397]

Description: Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings
CVSS Base Score0.710CVSS Base Score is 7.2. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-24853 was patched at 2024-08-21

ubuntu: CVE-2024-24853 was patched at 2024-08-20

77. Cross Site Scripting - GLPI (CVE-2023-22722) - Medium [395]

Description: GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the victim or exfiltrate session cookies. This issue is patched in version 10.0.6.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.710CVSS Base Score is 6.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00072, EPSS Percentile is 0.32046

redos: CVE-2023-22722 was patched at 2024-07-29

78. Information Disclosure - .NET and Visual Studio (CVE-2024-38167) - Medium [395]

Description: .NET and Visual Studio Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714.NET and Visual Studio
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00092, EPSS Percentile is 0.39903

almalinux: CVE-2024-38167 was patched at 2024-08-13, 2024-08-15

oraclelinux: CVE-2024-38167 was patched at 2024-08-13

redhat: CVE-2024-38167 was patched at 2024-08-13, 2024-08-15

ubuntu: CVE-2024-38167 was patched at 2024-08-13

79. Denial of Service - Linux Kernel (CVE-2024-38384) - Medium [394]

Description: In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of `->lqueued` is re-ordered with READ of 'bisc->lnode.next' in the loop of __blkcg_rstat_flush(), `next_bisc` can be assigned with one stat instance being added in blk_cgroup_bio_start(), then the local list in __blkcg_rstat_flush() could be corrupted. Fix the issue by adding one barrier.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 8.4. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

redhat: CVE-2024-38384 was patched at 2024-08-07

80. Remote Code Execution - Flask (CVE-2024-32484) - Medium [392]

Description: An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Flask is a lightweight WSGI web application framework
CVSS Base Score0.710CVSS Base Score is 7.4. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00087, EPSS Percentile is 0.37703

debian: CVE-2024-32484 was patched at 2024-08-01

81. Remote Code Execution - Curl (CVE-2024-42365) - Medium [390]

Description: Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.710CVSS Base Score is 7.4. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13709

debian: CVE-2024-42365 was patched at 2024-08-21

82. Code Injection - GLPI (CVE-2022-39375) - Medium [389]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.510CVSS Base Score is 4.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.23505

redos: CVE-2022-39375 was patched at 2024-07-26

83. Incorrect Calculation - Mozilla Firefox (CVE-2024-7521) - Medium [389]

Description: Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00084, EPSS Percentile is 0.36556

almalinux: CVE-2024-7521 was patched at 2024-08-14, 2024-08-15

debian: CVE-2024-7521 was patched at 2024-08-07, 2024-08-08, 2024-08-21

oraclelinux: CVE-2024-7521 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7521 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19

ubuntu: CVE-2024-7521 was patched at 2024-08-19

84. Memory Corruption - Mozilla Firefox (CVE-2024-7530) - Medium [389]

Description: Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00091, EPSS Percentile is 0.39627

ubuntu: CVE-2024-7530 was patched at 2024-08-19

85. Cross Site Scripting - GLPI (CVE-2022-24868) - Medium [383]

Description: GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a result any user viewing the avatar will be subject to a cross site scripting attack. Users of GLPI are advised to upgrade. Users unable to upgrade should disallow SVG avatars.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.710CVSS Base Score is 7.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.0005, EPSS Percentile is 0.20133

redos: CVE-2022-24868 was patched at 2024-07-26

86. Cross Site Scripting - GLPI (CVE-2022-31187) - Medium [383]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users are advised to upgrade to version 10.0.3 to resolve this issue. Users unable to upgrade should disable global search.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.710CVSS Base Score is 6.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.0005, EPSS Percentile is 0.20133

redos: CVE-2022-31187 was patched at 2024-07-26

87. Cross Site Scripting - GLPI (CVE-2022-35945) - Medium [383]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Information associated to registration key are not properly escaped in registration key configuration page. They can be used to steal a GLPI administrator cookie. Users are advised to upgrade to 10.0.3. There are no known workarounds for this issue. ### Workarounds Do not use a registration key created by an untrusted person.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.610CVSS Base Score is 6.3. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26886

redos: CVE-2022-35945 was patched at 2024-07-26

88. Cross Site Scripting - GLPI (CVE-2022-39181) - Medium [383]

Description: GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim, the content is executed by the victim's browser.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.610CVSS Base Score is 6.1. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00072, EPSS Percentile is 0.32046

redos: CVE-2022-39181 was patched at 2024-07-29

89. Cross Site Scripting - GLPI (CVE-2024-23645) - Medium [383]

Description: GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00052, EPSS Percentile is 0.21091

redos: CVE-2024-23645 was patched at 2024-08-12

90. Cross Site Scripting - Safari (CVE-2024-40785) - Medium [383]

Description: This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.610CVSS Base Score is 6.1. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00073, EPSS Percentile is 0.32468

debian: CVE-2024-40785 was patched at 2024-08-21

91. Authentication Bypass - Chromium (CVE-2024-6999) - Medium [379]

Description: {'nvd_cve_data_all': 'Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17727

debian: CVE-2024-6999 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-6999 was patched at 2024-08-07

92. Authentication Bypass - Chromium (CVE-2024-7001) - Medium [379]

Description: {'nvd_cve_data_all': 'Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17727

debian: CVE-2024-7001 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-7001 was patched at 2024-08-07

93. Authentication Bypass - Chromium (CVE-2024-7003) - Medium [379]

Description: {'nvd_cve_data_all': 'Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17727

debian: CVE-2024-7003 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-7003 was patched at 2024-08-07

94. Authentication Bypass - GLPI (CVE-2022-39370) - Medium [379]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been patched, please upgrade to 10.0.4. As a workaround, delete the `install/update.php` script.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.23505

redos: CVE-2022-39370 was patched at 2024-07-26

95. Security Feature Bypass - Python (CVE-2024-41671) - Medium [379]

Description: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 8.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-41671 was patched at 2024-08-01

96. Command Injection - GLPI (CVE-2022-36112) - Medium [377]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests can be used to scan server port or services opened on GLPI server or its private network. Queries responses are not exposed to end-user (blind SSRF). Users are advised to upgrade to version 10.0.3 to resolve this issue. There are no known workarounds.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.310CVSS Base Score is 3.5. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26886

redos: CVE-2022-36112 was patched at 2024-07-26

97. Denial of Service - GLPI (CVE-2023-23610) - Medium [377]

Description: GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, ...). This issue is patched in 10.0.6.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00065, EPSS Percentile is 0.29102

redos: CVE-2023-23610 was patched at 2024-07-29

98. Memory Corruption - Mozilla Firefox (CVE-2024-7522) - Medium [377]

Description: Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.1. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.0008, EPSS Percentile is 0.3501

almalinux: CVE-2024-7522 was patched at 2024-08-14, 2024-08-15

debian: CVE-2024-7522 was patched at 2024-08-07, 2024-08-08, 2024-08-21

oraclelinux: CVE-2024-7522 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7522 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19

ubuntu: CVE-2024-7522 was patched at 2024-08-19

99. Memory Corruption - Mozilla Firefox (CVE-2024-7527) - Medium [377]

Description: Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00084, EPSS Percentile is 0.36556

almalinux: CVE-2024-7527 was patched at 2024-08-14, 2024-08-15

debian: CVE-2024-7527 was patched at 2024-08-07, 2024-08-08, 2024-08-21

oraclelinux: CVE-2024-7527 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7527 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19

ubuntu: CVE-2024-7527 was patched at 2024-08-19

100. Memory Corruption - Mozilla Firefox (CVE-2024-7528) - Medium [377]

Description: Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00068, EPSS Percentile is 0.3041

almalinux: CVE-2024-7528 was patched at 2024-08-14, 2024-08-15

oraclelinux: CVE-2024-7528 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7528 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19

ubuntu: CVE-2024-7528 was patched at 2024-08-19

101. Security Feature Bypass - Zabbix (CVE-2024-22121) - Medium [377]

Description: A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services
CVSS Base Score0.610CVSS Base Score is 6.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-22121 was patched at 2024-08-21

102. Information Disclosure - GLPI (CVE-2022-31143) - Medium [376]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. It was found that in affected versions there is an exposure of private information defined in setup of GLPI (like smtp or cas hosts). Note that passwords are not exposed. Users are advised to upgrade to version 10.0.3. There are no known workarounds for this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26886

redos: CVE-2022-31143 was patched at 2024-07-26

103. Authentication Bypass - Kubernetes (CVE-2024-5321) - Medium [375]

Description: A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
CVSS Base Score0.610CVSS Base Score is 6.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

redos: CVE-2024-5321 was patched at 2024-07-29

104. Security Feature Bypass - Oracle VM VirtualBox (CVE-2024-21106) - Medium [372]

Description: {'nvd_cve_data_all': 'Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

redos: CVE-2024-21106 was patched at 2024-07-24

105. Cross Site Scripting - GLPI (CVE-2022-24869) - Medium [371]

Description: GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can use ticket's followups or setup login messages with a stylesheet link. This may allow for a cross site scripting attack vector. This issue is partially mitigated by cors security of browsers, though users are still advised to upgrade.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.510CVSS Base Score is 4.6. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00073, EPSS Percentile is 0.32398

redos: CVE-2022-24869 was patched at 2024-07-26

106. Cross Site Scripting - GLPI (CVE-2022-41941) - Medium [371]

Description: GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scripting. An administrator may store malicious code in help links. This issue is patched in 10.0.6.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.610CVSS Base Score is 6.2. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.23505

redos: CVE-2022-41941 was patched at 2024-07-29

107. Cross Site Scripting - GLPI (CVE-2023-22725) - Medium [371]

Description: GLPI is a Free Asset and IT Management Software package. Versions 0.6.0 and above, prior to 10.0.6 are vulnerable to Cross-site Scripting. This vulnerability allow for an administrator to create a malicious external link. This issue is patched in 10.0.6.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.610CVSS Base Score is 6.2. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.23505

redos: CVE-2023-22725 was patched at 2024-07-29

108. Elevation of Privilege - wpa_supplicant (CVE-2024-5290) - Medium [370]

Description: An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.614wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-5290 was patched at 2024-08-06, 2024-08-21

ubuntu: CVE-2024-5290 was patched at 2024-08-06

109. Remote Code Execution - assimp (CVE-2024-40724) - Medium [369]

Description: Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Product detected by a:assimp:assimp (exists in CPE dict)
CVSS Base Score0.810CVSS Base Score is 8.4. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-40724 was patched at 2024-08-01

redos: CVE-2024-40724 was patched at 2024-08-07

110. Remote Code Execution - ofono (CVE-2024-7543) - Medium [369]

Description: oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23456.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Product detected by a:ofono_project:ofono (does NOT exist in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-7543 was patched at 2024-08-21

111. Remote Code Execution - ofono (CVE-2024-7544) - Medium [369]

Description: oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23457.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Product detected by a:ofono_project:ofono (does NOT exist in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-7544 was patched at 2024-08-21

112. Remote Code Execution - ofono (CVE-2024-7545) - Medium [369]

Description: oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23458.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Product detected by a:ofono_project:ofono (does NOT exist in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-7545 was patched at 2024-08-21

113. Remote Code Execution - ofono (CVE-2024-7547) - Medium [369]

Description: oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of SMS PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23460.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Product detected by a:ofono_project:ofono (does NOT exist in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-7547 was patched at 2024-08-21

114. Code Injection - Python (CVE-2024-6923) - Medium [368]

Description: There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-6923 was patched at 2024-08-21

115. Information Disclosure - Roundcube (CVE-2024-42010) - Medium [367]

Description: mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-42010 was patched at 2024-08-08, 2024-08-13, 2024-08-21

116. Authentication Bypass - TLS (CVE-2024-2048) - Medium [365]

Description: Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 8.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

redos: CVE-2024-2048 was patched at 2024-08-05

117. Denial of Service - Mozilla Firefox (CVE-2024-7518) - Medium [365]

Description: {'nvd_cve_data_all': 'Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.22581

almalinux: CVE-2024-7518 was patched at 2024-08-14, 2024-08-15

oraclelinux: CVE-2024-7518 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7518 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19

ubuntu: CVE-2024-7518 was patched at 2024-08-19

118. Memory Corruption - Chromium (CVE-2024-6988) - Medium [365]

Description: Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-6988 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-6988 was patched at 2024-08-07

119. Memory Corruption - Chromium (CVE-2024-6989) - Medium [365]

Description: Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-6989 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-6989 was patched at 2024-08-07

120. Memory Corruption - Chromium (CVE-2024-6990) - Medium [365]

Description: Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-6990 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-6990 was patched at 2024-08-07

121. Memory Corruption - Chromium (CVE-2024-6991) - Medium [365]

Description: Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-6991 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-6991 was patched at 2024-08-07

122. Memory Corruption - Chromium (CVE-2024-6994) - Medium [365]

Description: Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-6994 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-6994 was patched at 2024-08-07

123. Memory Corruption - Chromium (CVE-2024-6997) - Medium [365]

Description: Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-6997 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-6997 was patched at 2024-08-07

124. Memory Corruption - Chromium (CVE-2024-6998) - Medium [365]

Description: Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-6998 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-6998 was patched at 2024-08-07

125. Memory Corruption - Chromium (CVE-2024-7000) - Medium [365]

Description: Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-7000 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-7000 was patched at 2024-08-07

126. Memory Corruption - Chromium (CVE-2024-7255) - Medium [365]

Description: Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-7255 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-7255 was patched at 2024-08-07

127. Memory Corruption - Chromium (CVE-2024-7532) - Medium [365]

Description: Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-7532 was patched at 2024-08-08, 2024-08-21

redos: CVE-2024-7532 was patched at 2024-08-15

128. Memory Corruption - Chromium (CVE-2024-7533) - Medium [365]

Description: Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-7533 was patched at 2024-08-08, 2024-08-21

129. Memory Corruption - Chromium (CVE-2024-7534) - Medium [365]

Description: Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-7534 was patched at 2024-08-08, 2024-08-21

redos: CVE-2024-7534 was patched at 2024-08-15

130. Memory Corruption - Chromium (CVE-2024-7535) - Medium [365]

Description: Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-7535 was patched at 2024-08-08, 2024-08-21

redos: CVE-2024-7535 was patched at 2024-08-15

131. Memory Corruption - Chromium (CVE-2024-7536) - Medium [365]

Description: Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-7536 was patched at 2024-08-08, 2024-08-21

redos: CVE-2024-7536 was patched at 2024-08-15

132. Memory Corruption - Chromium (CVE-2024-7550) - Medium [365]

Description: Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00061, EPSS Percentile is 0.26915

debian: CVE-2024-7550 was patched at 2024-08-08, 2024-08-21

redos: CVE-2024-7550 was patched at 2024-08-15

133. Memory Corruption - Mozilla Firefox (CVE-2024-7519) - Medium [365]

Description: Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00079, EPSS Percentile is 0.34904

almalinux: CVE-2024-7519 was patched at 2024-08-14, 2024-08-15

debian: CVE-2024-7519 was patched at 2024-08-07, 2024-08-08, 2024-08-21

oraclelinux: CVE-2024-7519 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7519 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19

ubuntu: CVE-2024-7519 was patched at 2024-08-19

134. Memory Corruption - Safari (CVE-2024-40782) - Medium [365]

Description: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17805

debian: CVE-2024-40782 was patched at 2024-08-21

135. Security Feature Bypass - Chromium (CVE-2024-7004) - Medium [365]

Description: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17727

debian: CVE-2024-7004 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-7004 was patched at 2024-08-07

136. Security Feature Bypass - Node.js (CVE-2024-42459) - Medium [365]

Description: In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-42459 was patched at 2024-08-21

137. Denial of Service - BIND (CVE-2024-0760) - Medium [360]

Description: A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00049, EPSS Percentile is 0.1958

debian: CVE-2024-0760 was patched at 2024-08-01

redos: CVE-2024-0760 was patched at 2024-08-07

ubuntu: CVE-2024-0760 was patched at 2024-07-23

138. Denial of Service - BIND (CVE-2024-1737) - Medium [360]

Description: Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00052, EPSS Percentile is 0.21016

almalinux: CVE-2024-1737 was patched at 2024-08-14, 2024-08-19

debian: CVE-2024-1737 was patched at 2024-07-25, 2024-08-01

oraclelinux: CVE-2024-1737 was patched at 2024-08-13, 2024-08-14, 2024-08-19

redhat: CVE-2024-1737 was patched at 2024-08-14, 2024-08-15, 2024-08-19, 2024-08-20

redos: CVE-2024-1737 was patched at 2024-08-07

ubuntu: CVE-2024-1737 was patched at 2024-07-23, 2024-08-01, 2024-08-15

139. Denial of Service - BIND (CVE-2024-1975) - Medium [360]

Description: If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00049, EPSS Percentile is 0.1958

almalinux: CVE-2024-1975 was patched at 2024-08-14, 2024-08-19

debian: CVE-2024-1975 was patched at 2024-07-25, 2024-08-01

oraclelinux: CVE-2024-1975 was patched at 2024-08-13, 2024-08-14, 2024-08-19

redhat: CVE-2024-1975 was patched at 2024-08-14, 2024-08-15, 2024-08-19, 2024-08-20

redos: CVE-2024-1975 was patched at 2024-08-07

ubuntu: CVE-2024-1975 was patched at 2024-07-23, 2024-08-01, 2024-08-15

140. Denial of Service - BIND (CVE-2024-4076) - Medium [360]

Description: Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

almalinux: CVE-2024-4076 was patched at 2024-08-14

debian: CVE-2024-4076 was patched at 2024-07-25, 2024-08-01

oraclelinux: CVE-2024-4076 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-4076 was patched at 2024-08-14, 2024-08-15, 2024-08-19

redhat: CVE-2024-40767 was patched at 2024-08-07, 2024-08-08

redos: CVE-2024-4076 was patched at 2024-08-07

ubuntu: CVE-2024-4076 was patched at 2024-07-23

ubuntu: CVE-2024-40767 was patched at 2024-07-23

141. Cross Site Scripting - GLPI (CVE-2024-27914) - Medium [359]

Description: GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

redos: CVE-2024-27914 was patched at 2024-08-12

142. Denial of Service - Linux Kernel (CVE-2024-36932) - Medium [358]

Description: In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Prevent use-after-free from occurring after cdev removal Since thermal_debug_cdev_remove() does not run under cdev->lock, it can run in parallel with thermal_debug_cdev_state_update() and it may free the struct thermal_debugfs object used by the latter after it has been checked against NULL. If that happens, thermal_debug_cdev_state_update() will access memory that has been freed already causing the kernel to crash. Address this by using cdev->lock in thermal_debug_cdev_remove() around the cdev->debugfs value check (in case the same cdev is removed at the same time in two different threads) and its reset to NULL. Cc :6.8+ <stable@vger.kernel.org> # 6.8+

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

ubuntu: CVE-2024-36932 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13

143. Denial of Service - Linux Kernel (CVE-2024-42082) - Medium [358]

Description: In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN() from __xdp_reg_mem_model() syzkaller reports a warning in __xdp_reg_mem_model(). The warning occurs only if __mem_id_init_hash_table() returns an error. It returns the error in two cases: 1. memory allocation fails; 2. rhashtable_init() fails when some fields of rhashtable_params struct are not initialized properly. The second case cannot happen since there is a static const rhashtable_params struct with valid fields. So, warning is only triggered when there is a problem with memory allocation. Thus, there is no sense in using WARN() to handle this error and it can be safely removed. WARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 CPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 Call Trace: xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344 xdp_test_run_setup net/bpf/test_run.c:188 [inline] bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377 bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267 bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240 __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Found by Linux Verification Center (linuxtesting.org) with syzkaller.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42082 was patched at 2024-08-01

144. Denial of Service - Linux Kernel (CVE-2024-42240) - Medium [358]

Description: In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warning in #DB handler due to BHI mitigation When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set then entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the clear_bhb_loop() before the TF flag is cleared. This causes the #DB handler (exc_debug_kernel()) to issue a warning because single-step is used outside the entry_SYSENTER_compat() function. To address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY after making sure the TF flag is cleared. The problem can be reproduced with the following sequence: $ cat sysenter_step.c int main() { asm("pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter"); } $ gcc -o sysenter_step sysenter_step.c $ ./sysenter_step Segmentation fault (core dumped) The program is expected to crash, and the #DB handler will issue a warning. Kernel log: WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160 ... RIP: 0010:exc_debug_kernel+0xd2/0x160 ... Call Trace: <#DB> ? show_regs+0x68/0x80 ? __warn+0x8c/0x140 ? exc_debug_kernel+0xd2/0x160 ? report_bug+0x175/0x1a0 ? handle_bug+0x44/0x90 ? exc_invalid_op+0x1c/0x70 ? asm_exc_invalid_op+0x1f/0x30 ? exc_debug_kernel+0xd2/0x160 exc_debug+0x43/0x50 asm_exc_debug+0x1e/0x40 RIP: 0010:clear_bhb_loop+0x0/0xb0 ... </#DB> <TASK> ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d </TASK> [ bp: Massage commit message. ]

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42240 was patched at 2024-08-21

145. Denial of Service - Linux Kernel (CVE-2024-42241) - Medium [358]

Description: In the Linux kernel, the following vulnerability has been resolved: mm/shmem: disable PMD-sized page cache if needed For shmem files, it's possible that PMD-sized page cache can't be supported by xarray. For example, 512MB page cache on ARM64 when the base page size is 64KB can't be supported by xarray. It leads to errors as the following messages indicate when this sort of xarray entry is split. WARNING: CPU: 34 PID: 7578 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 \ nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject \ nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse xfs \ libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_net \ net_failover virtio_console virtio_blk failover dimlib virtio_mmio CPU: 34 PID: 7578 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x720 sp : ffff8000882af5f0 x29: ffff8000882af5f0 x28: ffff8000882af650 x27: ffff8000882af768 x26: 0000000000000cc0 x25: 000000000000000d x24: ffff00010625b858 x23: ffff8000882af650 x22: ffffffdfc0900000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0900000 x18: 0000000000000000 x17: 0000000000000000 x16: 0000018000000000 x15: 52f8004000000000 x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020 x11: 52f8000000000000 x10: 52f8e1c0ffff6000 x9 : ffffbeb9619a681c x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff00010b02ddb0 x5 : ffffbeb96395e378 x4 : 0000000000000000 x3 : 0000000000000cc0 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 shmem_undo_range+0x2bc/0x6a8 shmem_fallocate+0x134/0x430 vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by disabling PMD-sized page cache when HPAGE_PMD_ORDER is larger than MAX_PAGECACHE_ORDER. As Matthew Wilcox pointed, the page cache in a shmem file isn't represented by a multi-index entry and doesn't have this limitation when the xarry entry is split until commit 6b24ca4a1a8d ("mm: Use multi-index entries in the page cache").

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42241 was patched at 2024-08-21

146. Denial of Service - Linux Kernel (CVE-2024-42246) - Medium [358]

Description: In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket When using a BPF program on kernel_connect(), the call can return -EPERM. This causes xs_tcp_setup_socket() to loop forever, filling up the syslog and causing the kernel to potentially freeze up. Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN. ECONNREFUSED as error seems reasonable. For programs setting a different error can be out of reach (see handling in 4fbac77d2d09) in particular on kernels which do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -err instead of allow boolean"), thus given that it is better to simply remap for consistent behavior. UDP does handle EPERM in xs_udp_send_request().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42246 was patched at 2024-08-21

147. Denial of Service - Linux Kernel (CVE-2024-42247) - Medium [358]

Description: In the Linux kernel, the following vulnerability has been resolved: wireguard: allowedips: avoid unaligned 64-bit memory accesses On the parisc platform, the kernel issues kernel warnings because swap_endian() tries to load a 128-bit IPv6 address from an unaligned memory location: Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df) Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc) Avoid such unaligned memory accesses by instead using the get_unaligned_be64() helper macro. [Jason: replace src[8] in original patch with src+8]

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42247 was patched at 2024-08-12, 2024-08-21

148. Denial of Service - Linux Kernel (CVE-2024-42258) - Medium [358]

Description: In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Yves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") didn't work for x86_32 [1]. It is because x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT. !CONFIG_64BIT should cover all 32 bit machines. [1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42258 was patched at 2024-08-21

149. Memory Corruption - Linux Kernel (CVE-2024-41058) - Medium [358]

Description: In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: slab-use-after-free in fscache_withdraw_volume+0x2e1/0x370 Read of size 4 at addr ffff88810680be08 by task ondemand-04-dae/5798 CPU: 0 PID: 5798 Comm: ondemand-04-dae Not tainted 6.8.0-dirty #565 Call Trace: kasan_check_range+0xf6/0x1b0 fscache_withdraw_volume+0x2e1/0x370 cachefiles_withdraw_volume+0x31/0x50 cachefiles_withdraw_cache+0x3ad/0x900 cachefiles_put_unbind_pincount+0x1f6/0x250 cachefiles_daemon_release+0x13b/0x290 __fput+0x204/0xa00 task_work_run+0x139/0x230 Allocated by task 5820: __kmalloc+0x1df/0x4b0 fscache_alloc_volume+0x70/0x600 __fscache_acquire_volume+0x1c/0x610 erofs_fscache_register_volume+0x96/0x1a0 erofs_fscache_register_fs+0x49a/0x690 erofs_fc_fill_super+0x6c0/0xcc0 vfs_get_super+0xa9/0x140 vfs_get_tree+0x8e/0x300 do_new_mount+0x28c/0x580 [...] Freed by task 5820: kfree+0xf1/0x2c0 fscache_put_volume.part.0+0x5cb/0x9e0 erofs_fscache_unregister_fs+0x157/0x1b0 erofs_kill_sb+0xd9/0x1c0 deactivate_locked_super+0xa3/0x100 vfs_get_super+0x105/0x140 vfs_get_tree+0x8e/0x300 do_new_mount+0x28c/0x580 [...] ================================================================== Following is the process that triggers the issue: mount failed | daemon exit ------------------------------------------------------------ deactivate_locked_super cachefiles_daemon_release erofs_kill_sb erofs_fscache_unregister_fs fscache_relinquish_volume __fscache_relinquish_volume fscache_put_volume(fscache_volume, fscache_volume_put_relinquish) zero = __refcount_dec_and_test(&fscache_volume->ref, &ref); cachefiles_put_unbind_pincount cachefiles_daemon_unbind cachefiles_withdraw_cache cachefiles_withdraw_volumes list_del_init(&volume->cache_link) fscache_free_volume(fscache_volume) cache->ops->free_volume cachefiles_free_volume list_del_init(&cachefiles_volume->cache_link); kfree(fscache_volume) cachefiles_withdraw_volume fscache_withdraw_volume fscache_volume->n_accesses // fscache_volume UAF !!! The fscache_volume in cache->volumes must not have been freed yet, but its reference count may be 0. So use the new fscache_try_get_volume() helper function try to get its reference count. If the reference count of fscache_volume is 0, fscache_put_volume() is freeing it, so wait for it to be removed from cache->volumes. If its reference count is not 0, call cachefiles_withdraw_volume() with reference count protection to avoid the above issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-41058 was patched at 2024-08-01

150. Code Injection - Zabbix (CVE-2024-22123) - Medium [354]

Description: Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services
CVSS Base Score0.310CVSS Base Score is 2.7. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-22123 was patched at 2024-08-21

151. Command Injection - Zabbix (CVE-2024-22122) - Medium [354]

Description: Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services
CVSS Base Score0.310CVSS Base Score is 3.0. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-22122 was patched at 2024-08-21

152. Denial of Service - GLPI (CVE-2024-28241) - Medium [353]

Description: The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which involves installed folder is automatically secured by the system.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.710CVSS Base Score is 7.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

redos: CVE-2024-28241 was patched at 2024-08-12

153. Security Feature Bypass - GLPI (CVE-2022-39376) - Medium [353]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in `mailto` links. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.310CVSS Base Score is 2.6. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.23505

redos: CVE-2022-39376 was patched at 2024-07-26

154. Security Feature Bypass - PHP (CVE-2024-41811) - Medium [353]

Description: ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 3.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-41811 was patched at 2024-08-21

155. Remote Code Execution - Git (CVE-2024-6873) - Medium [352]

Description: It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited.  Fixes have been merged to all currently supported version of ClickHouse. If you are maintaining your own forked version of ClickHouse or using an older version and cannot upgrade, the fix for this vulnerability can be found in this commit  https://github.com/ClickHouse/ClickHouse/pull/64024 .

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 8.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-6873 was patched at 2024-08-21

156. Remote Code Execution - Linux Kernel (CVE-2024-43823) - Medium [352]

Description: In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() If IORESOURCE_MEM is not provided in Device Tree due to any error, resource_list_first_type() will return NULL and pci_parse_request_of_pci_ranges() will just emit a warning. This will cause a NULL pointer dereference. Fix this bug by adding NULL return check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-43823 was patched at 2024-08-21

157. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42154) - Medium [352]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.710EPSS Probability is 0.00378, EPSS Percentile is 0.73283

debian: CVE-2024-42154 was patched at 2024-08-01, 2024-08-12

158. Security Feature Bypass - TLS (CVE-2024-7383) - Medium [351]

Description: A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.710CVSS Base Score is 7.4. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-7383 was patched at 2024-08-21

159. Denial of Service - Envoy (CVE-2024-32475) - Medium [348]

Description: {'nvd_cve_data_all': 'Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5. ', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.\n', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Envoy is a cloud-native, open-source edge and service proxy
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

redos: CVE-2024-32475 was patched at 2024-08-05

160. Denial of Service - QEMU (CVE-2024-7409) - Medium [348]

Description: A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-7409 was patched at 2024-08-21

161. Security Feature Bypass - Oracle MySQL (CVE-2024-20996) - Medium [348]

Description: {'nvd_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.510CVSS Base Score is 4.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-20996 was patched at 2024-07-31

162. Security Feature Bypass - Oracle MySQL (CVE-2024-21125) - Medium [348]

Description: {'nvd_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.510CVSS Base Score is 4.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-21125 was patched at 2024-07-31

163. Security Feature Bypass - Oracle MySQL (CVE-2024-21129) - Medium [348]

Description: {'nvd_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.510CVSS Base Score is 4.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-21129 was patched at 2024-07-31

164. Security Feature Bypass - Oracle MySQL (CVE-2024-21130) - Medium [348]

Description: {'nvd_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.510CVSS Base Score is 4.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-21130 was patched at 2024-07-31

165. Memory Corruption - Linux Kernel (CVE-2024-27394) - Medium [346]

Description: In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcp_ao_connect_init Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of tcp_ao_connect_init, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 8.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

ubuntu: CVE-2024-27394 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13

166. Memory Corruption - Linux Kernel (CVE-2024-41087) - Medium [346]

Description: In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump to the err_out label, which will call devres_release_group(). devres_release_group() will trigger a call to ata_host_release(). ata_host_release() calls kfree(host), so executing the kfree(host) in ata_host_alloc() will lead to a double free: kernel BUG at mm/slub.c:553! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 RIP: 0010:kfree+0x2cf/0x2f0 Code: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da RSP: 0018:ffffc90000f377f0 EFLAGS: 00010246 RAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320 RDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0 RBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780 R13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006 FS: 00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x6a/0x90 ? kfree+0x2cf/0x2f0 ? exc_invalid_op+0x50/0x70 ? kfree+0x2cf/0x2f0 ? asm_exc_invalid_op+0x1a/0x20 ? ata_host_alloc+0xf5/0x120 [libata] ? ata_host_alloc+0xf5/0x120 [libata] ? kfree+0x2cf/0x2f0 ata_host_alloc+0xf5/0x120 [libata] ata_host_alloc_pinfo+0x14/0xa0 [libata] ahci_init_one+0x6c9/0xd20 [ahci] Ensure that we will not call kfree(host) twice, by performing the kfree() only if the devres_open_group() call failed.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-41087 was patched at 2024-08-01

167. Memory Corruption - Linux Kernel (CVE-2024-41092) - Medium [346]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix potential UAF by revoke of fence registers CI has been sporadically reporting the following issue triggered by igt@i915_selftest@live@hangcheck on ADL-P and similar machines: <6> [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence ... <6> [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled <6> [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled <3> [414.070354] Unable to pin Y-tiled fence; err:-4 <3> [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(&fence->active)) ... <4>[ 609.603992] ------------[ cut here ]------------ <2>[ 609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301! <4>[ 609.604003] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI <4>[ 609.604006] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G U W 6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1 <4>[ 609.604008] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023 <4>[ 609.604010] Workqueue: i915 __i915_gem_free_work [i915] <4>[ 609.604149] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915] ... <4>[ 609.604271] Call Trace: <4>[ 609.604273] <TASK> ... <4>[ 609.604716] __i915_vma_evict+0x2e9/0x550 [i915] <4>[ 609.604852] __i915_vma_unbind+0x7c/0x160 [i915] <4>[ 609.604977] force_unbind+0x24/0xa0 [i915] <4>[ 609.605098] i915_vma_destroy+0x2f/0xa0 [i915] <4>[ 609.605210] __i915_gem_object_pages_fini+0x51/0x2f0 [i915] <4>[ 609.605330] __i915_gem_free_objects.isra.0+0x6a/0xc0 [i915] <4>[ 609.605440] process_scheduled_works+0x351/0x690 ... In the past, there were similar failures reported by CI from other IGT tests, observed on other platforms. Before commit 63baf4f3d587 ("drm/i915/gt: Only wait for GPU activity before unbinding a GGTT fence"), i915_vma_revoke_fence() was waiting for idleness of vma->active via fence_update(). That commit introduced vma->fence->active in order for the fence_update() to be able to wait selectively on that one instead of vma->active since only idleness of fence registers was needed. But then, another commit 0d86ee35097a ("drm/i915/gt: Make fence revocation unequivocal") replaced the call to fence_update() in i915_vma_revoke_fence() with only fence_write(), and also added that GEM_BUG_ON(!i915_active_is_idle(&fence->active)) in front. No justification was provided on why we might then expect idleness of vma->fence->active without first waiting on it. The issue can be potentially caused by a race among revocation of fence registers on one side and sequential execution of signal callbacks invoked on completion of a request that was using them on the other, still processed in parallel to revocation of those fence registers. Fix it by waiting for idleness of vma->fence->active in i915_vma_revoke_fence(). (cherry picked from commit 24bb052d3dd499c5956abad5f7d8e4fd07da7fb1)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-41092 was patched at 2024-08-01

168. Memory Corruption - Linux Kernel (CVE-2024-41096) - Medium [346]

Description: In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Fix UAF in msi_capability_init KFENCE reports the following UAF: BUG: KFENCE: use-after-free read in __pci_enable_msi_range+0x2c0/0x488 Use-after-free read at 0x0000000024629571 (in kfence-#12): __pci_enable_msi_range+0x2c0/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28 kfence-#12: 0x0000000008614900-0x00000000e06c228d, size=104, cache=kmalloc-128 allocated by task 81 on cpu 7 at 10.808142s: __kmem_cache_alloc_node+0x1f0/0x2bc kmalloc_trace+0x44/0x138 msi_alloc_desc+0x3c/0x9c msi_domain_insert_msi_desc+0x30/0x78 msi_setup_msi_desc+0x13c/0x184 __pci_enable_msi_range+0x258/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28 freed by task 81 on cpu 7 at 10.811436s: msi_domain_free_descs+0xd4/0x10c msi_domain_free_locked.part.0+0xc0/0x1d8 msi_domain_alloc_irqs_all_locked+0xb4/0xbc pci_msi_setup_msi_irqs+0x30/0x4c __pci_enable_msi_range+0x2a8/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28 Descriptor allocation done in: __pci_enable_msi_range msi_capability_init msi_setup_msi_desc msi_insert_msi_desc msi_domain_insert_msi_desc msi_alloc_desc ... Freed in case of failure in __msi_domain_alloc_locked() __pci_enable_msi_range msi_capability_init pci_msi_setup_msi_irqs msi_domain_alloc_irqs_all_locked msi_domain_alloc_locked __msi_domain_alloc_locked => fails msi_domain_free_locked ... That failure propagates back to pci_msi_setup_msi_irqs() in msi_capability_init() which accesses the descriptor for unmasking in the error exit path. Cure it by copying the descriptor and using the copy for the error exit path unmask operation. [ tglx: Massaged change log ]

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-41096 was patched at 2024-08-01

169. Memory Corruption - Linux Kernel (CVE-2024-42271) - Medium [346]

Description: In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucv_sock_close() iucv_sever_path() is called from process context and from bh context. iucv->path is used as indicator whether somebody else is taking care of severing the path (or it is already removed / never existed). This needs to be done with atomic compare and swap, otherwise there is a small window where iucv_sock_close() will try to work with a path that has already been severed and freed by iucv_callback_connrej() called by iucv_tasklet_fn(). Example: [452744.123844] Call Trace: [452744.123845] ([<0000001e87f03880>] 0x1e87f03880) [452744.123966] [<00000000d593001e>] iucv_path_sever+0x96/0x138 [452744.124330] [<000003ff801ddbca>] iucv_sever_path+0xc2/0xd0 [af_iucv] [452744.124336] [<000003ff801e01b6>] iucv_sock_close+0xa6/0x310 [af_iucv] [452744.124341] [<000003ff801e08cc>] iucv_sock_release+0x3c/0xd0 [af_iucv] [452744.124345] [<00000000d574794e>] __sock_release+0x5e/0xe8 [452744.124815] [<00000000d5747a0c>] sock_close+0x34/0x48 [452744.124820] [<00000000d5421642>] __fput+0xba/0x268 [452744.124826] [<00000000d51b382c>] task_work_run+0xbc/0xf0 [452744.124832] [<00000000d5145710>] do_notify_resume+0x88/0x90 [452744.124841] [<00000000d5978096>] system_call+0xe2/0x2c8 [452744.125319] Last Breaking-Event-Address: [452744.125321] [<00000000d5930018>] iucv_path_sever+0x90/0x138 [452744.125324] [452744.125325] Kernel panic - not syncing: Fatal exception in interrupt Note that bh_lock_sock() is not serializing the tasklet context against process context, because the check for sock_owned_by_user() and corresponding handling is missing. Ideas for a future clean-up patch: A) Correct usage of bh_lock_sock() in tasklet context, as described in Re-enqueue, if needed. This may require adding return values to the tasklet functions and thus changes to all users of iucv. B) Change iucv tasklet into worker and use only lock_sock() in af_iucv.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42271 was patched at 2024-08-21

170. Memory Corruption - Linux Kernel (CVE-2024-42284) - Medium [346]

Description: In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP media address.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42284 was patched at 2024-08-21

171. Memory Corruption - Linux Kernel (CVE-2024-42285) - Medium [346]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as follows: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make sure that cm_work_handler() does not trigger a use-after-free by only freeing of the struct rdma_id_private after all pending work has finished.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42285 was patched at 2024-08-21

172. Remote Code Execution - Unknown Product (CVE-2024-26020) - Medium [345]

Description: {'nvd_cve_data_all': 'An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.6. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00091, EPSS Percentile is 0.39627

debian: CVE-2024-26020 was patched at 2024-08-01

173. Security Feature Bypass - Perl (CVE-2024-29068) - Medium [344]

Description: In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained non-regular files at these paths could then cause snapd to block indefinitely trying to read from such files and cause a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-29068 was patched at 2024-08-01

ubuntu: CVE-2024-29068 was patched at 2024-08-01

174. Elevation of Privilege - Virtual GPU (CVE-2024-0084) - Medium [342]

Description: NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.514Product detected by a:nvidia:virtual_gpu (exists in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

redos: CVE-2024-0084 was patched at 2024-08-07

175. Memory Corruption - Zabbix (CVE-2024-36461) - Medium [341]

Description: Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services
CVSS Base Score0.910CVSS Base Score is 9.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-36461 was patched at 2024-08-21

176. Denial of Service - django (CVE-2023-46695) - Medium [339]

Description: An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:djangoproject:django (exists in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00064, EPSS Percentile is 0.28694

redos: CVE-2023-46695 was patched at 2024-07-30

177. Denial of Service - Oracle MySQL (CVE-2024-21171) - Medium [336]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-21171 was patched at 2024-07-31

178. Denial of Service - Oracle MySQL (CVE-2024-21177) - Medium [336]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-21177 was patched at 2024-07-31

179. Cross Site Scripting - GLPI (CVE-2022-39372) - Medium [335]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their account information. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.310CVSS Base Score is 3.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.23505

redos: CVE-2022-39372 was patched at 2024-07-26

180. Memory Corruption - Linux Kernel (CVE-2024-36888) - Medium [334]

Description: In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle kernel pointer dereference in virtual kernel address space Failing address: 0000000000000000 TEID: 0000000000000803 [..] Call Trace: arch_vcpu_is_preempted+0x12/0x80 select_idle_sibling+0x42/0x560 select_task_rq_fair+0x29a/0x3b0 try_to_wake_up+0x38e/0x6e0 kick_pool+0xa4/0x198 __queue_work.part.0+0x2bc/0x3a8 call_timer_fn+0x36/0x160 __run_timers+0x1e2/0x328 __run_timer_base+0x5a/0x88 run_timer_softirq+0x40/0x78 __do_softirq+0x118/0x388 irq_exit_rcu+0xc0/0xd8 do_ext_irq+0xae/0x168 ext_int_handler+0xbe/0xf0 psw_idle_exit+0x0/0xc default_idle_call+0x3c/0x110 do_idle+0xd4/0x158 cpu_startup_entry+0x40/0x48 rest_init+0xc6/0xc8 start_kernel+0x3c4/0x5e0 startup_continue+0x3c/0x50 The crash is caused by calling arch_vcpu_is_preempted() for an offline CPU. To avoid this, select the cpu with cpumask_any_and_distribute() to mask __pod_cpumask with cpu_online_mask. In case no cpu is left in the pool, skip the assignment. tj: This doesn't fully fix the bug as CPUs can still go down between picking the target CPU and the wake call. Fixing that likely requires adding cpu_online() test to either the sched or s390 arch code. However, regardless of how that is fixed, workqueue shouldn't be picking a CPU which isn't online as that would result in unpredictable and worse behavior.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 6.2. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

ubuntu: CVE-2024-36888 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13

181. Security Feature Bypass - Git (CVE-2024-6472) - Medium [334]

Description: Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

almalinux: CVE-2024-6472 was patched at 2024-08-19, 2024-08-20

debian: CVE-2024-6472 was patched at 2024-08-05, 2024-08-21

oraclelinux: CVE-2024-6472 was patched at 2024-08-20

redhat: CVE-2024-6472 was patched at 2024-08-19, 2024-08-20, 2024-08-21

ubuntu: CVE-2024-6472 was patched at 2024-08-15

182. Denial of Service - Vault (CVE-2023-6337) - Medium [327]

Description: HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:hashicorp:vault (exists in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17727

redos: CVE-2023-6337 was patched at 2024-08-05

183. Denial of Service - django (CVE-2024-41990) - Medium [327]

Description: An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:djangoproject:django (exists in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00053, EPSS Percentile is 0.21936

debian: CVE-2024-41990 was patched at 2024-08-21

ubuntu: CVE-2024-41990 was patched at 2024-08-06

184. Denial of Service - django (CVE-2024-41991) - Medium [327]

Description: An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:djangoproject:django (exists in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00053, EPSS Percentile is 0.21936

debian: CVE-2024-41991 was patched at 2024-08-21

ubuntu: CVE-2024-41991 was patched at 2024-08-06

185. Cross Site Scripting - Python (CVE-2024-41810) - Medium [326]

Description: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 6.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-41810 was patched at 2024-08-01

186. Information Disclosure - HID (CVE-2024-7319) - Medium [326]

Description: An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514HID
CVSS Base Score0.710CVSS Base Score is 7.4. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-7319 was patched at 2024-08-21

187. Denial of Service - Oracle MySQL (CVE-2024-21163) - Medium [324]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-21163 was patched at 2024-07-31

188. Security Feature Bypass - Oracle VM VirtualBox (CVE-2024-21108) - Medium [324]

Description: {'nvd_cve_data_all': 'Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

redos: CVE-2024-21108 was patched at 2024-07-24

189. Incorrect Calculation - Linux Kernel (CVE-2024-42066) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix potential integer overflow in page size calculation Explicitly cast tbo->page_alignment to u64 before bit-shifting to prevent overflow when assigning to min_page_size.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-42066 was patched at 2024-08-01

190. Incorrect Calculation - Linux Kernel (CVE-2024-42102) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13709

debian: CVE-2024-42102 was patched at 2024-08-01, 2024-08-12

191. Incorrect Calculation - Linux Kernel (CVE-2024-42223) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor. Create a new 64 bit variable to hold the calculations.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42223 was patched at 2024-08-01, 2024-08-12

192. Memory Corruption - Linux Kernel (CVE-2023-52471) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: ice: Fix some null pointer dereference issues in ice_ptp.c devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

almalinux: CVE-2023-52471 was patched at 2024-08-08

oraclelinux: CVE-2023-52471 was patched at 2024-08-08

redhat: CVE-2023-52471 was patched at 2024-08-08

193. Memory Corruption - Linux Kernel (CVE-2023-52889) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is observed when receiving ICMP packets with secmark set while an ICMP raw socket is being created. SK_CTX(sk)->label is updated in apparmor_socket_post_create(), but the packet is delivered to the socket before that, causing the null pointer dereference. Drop the packet if label context is not set. BUG: kernel NULL pointer dereference, address: 000000000000004c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020 RIP: 0010:aa_label_next_confined+0xb/0x40 Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2 RSP: 0018:ffffa92940003b08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002 R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400 R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0 PKRU: 55555554 Call Trace: <IRQ> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? exc_page_fault+0x7f/0x180 ? asm_exc_page_fault+0x26/0x30 ? aa_label_next_confined+0xb/0x40 apparmor_secmark_check+0xec/0x330 security_sock_rcv_skb+0x35/0x50 sk_filter_trim_cap+0x47/0x250 sock_queue_rcv_skb_reason+0x20/0x60 raw_rcv+0x13c/0x210 raw_local_deliver+0x1f3/0x250 ip_protocol_deliver_rcu+0x4f/0x2f0 ip_local_deliver_finish+0x76/0xa0 __netif_receive_skb_one_core+0x89/0xa0 netif_receive_skb+0x119/0x170 ? __netdev_alloc_skb+0x3d/0x140 vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a] __napi_poll+0x28/0x1b0 net_rx_action+0x2a4/0x380 __do_softirq+0xd1/0x2c8 __irq_exit_rcu+0xbb/0xf0 common_interrupt+0x86/0xa0 </IRQ> <TASK> asm_common_interrupt+0x26/0x40 RIP: 0010:apparmor_socket_post_create+0xb/0x200 Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48 RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286 RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003 R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748 ? __pfx_apparmor_socket_post_create+0x10/0x10 security_socket_post_create+0x4b/0x80 __sock_create+0x176/0x1f0 __sys_socket+0x89/0x100 __x64_sys_socket+0x17/0x20 do_syscall_64+0x5d/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2023-52889 was patched at 2024-08-21

194. Memory Corruption - Linux Kernel (CVE-2024-36884) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() This was missed because of the function pointer indirection. nvidia_smmu_context_fault() is also installed as a irq function, and the 'void *' was changed to a struct arm_smmu_domain. Since the iommu_domain is embedded at a non-zero offset this causes nvidia_smmu_context_fault() to miscompute the offset. Fixup the types. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000120 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000107c9f000 [0000000000000120] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] SMP Modules linked in: CPU: 1 PID: 47 Comm: kworker/u25:0 Not tainted 6.9.0-0.rc7.58.eln136.aarch64 #1 Hardware name: Unknown NVIDIA Jetson Orin NX/NVIDIA Jetson Orin NX, BIOS 3.1-32827747 03/19/2023 Workqueue: events_unbound deferred_probe_work_func pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : nvidia_smmu_context_fault+0x1c/0x158 lr : __free_irq+0x1d4/0x2e8 sp : ffff80008044b6f0 x29: ffff80008044b6f0 x28: ffff000080a60b18 x27: ffffd32b5172e970 x26: 0000000000000000 x25: ffff0000802f5aac x24: ffff0000802f5a30 x23: ffff0000802f5b60 x22: 0000000000000057 x21: 0000000000000000 x20: ffff0000802f5a00 x19: ffff000087d4cd80 x18: ffffffffffffffff x17: 6234362066666666 x16: 6630303078302d30 x15: ffff00008156d888 x14: 0000000000000000 x13: ffff0000801db910 x12: ffff00008156d6d0 x11: 0000000000000003 x10: ffff0000801db918 x9 : ffffd32b50f94d9c x8 : 1fffe0001032fda1 x7 : ffff00008197ed00 x6 : 000000000000000f x5 : 000000000000010e x4 : 000000000000010e x3 : 0000000000000000 x2 : ffffd32b51720cd8 x1 : ffff000087e6f700 x0 : 0000000000000057 Call trace: nvidia_smmu_context_fault+0x1c/0x158 __free_irq+0x1d4/0x2e8 free_irq+0x3c/0x80 devm_free_irq+0x64/0xa8 arm_smmu_domain_free+0xc4/0x158 iommu_domain_free+0x44/0xa0 iommu_deinit_device+0xd0/0xf8 __iommu_group_remove_device+0xcc/0xe0 iommu_bus_notifier+0x64/0xa8 notifier_call_chain+0x78/0x148 blocking_notifier_call_chain+0x4c/0x90 bus_notify+0x44/0x70 device_del+0x264/0x3e8 pci_remove_bus_device+0x84/0x120 pci_remove_root_bus+0x5c/0xc0 dw_pcie_host_deinit+0x38/0xe0 tegra_pcie_config_rp+0xc0/0x1f0 tegra_pcie_dw_probe+0x34c/0x700 platform_probe+0x70/0xe8 really_probe+0xc8/0x3a0 __driver_probe_device+0x84/0x160 driver_probe_device+0x44/0x130 __device_attach_driver+0xc4/0x170 bus_for_each_drv+0x90/0x100 __device_attach+0xa8/0x1c8 device_initial_probe+0x1c/0x30 bus_probe_device+0xb0/0xc0 deferred_probe_work_func+0xbc/0x120 process_one_work+0x194/0x490 worker_thread+0x284/0x3b0 kthread+0xf4/0x108 ret_from_fork+0x10/0x20 Code: a9b97bfd 910003fd a9025bf5 f85a0035 (b94122a1)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

ubuntu: CVE-2024-36884 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13

195. Memory Corruption - Linux Kernel (CVE-2024-36925) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Using restricted DMA pools (CONFIG_DMA_RESTRICTED_POOL=y) in conjunction with dynamic SWIOTLB (CONFIG_SWIOTLB_DYNAMIC=y) leads to the following crash when initialising the restricted pools at boot-time: | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 | Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP | pc : rmem_swiotlb_device_init+0xfc/0x1ec | lr : rmem_swiotlb_device_init+0xf0/0x1ec | Call trace: | rmem_swiotlb_device_init+0xfc/0x1ec | of_reserved_mem_device_init_by_idx+0x18c/0x238 | of_dma_configure_id+0x31c/0x33c | platform_dma_configure+0x34/0x80 faddr2line reveals that the crash is in the list validation code: include/linux/list.h:83 include/linux/rculist.h:79 include/linux/rculist.h:106 kernel/dma/swiotlb.c:306 kernel/dma/swiotlb.c:1695 because add_mem_pool() is trying to list_add_rcu() to a NULL 'mem->pools'. Fix the crash by initialising the 'mem->pools' list_head in rmem_swiotlb_device_init() before calling add_mem_pool().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

ubuntu: CVE-2024-36925 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13

196. Memory Corruption - Linux Kernel (CVE-2024-38563) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Without this commit, reading chip temperature will cause memory leakage.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

ubuntu: CVE-2024-38563 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13

197. Memory Corruption - Linux Kernel (CVE-2024-41038) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the algorithm block header. This means the overall header length is variable, and the position of most fields varies depending on the length of the string fields. Each field must be checked to ensure that it does not overflow the firmware data buffer. As this ia bugfix patch, the fixes avoid making any significant change to the existing code. This makes it easier to review and less likely to introduce new bugs.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-41038 was patched at 2024-08-01

198. Memory Corruption - Linux Kernel (CVE-2024-41089) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes In nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). The same applies to drm_cvt_mode(). Add a check to avoid null pointer dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-41089 was patched at 2024-08-01

199. Memory Corruption - Linux Kernel (CVE-2024-41093) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid using null object of framebuffer Instead of using state->fb->obj[0] directly, get object from framebuffer by calling drm_gem_fb_get_obj() and return error code when object is null to avoid using null object of framebuffer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-41093 was patched at 2024-08-01

200. Memory Corruption - Linux Kernel (CVE-2024-41095) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes In nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-41095 was patched at 2024-08-01

201. Memory Corruption - Linux Kernel (CVE-2024-41098) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer dereference on error If the ata_port_alloc() call in ata_host_alloc() fails, ata_host_release() will get called. However, the code in ata_host_release() tries to free ata_port struct members unconditionally, which can lead to the following: BUG: unable to handle page fault for address: 0000000000003990 PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 10 PID: 594 Comm: (udev-worker) Not tainted 6.10.0-rc5 #44 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 RIP: 0010:ata_host_release.cold+0x2f/0x6e [libata] Code: e4 4d 63 f4 44 89 e2 48 c7 c6 90 ad 32 c0 48 c7 c7 d0 70 33 c0 49 83 c6 0e 41 RSP: 0018:ffffc90000ebb968 EFLAGS: 00010246 RAX: 0000000000000041 RBX: ffff88810fb52e78 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff88813b3218c0 RDI: ffff88813b3218c0 RBP: ffff88810fb52e40 R08: 0000000000000000 R09: 6c65725f74736f68 R10: ffffc90000ebb738 R11: 73692033203a746e R12: 0000000000000004 R13: 0000000000000000 R14: 0000000000000011 R15: 0000000000000006 FS: 00007f6cc55b9980(0000) GS:ffff88813b300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000003990 CR3: 00000001122a2000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2f0 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? ata_host_release.cold+0x2f/0x6e [libata] ? ata_host_release.cold+0x2f/0x6e [libata] release_nodes+0x35/0xb0 devres_release_group+0x113/0x140 ata_host_alloc+0xed/0x120 [libata] ata_host_alloc_pinfo+0x14/0xa0 [libata] ahci_init_one+0x6c9/0xd20 [ahci] Do not access ata_port struct members unconditionally.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-41098 was patched at 2024-08-01

202. Memory Corruption - Linux Kernel (CVE-2024-42065) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init Add an explicit check to ensure that the mgr is not NULL.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-42065 was patched at 2024-08-01

203. Memory Corruption - Linux Kernel (CVE-2024-42073) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems The following two shared buffer operations make use of the Shared Buffer Status Register (SBSR): # devlink sb occupancy snapshot pci/0000:01:00.0 # devlink sb occupancy clearmax pci/0000:01:00.0 The register has two masks of 256 bits to denote on which ingress / egress ports the register should operate on. Spectrum-4 has more than 256 ports, so the register was extended by cited commit with a new 'port_page' field. However, when filling the register's payload, the driver specifies the ports as absolute numbers and not relative to the first port of the port page, resulting in memory corruptions [1]. Fix by specifying the ports relative to the first port of the port page. [1] BUG: KASAN: slab-use-after-free in mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0 Read of size 1 at addr ffff8881068cb00f by task devlink/1566 [...] Call Trace: <TASK> dump_stack_lvl+0xc6/0x120 print_report+0xce/0x670 kasan_report+0xd7/0x110 mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0 mlxsw_devlink_sb_occ_snapshot+0x75/0xb0 devlink_nl_sb_occ_snapshot_doit+0x1f9/0x2a0 genl_family_rcv_msg_doit+0x20c/0x300 genl_rcv_msg+0x567/0x800 netlink_rcv_skb+0x170/0x450 genl_rcv+0x2d/0x40 netlink_unicast+0x547/0x830 netlink_sendmsg+0x8d4/0xdb0 __sys_sendto+0x49b/0x510 __x64_sys_sendto+0xe5/0x1c0 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f [...] Allocated by task 1: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 copy_verifier_state+0xbc2/0xfb0 do_check_common+0x2c51/0xc7e0 bpf_check+0x5107/0x9960 bpf_prog_load+0xf0e/0x2690 __sys_bpf+0x1a61/0x49d0 __x64_sys_bpf+0x7d/0xc0 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 1: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 poison_slab_object+0x109/0x170 __kasan_slab_free+0x14/0x30 kfree+0xca/0x2b0 free_verifier_state+0xce/0x270 do_check_common+0x4828/0xc7e0 bpf_check+0x5107/0x9960 bpf_prog_load+0xf0e/0x2690 __sys_bpf+0x1a61/0x49d0 __x64_sys_bpf+0x7d/0xc0 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42073 was patched at 2024-08-01

204. Memory Corruption - Linux Kernel (CVE-2024-42079) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix NULL pointer dereference in gfs2_log_flush In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush lock to provide exclusion against gfs2_log_flush(). In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before dereferencing it. Otherwise, we could run into a NULL pointer dereference when outstanding glock work races with an unmount (glock_work_func -> run_queue -> do_xmote -> inode_go_sync -> gfs2_log_flush).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42079 was patched at 2024-08-01

205. Memory Corruption - Linux Kernel (CVE-2024-42080) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Fix potential invalid address access struct rdma_restrack_entry's kern_name was set to KBUILD_MODNAME in ib_create_cq(), while if the module exited but forgot del this rdma_restrack_entry, it would cause a invalid address access in rdma_restrack_clean() when print the owner of this rdma_restrack_entry. These code is used to help find one forgotten PD release in one of the ULPs. But it is not needed anymore, so delete them.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42080 was patched at 2024-08-01

206. Memory Corruption - Linux Kernel (CVE-2024-42081) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/xe/xe_devcoredump: Check NULL before assignments Assign 'xe_devcoredump_snapshot *' and 'xe_device *' only if 'coredump' is not NULL. v2 - Fix commit messages. v3 - Define variables before code.(Ashutosh/Jose) v4 - Drop return check for coredump_to_xe. (Jose/Rodrigo) v5 - Modify misleading commit message. (Matt)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-42081 was patched at 2024-08-01

207. Memory Corruption - Linux Kernel (CVE-2024-42232) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can requeue the delayed work which wouldn't be canceled by any of the following code in case that happens after cancel_delayed_work_sync() runs -- __close_session() doesn't mess with the delayed work in order to avoid interfering with the hunting interval logic. This part was missed in commit b5d91704f53e ("libceph: behave in mon_fault() if cur_mon < 0") and use-after-free can still ensue on monc and objects that hang off of it, with monc->auth and monc->monmap being particularly susceptible to quickly being reused. To fix this: - clear monc->cur_mon and monc->hunting as part of closing the session in ceph_monc_stop() - bail from delayed_work() if monc->cur_mon is cleared, similar to how it's done in mon_fault() and finish_hunting() (based on monc->hunting) - call cancel_delayed_work_sync() after the session is closed

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42232 was patched at 2024-08-12, 2024-08-21

208. Memory Corruption - Linux Kernel (CVE-2024-42236) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str[0 - 1] == '\n') followed closely by an OOB write in the form `str[0 - 1] = '\0'`. There is already a validating check to catch strings that are too long. Let's supply an additional check for invalid strings that are too short.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42236 was patched at 2024-08-12, 2024-08-21

209. Memory Corruption - Linux Kernel (CVE-2024-42238) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Return error if block header overflows file Return an error from cs_dsp_power_up() if a block header is longer than the amount of data left in the file. The previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop while there was enough data left in the file for a valid region. This protected against overrunning the end of the file data, but it didn't abort the file processing with an error.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42238 was patched at 2024-08-21

210. Memory Corruption - Linux Kernel (CVE-2024-42269) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). ip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id], but the function is exposed to user space before the entry is allocated via register_pernet_subsys(). Let's call register_pernet_subsys() before xt_register_template().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42269 was patched at 2024-08-21

211. Memory Corruption - Linux Kernel (CVE-2024-42270) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). We had a report that iptables-restore sometimes triggered null-ptr-deref at boot time. [0] The problem is that iptable_nat_table_init() is exposed to user space before the kernel fully initialises netns. In the small race window, a user could call iptable_nat_table_init() that accesses net_generic(net, iptable_nat_net_id), which is available only after registering iptable_nat_net_ops. Let's call register_pernet_subsys() before xt_register_template(). [0]: bpfilter: Loaded bpfilter_umh pid 11702 Started bpfilter BUG: kernel NULL pointer dereference, address: 0000000000000013 PF: supervisor write access in kernel mode PF: error_code(0x0002) - not-present page PGD 0 P4D 0 PREEMPT SMP NOPTI CPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1 Hardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017 RIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat Code: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c RSP: 0018:ffffbef902843cd0 EFLAGS: 00010246 RAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80 RDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0 RBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240 R10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000 R13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004 FS: 00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259) ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259) ? xt_find_table_lock (net/netfilter/x_tables.c:1259) ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420) ? page_fault_oops (arch/x86/mm/fault.c:727) ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518) ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570) ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat xt_find_table_lock (net/netfilter/x_tables.c:1259) xt_request_find_table_lock (net/netfilter/x_tables.c:1287) get_info (net/ipv4/netfilter/ip_tables.c:965) ? security_capable (security/security.c:809 (discriminator 13)) ? ns_capable (kernel/capability.c:376 kernel/capability.c:397) ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656) ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter nf_getsockopt (net/netfilter/nf_sockopt.c:116) ip_getsockopt (net/ipv4/ip_sockglue.c:1827) __sys_getsockopt (net/socket.c:2327) __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339) do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121) RIP: 0033:0x7f62844685ee Code: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09 RSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0 R10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2 R13: 00007f6284 ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42270 was patched at 2024-08-21

212. Security Feature Bypass - Oracle Java SE (CVE-2024-20923) - Medium [320]

Description: {'nvd_cve_data_all': 'Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Oracle Java SE
CVSS Base Score0.310CVSS Base Score is 3.1. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17727

redos: CVE-2024-20923 was patched at 2024-08-20

213. Security Feature Bypass - Oracle Java SE (CVE-2024-20925) - Medium [320]

Description: {'nvd_cve_data_all': 'Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Oracle Java SE
CVSS Base Score0.310CVSS Base Score is 3.1. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17727

redos: CVE-2024-20925 was patched at 2024-08-20

214. Information Disclosure - Python (CVE-2024-40647) - Medium [319]

Description: sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK < 2.8.0 allows the environment variables to be passed to subprocesses despite the `env={}` setting. In Python's `subprocess` calls, all environment variables are passed to subprocesses by default. However, if you specifically do not want them to be passed to subprocesses, you may use `env` argument in `subprocess` calls. Due to the bug in Sentry SDK, with the Stdlib integration enabled (which is enabled by default), this expectation is not fulfilled, and all environment variables are being passed to subprocesses instead. The issue has been patched in pull request #3251 and is included in sentry-sdk==2.8.0. We strongly recommend upgrading to the latest SDK version. However, if it's not possible, and if passing environment variables to child processes poses a security risk for you, you can disable all default integrations.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.10865

debian: CVE-2024-40647 was patched at 2024-08-01

215. Elevation of Privilege - Virtual GPU (CVE-2024-0085) - Medium [318]

Description: NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.514Product detected by a:nvidia:virtual_gpu (exists in CPE dict)
CVSS Base Score0.610CVSS Base Score is 6.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

redos: CVE-2024-0085 was patched at 2024-08-07

216. Memory Corruption - Safari (CVE-2024-40776) - Medium [317]

Description: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00108, EPSS Percentile is 0.44456

debian: CVE-2024-40776 was patched at 2024-08-21

217. Memory Corruption - Safari (CVE-2024-40779) - Medium [317]

Description: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00049, EPSS Percentile is 0.1885

debian: CVE-2024-40779 was patched at 2024-08-21

218. Memory Corruption - Safari (CVE-2024-40780) - Medium [317]

Description: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00049, EPSS Percentile is 0.1885

debian: CVE-2024-40780 was patched at 2024-08-21

219. Code Injection - Unknown Product (CVE-2024-43360) - Medium [316]

Description: {'nvd_cve_data_all': 'ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-43360 was patched at 2024-08-21

220. Denial of Service - TLS (CVE-2024-5971) - Medium [315]

Description: A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13709

redhat: CVE-2024-5971 was patched at 2024-08-08

221. Denial of Service - Oracle MySQL (CVE-2024-21127) - Medium [313]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.510CVSS Base Score is 4.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-21127 was patched at 2024-07-31

222. Denial of Service - Oracle MySQL (CVE-2024-21142) - Medium [313]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.510CVSS Base Score is 4.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-21142 was patched at 2024-07-31

223. Denial of Service - Oracle MySQL (CVE-2024-21162) - Medium [313]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.510CVSS Base Score is 4.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-21162 was patched at 2024-07-31

224. Denial of Service - Oracle MySQL (CVE-2024-21165) - Medium [313]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.510CVSS Base Score is 4.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-21165 was patched at 2024-07-31

225. Denial of Service - Oracle MySQL (CVE-2024-21173) - Medium [313]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.510CVSS Base Score is 4.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-21173 was patched at 2024-07-31

226. Denial of Service - Oracle MySQL (CVE-2024-21179) - Medium [313]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.510CVSS Base Score is 4.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-21179 was patched at 2024-07-31

227. Denial of Service - Oracle MySQL (CVE-2024-21185) - Medium [313]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38, 8.4.1 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.510CVSS Base Score is 4.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-21185 was patched at 2024-07-31

228. Denial of Service - vim (CVE-2024-41957) - Medium [313]

Description: Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Vim is a free and open-source, screen-based text editor program
CVSS Base Score0.510CVSS Base Score is 4.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13333

debian: CVE-2024-41957 was patched at 2024-08-21

229. Memory Corruption - Linux Kernel (CVE-2024-42227) - Medium [310]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix overlapping copy within dml_core_mode_programming [WHY] &mode_lib->mp.Watermark and &locals->Watermark are the same address. memcpy may lead to unexpected behavior. [HOW] memmove should be used.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix overlapping copy within dml_core_mode_programming\n\n[WHY]\n&mode_lib->mp.Watermark and &locals->Watermark are\nthe same address. memcpy may lead to unexpected behavior.\n\n[HOW]\nmemmove should be used.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-42227 was patched at 2024-08-01

230. Remote Code Execution - Unknown Product (CVE-2024-22116) - Medium [309]

Description: {'nvd_cve_data_all': 'An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-22116 was patched at 2024-08-21

231. Remote Code Execution - Unknown Product (CVE-2024-5651) - Medium [309]

Description: {'nvd_cve_data_all': 'A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting\xa0 --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting\xa0 --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-5651 was patched at 2024-08-21

232. Path Traversal - Python (CVE-2024-42367) - Medium [308]

Description: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are vulnerable to path traversal outside the root directory if those variants are symbolic links. The server protects static routes from path traversal outside the root directory when `follow_symlinks=False` (default). It does this by resolving the requested URL to an absolute path and then checking that path relative to the root. However, these checks are not performed when looking for compressed variants in the `FileResponse` class, and symbolic links are then automatically followed when performing the `Path.stat()` and `Path.open()` to send the file. Version 3.10.2 contains a patch for the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 4.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-42367 was patched at 2024-08-21

233. Security Feature Bypass - Oracle Java SE (CVE-2024-20922) - Medium [308]

Description: {'nvd_cve_data_all': 'Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Oracle Java SE
CVSS Base Score0.210CVSS Base Score is 2.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00049, EPSS Percentile is 0.19696

redos: CVE-2024-20922 was patched at 2024-08-20

234. Denial of Service - Consul (CVE-2023-1297) - Medium [303]

Description: Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:hashicorp:consul (exists in CPE dict)
CVSS Base Score0.510CVSS Base Score is 4.9. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00078, EPSS Percentile is 0.34546

redos: CVE-2023-1297 was patched at 2024-08-05

235. Denial of Service - NVIDIA GPU Display Driver (CVE-2024-0079) - Medium [303]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest VM can cause a NULL-pointer dereference in the host. A successful exploit of this vulnerability may lead to denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514A NVIDIA driver is a software program that enables communication between your computer and the NVIDIA graphics processor installed in your system
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

redos: CVE-2024-0079 was patched at 2024-08-07

236. Denial of Service - Vault (CVE-2023-5954) - Medium [303]

Description: HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:hashicorp:vault (exists in CPE dict)
CVSS Base Score0.610CVSS Base Score is 5.9. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17727

redos: CVE-2023-5954 was patched at 2024-08-05

237. Denial of Service - libtiff (CVE-2024-7006) - Medium [303]

Description: A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:libtiff:libtiff (exists in CPE dict)
CVSS Base Score0.610CVSS Base Score is 6.2. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17727

debian: CVE-2024-7006 was patched at 2024-08-21

238. Memory Corruption - postgresql (CVE-2024-7348) - Medium [303]

Description: Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Product detected by a:postgresql:postgresql (exists in CPE dict)
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.0005, EPSS Percentile is 0.20006

debian: CVE-2024-7348 was patched at 2024-08-09, 2024-08-21

ubuntu: CVE-2024-7348 was patched at 2024-08-19

239. Denial of Service - Oracle MySQL (CVE-2024-21134) - Medium [301]

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.14041

ubuntu: CVE-2024-21134 was patched at 2024-07-31

240. Cross Site Scripting - Mozilla Firefox (CVE-2024-7524) - Medium [300]

Description: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

almalinux: CVE-2024-7524 was patched at 2024-08-14, 2024-08-15

debian: CVE-2024-7524 was patched at 2024-08-07, 2024-08-21

oraclelinux: CVE-2024-7524 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7524 was patched at 2024-08-13, 2024-08-14, 2024-08-15

ubuntu: CVE-2024-7524 was patched at 2024-08-19

241. Denial of Service - Linux Kernel (CVE-2024-42299) - Medium [298]

Description: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed If an NTFS file system is mounted to another system with different PAGE_SIZE from the original system, log->page_size will change in log_replay(), but log->page_{mask,bits} don't change correspondingly. This will cause a panic because "u32 bytes = log->page_size - page_off" will get a negative value in the later read_log_page().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-42299 was patched at 2024-08-21

242. Denial of Service - Linux Kernel (CVE-2024-43817) - Medium [298]

Description: In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again 1. After the skb_segment function the buffer may become non-linear (nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere the __skb_linearize function will not be executed, then the buffer will remain non-linear. Then the condition (offset >= skb_headlen(skb)) becomes true, which causes WARN_ON_ONCE in skb_checksum_help. 2. The struct sk_buff and struct virtio_net_hdr members must be mathematically related. (gso_size) must be greater than (needed) otherwise WARN_ON_ONCE. (remainder) must be greater than (needed) otherwise WARN_ON_ONCE. (remainder) may be 0 if division is without remainder. offset+2 (4191) > skb_headlen() (1116) WARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303 Modules linked in: CPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 RIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303 Code: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 <0f> 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef RSP: 0018:ffffc90003a9f338 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209 RDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001 RBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c R13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d FS: 0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777 ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584 ip_finish_output_gso net/ipv4/ip_output.c:286 [inline] __ip_finish_output net/ipv4/ip_output.c:308 [inline] __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295 ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433 dst_output include/net/dst.h:451 [inline] ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129 iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82 ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline] sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3545 [inline] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561 __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346 dev_queue_xmit include/linux/netdevice.h:3134 [inline] packet_xmit+0x257/0x380 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3087 [inline] packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180 net/socket.c:745 __sys_sendto+0x255/0x340 net/socket.c:2190 __do_sys_sendto net/socket.c:2202 [inline] __se_sys_sendto net/socket.c:2198 [inline] __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b Found by Linux Verification Center (linuxtesting.org) with Syzkaller

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-43817 was patched at 2024-08-21

243. Memory Corruption - Linux Kernel (CVE-2024-42229) - Medium [298]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.410CVSS Base Score is 4.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.10865

debian: CVE-2024-42229 was patched at 2024-08-01, 2024-08-12

244. Denial of Service - fugit (CVE-2024-43380) - Medium [291]

Description: fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausibility are impacted. A fix was released in fugit 1.11.1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:floraison:fugit (does NOT exist in CPE dict)
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-43380 was patched at 2024-08-21

245. Memory Corruption - django (CVE-2024-41989) - Medium [291]

Description: An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Product detected by a:djangoproject:django (exists in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00053, EPSS Percentile is 0.21936

debian: CVE-2024-41989 was patched at 2024-08-21

ubuntu: CVE-2024-41989 was patched at 2024-08-06

246. Memory Corruption - FFmpeg (CVE-2024-7055) - Medium [289]

Description: A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.610CVSS Base Score is 6.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.10865

debian: CVE-2024-7055 was patched at 2024-08-14, 2024-08-21

247. Unknown Vulnerability Type - GLPI (CVE-2023-34254) - Medium [288]

Description: {'nvd_cve_data_all': 'The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.810CVSS Base Score is 7.6. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00147, EPSS Percentile is 0.51394

redos: CVE-2023-34254 was patched at 2024-08-12

248. Denial of Service - Linux Kernel (CVE-2024-41064) - Medium [286]

Description: In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: avoid possible crash when edev->pdev changes If a PCI device is removed during eeh_pe_report_edev(), edev->pdev will change and can cause a crash, hold the PCI rescan/remove lock while taking a copy of edev->pdev->bus.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.10865

debian: CVE-2024-41064 was patched at 2024-08-01, 2024-08-12

249. Denial of Service - Linux Kernel (CVE-2024-42304) - Medium [286]

Description: In the Linux kernel, the following vulnerability has been resolved: ext4: make sure the first directory block is not a hole The syzbot constructs a directory that has no dirblock but is non-inline, i.e. the first directory block is a hole. And no errors are reported when creating files in this directory in the following flow. ext4_mknod ... ext4_add_entry // Read block 0 ext4_read_dirblock(dir, block, DIRENT) bh = ext4_bread(NULL, inode, block, 0) if (!bh && (type == INDEX || type == DIRENT_HTREE)) // The first directory block is a hole // But type == DIRENT, so no error is reported. After that, we get a directory block without '.' and '..' but with a valid dentry. This may cause some code that relies on dot or dotdot (such as make_indexed_dir()) to crash. Therefore when ext4_read_dirblock() finds that the first directory block is a hole report that the filesystem is corrupted and return an error to avoid loading corrupted data from disk causing something bad.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13709

debian: CVE-2024-42304 was patched at 2024-08-21

250. Memory Corruption - Flatpak (CVE-2024-42472) - Medium [286]

Description: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox. Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code. For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414Flatpak is a utility for software deployment and package management for Linux
CVSS Base Score1.010CVSS Base Score is 10.0. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13709

debian: CVE-2024-42472 was patched at 2024-08-14, 2024-08-21

251. Cross Site Scripting - moodle (CVE-2023-5541) - Medium [285]

Description: The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Product detected by a:moodle:moodle (exists in CPE dict)
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00052, EPSS Percentile is 0.21305

redos: CVE-2023-5541 was patched at 2024-07-26

252. Remote Code Execution - Unknown Product (CVE-2023-31315) - Medium [285]

Description: {'nvd_cve_data_all': 'Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2023-31315 was patched at 2024-08-21

oraclelinux: CVE-2023-31315 was patched at 2024-08-08

253. Remote Code Execution - Unknown Product (CVE-2024-0077) - Medium [285]

Description: {'nvd_cve_data_all': 'NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

redos: CVE-2024-0077 was patched at 2024-08-07

254. Remote Code Execution - Unknown Product (CVE-2024-7538) - Medium [285]

Description: {'nvd_cve_data_all': 'oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT Commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23190.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of responses from AT Commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23190.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-7538 was patched at 2024-08-21

255. Remote Code Execution - Unknown Product (CVE-2024-7539) - Medium [285]

Description: {'nvd_cve_data_all': 'oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CUSD commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23195.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of responses from AT+CUSD commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23195.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-7539 was patched at 2024-08-21

256. Remote Code Execution - Unknown Product (CVE-2024-7546) - Medium [285]

Description: {'nvd_cve_data_all': 'oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23459.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23459.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-7546 was patched at 2024-08-21

257. Authentication Bypass - Unknown Product (CVE-2024-6993) - Medium [282]

Description: {'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to BDU data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

debian: CVE-2024-6993 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-6993 was patched at 2024-08-07

258. Information Disclosure - Filebeat (CVE-2023-31413) - Medium [279]

Description: Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514Product detected by a:elastic:filebeat (exists in CPE dict)
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

redos: CVE-2023-31413 was patched at 2024-07-26

259. Security Feature Bypass - Unknown Product (CVE-2024-25638) - Medium [279]

Description: {'nvd_cve_data_all': 'dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.9. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-25638 was patched at 2024-08-01

260. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42225) - Medium [269]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: replace skb_put with skb_put_zero\n\nAvoid potentially reusing uninitialized data', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.0005, EPSS Percentile is 0.20458

debian: CVE-2024-42225 was patched at 2024-08-01

261. Cross Site Scripting - Roundcube (CVE-2024-42008) - Medium [266]

Description: A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-42008 was patched at 2024-08-08, 2024-08-13, 2024-08-21

262. Cross Site Scripting - Roundcube (CVE-2024-42009) - Medium [266]

Description: A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-42009 was patched at 2024-08-08, 2024-08-13, 2024-08-21

263. Spoofing - Chromium (CVE-2024-6996) - Medium [264]

Description: Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.310CVSS Base Score is 3.1. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17727

debian: CVE-2024-6996 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-6996 was patched at 2024-08-07

264. Unknown Vulnerability Type - Mozilla Firefox (CVE-2024-7526) - Medium [264]

Description: {'nvd_cve_data_all': 'ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00068, EPSS Percentile is 0.30511

almalinux: CVE-2024-7526 was patched at 2024-08-14, 2024-08-15

debian: CVE-2024-7526 was patched at 2024-08-07, 2024-08-08, 2024-08-21

oraclelinux: CVE-2024-7526 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7526 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19

ubuntu: CVE-2024-7526 was patched at 2024-08-19

265. Incorrect Calculation - Linux Kernel (CVE-2024-42136) - Medium [263]

Description: In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat: [ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long') [ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 366.027502] CPU: 5 PID: 28472 Comm: syz-executor.7 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 366.027512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 366.027518] Call Trace: [ 366.027523] <TASK> [ 366.027533] dump_stack_lvl+0x93/0xd0 [ 366.027899] handle_overflow+0x171/0x1b0 [ 366.038787] ata1.00: invalid multi_count 32 ignored [ 366.043924] cdrom_ioctl+0x2c3f/0x2d10 [ 366.063932] ? __pm_runtime_resume+0xe6/0x130 [ 366.071923] sr_block_ioctl+0x15d/0x1d0 [ 366.074624] ? __pfx_sr_block_ioctl+0x10/0x10 [ 366.077642] blkdev_ioctl+0x419/0x500 [ 366.080231] ? __pfx_blkdev_ioctl+0x10/0x10 ... Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang. It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's rearrange the check to not perform any arithmetic, thus not tripping the sanitizer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-42136 was patched at 2024-08-01

266. Memory Corruption - Linux Kernel (CVE-2024-35858) - Medium [263]

Description: In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix memory leak when bringing down interface When bringing down the TX rings we flush the rings but forget to reclaimed the flushed packets. This leads to a memory leak since we do not free the dma mapped buffers. This also leads to tx control block corruption when bringing down the interface for power management.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

ubuntu: CVE-2024-35858 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13

267. Memory Corruption - Linux Kernel (CVE-2024-36011) - Medium [263]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hci_le_big_sync_established_evt().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: HCI: Fix potential null-ptr-deref\n\nFix potential null-ptr-deref in hci_le_big_sync_established_evt().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

ubuntu: CVE-2024-36011 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13

268. Memory Corruption - Linux Kernel (CVE-2024-38539) - Medium [263]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw When running blktests nvme/rdma, the following kmemleak issue will appear. kmemleak: Kernel memory leak detector initialized (mempool available:36041) kmemleak: Automatic memory scanning thread started kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 8 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 17 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 4 new suspected memory leaks (see /sys/kernel/debug/kmemleak) unreferenced object 0xffff88855da53400 (size 192): comm "rdma", pid 10630, jiffies 4296575922 hex dump (first 32 bytes): 37 00 00 00 00 00 00 00 c0 ff ff ff 1f 00 00 00 7............... 10 34 a5 5d 85 88 ff ff 10 34 a5 5d 85 88 ff ff .4.].....4.].... backtrace (crc 47f66721): [<ffffffff911251bd>] kmalloc_trace+0x30d/0x3b0 [<ffffffffc2640ff7>] alloc_gid_entry+0x47/0x380 [ib_core] [<ffffffffc2642206>] add_modify_gid+0x166/0x930 [ib_core] [<ffffffffc2643468>] ib_cache_update.part.0+0x6d8/0x910 [ib_core] [<ffffffffc2644e1a>] ib_cache_setup_one+0x24a/0x350 [ib_core] [<ffffffffc263949e>] ib_register_device+0x9e/0x3a0 [ib_core] [<ffffffffc2a3d389>] 0xffffffffc2a3d389 [<ffffffffc2688cd8>] nldev_newlink+0x2b8/0x520 [ib_core] [<ffffffffc2645fe3>] rdma_nl_rcv_msg+0x2c3/0x520 [ib_core] [<ffffffffc264648c>] rdma_nl_rcv_skb.constprop.0.isra.0+0x23c/0x3a0 [ib_core] [<ffffffff9270e7b5>] netlink_unicast+0x445/0x710 [<ffffffff9270f1f1>] netlink_sendmsg+0x761/0xc40 [<ffffffff9249db29>] __sys_sendto+0x3a9/0x420 [<ffffffff9249dc8c>] __x64_sys_sendto+0xdc/0x1b0 [<ffffffff92db0ad3>] do_syscall_64+0x93/0x180 [<ffffffff92e00126>] entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause: rdma_put_gid_attr is not called when sgid_attr is set to ERR_PTR(-ENODEV).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

ubuntu: CVE-2024-38539 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13

269. Memory Corruption - Linux Kernel (CVE-2024-38551) - Medium [263]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Assign dummy when codec not specified for a DAI link MediaTek sound card drivers are checking whether a DAI link is present and used on a board to assign the correct parameters and this is done by checking the codec DAI names at probe time. If no real codec is present, assign the dummy codec to the DAI link to avoid NULL pointer during string comparison.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Assign dummy when codec not specified for a DAI link\n\nMediaTek sound card drivers are checking whether a DAI link is present\nand used on a board to assign the correct parameters and this is done\nby checking the codec DAI names at probe time.\n\nIf no real codec is present, assign the dummy codec to the DAI link\nto avoid NULL pointer during string comparison.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

ubuntu: CVE-2024-38551 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13

270. Memory Corruption - Linux Kernel (CVE-2024-41051) - Medium [263]

Description: In the Linux kernel, the following vulnerability has been resolved: cachefiles: wait for ondemand_object_worker to finish when dropping object When queuing ondemand_object_worker() to re-open the object, cachefiles_object is not pinned. The cachefiles_object may be freed when the pending read request is completed intentionally and the related erofs is umounted. If ondemand_object_worker() runs after the object is freed, it will incur use-after-free problem as shown below. process A processs B process C process D cachefiles_ondemand_send_req() // send a read req X // wait for its completion // close ondemand fd cachefiles_ondemand_fd_release() // set object as CLOSE cachefiles_ondemand_daemon_read() // set object as REOPENING queue_work(fscache_wq, &info->ondemand_work) // close /dev/cachefiles cachefiles_daemon_release cachefiles_flush_reqs complete(&req->done) // read req X is completed // umount the erofs fs cachefiles_put_object() // object will be freed cachefiles_ondemand_deinit_obj_info() kmem_cache_free(object) // both info and object are freed ondemand_object_worker() When dropping an object, it is no longer necessary to reopen the object, so use cancel_work_sync() to cancel or wait for ondemand_object_worker() to finish.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-41051 was patched at 2024-08-01

271. Memory Corruption - Linux Kernel (CVE-2024-41057) - Medium [263]

Description: In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: slab-use-after-free in cachefiles_withdraw_cookie+0x4d9/0x600 Read of size 8 at addr ffff888118efc000 by task kworker/u78:0/109 CPU: 13 PID: 109 Comm: kworker/u78:0 Not tainted 6.8.0-dirty #566 Call Trace: <TASK> kasan_report+0x93/0xc0 cachefiles_withdraw_cookie+0x4d9/0x600 fscache_cookie_state_machine+0x5c8/0x1230 fscache_cookie_worker+0x91/0x1c0 process_one_work+0x7fa/0x1800 [...] Allocated by task 117: kmalloc_trace+0x1b3/0x3c0 cachefiles_acquire_volume+0xf3/0x9c0 fscache_create_volume_work+0x97/0x150 process_one_work+0x7fa/0x1800 [...] Freed by task 120301: kfree+0xf1/0x2c0 cachefiles_withdraw_cache+0x3fa/0x920 cachefiles_put_unbind_pincount+0x1f6/0x250 cachefiles_daemon_release+0x13b/0x290 __fput+0x204/0xa00 task_work_run+0x139/0x230 do_exit+0x87a/0x29b0 [...] ================================================================== Following is the process that triggers the issue: p1 | p2 ------------------------------------------------------------ fscache_begin_lookup fscache_begin_volume_access fscache_cache_is_live(fscache_cache) cachefiles_daemon_release cachefiles_put_unbind_pincount cachefiles_daemon_unbind cachefiles_withdraw_cache fscache_withdraw_cache fscache_set_cache_state(cache, FSCACHE_CACHE_IS_WITHDRAWN); cachefiles_withdraw_objects(cache) fscache_wait_for_objects(fscache) atomic_read(&fscache_cache->object_count) == 0 fscache_perform_lookup cachefiles_lookup_cookie cachefiles_alloc_object refcount_set(&object->ref, 1); object->volume = volume fscache_count_object(vcookie->cache); atomic_inc(&fscache_cache->object_count) cachefiles_withdraw_volumes cachefiles_withdraw_volume fscache_withdraw_volume __cachefiles_free_volume kfree(cachefiles_volume) fscache_cookie_state_machine cachefiles_withdraw_cookie cache = object->volume->cache; // cachefiles_volume UAF !!! After setting FSCACHE_CACHE_IS_WITHDRAWN, wait for all the cookie lookups to complete first, and then wait for fscache_cache->object_count == 0 to avoid the cookie exiting after the volume has been freed and triggering the above issue. Therefore call fscache_withdraw_volume() before calling cachefiles_withdraw_objects(). This way, after setting FSCACHE_CACHE_IS_WITHDRAWN, only the following two cases will occur: 1) fscache_begin_lookup fails in fscache_begin_volume_access(). 2) fscache_withdraw_volume() will ensure that fscache_count_object() has been executed before calling fscache_wait_for_objects().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-41057 was patched at 2024-08-01

272. Memory Corruption - Linux Kernel (CVE-2024-41066) - Medium [263]

Description: In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: tx_buff[free_map[consumer_index]]->skb = new_skb; free_map[consumer_index] = IBMVNIC_INVALID_MAP; consumer_index ++; Where variable data looks like this: free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3] consumer_index^ tx_buff == [skb=null, skb=<ptr>, skb=<ptr>, skb=null, skb=null] The driver has checks to ensure that free_map[consumer_index] pointed to a valid index but there was no check to ensure that this index pointed to an unused/null skb address. So, if, by some chance, our free_map and tx_buff lists become out of sync then we were previously risking an skb memory leak. This could then cause tcp congestion control to stop sending packets, eventually leading to ETIMEDOUT. Therefore, add a conditional to ensure that the skb address is null. If not then warn the user (because this is still a bug that should be patched) and free the old pointer to prevent memleak/tcp problems.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-41066 was patched at 2024-08-01

273. Memory Corruption - Linux Kernel (CVE-2024-41076) - Medium [263]

Description: In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4_set_security_label We leak nfs_fattr and nfs4_label every time we set a security xattr.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-41076 was patched at 2024-08-01

274. Memory Corruption - Linux Kernel (CVE-2024-42314) - Medium [263]

Description: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when adding pages to compressed bio At add_ra_bio_pages() we are accessing the extent map to calculate 'add_size' after we dropped our reference on the extent map, resulting in a use-after-free. Fix this by computing 'add_size' before dropping our extent map reference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-42314 was patched at 2024-08-21

275. Remote Code Execution - Unknown Product (CVE-2024-43168) - Medium [261]

Description: {'nvd_cve_data_all': 'A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

debian: CVE-2024-43168 was patched at 2024-08-21

276. Elevation of Privilege - Unknown Product (CVE-2023-42667) - Medium [258]

Description: {'nvd_cve_data_all': 'Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2023-42667 was patched at 2024-08-21

ubuntu: CVE-2023-42667 was patched at 2024-08-20

277. Unknown Vulnerability Type - Linux Kernel (CVE-2024-41061) - Medium [257]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport [Why] Potential out of bounds access in dml2_calculate_rq_and_dlg_params() because the value of out_lowest_state_idx used as an index for FCLKChangeSupport array can be greater than 1. [How] Currently dml2 core specifies identical values for all FCLKChangeSupport elements. Always use index 0 in the condition to avoid out of bounds access.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport\n\n[Why]\nPotential out of bounds access in dml2_calculate_rq_and_dlg_params()\nbecause the value of out_lowest_state_idx used as an index for FCLKChangeSupport\narray can be greater than 1.\n\n[How]\nCurrently dml2 core specifies identical values for all FCLKChangeSupport\nelements. Always use index 0 in the condition to avoid out of bounds access.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-41061 was patched at 2024-08-01

278. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42159) - Medium [257]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't be allowed.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42159 was patched at 2024-08-01

279. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42160) - Medium [257]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f2fs_build_fault_attr(). - Use f2fs_build_fault_attr() in __sbi_store() to clean up code.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check validation of fault attrs in f2fs_build_fault_attr()\n\n- It missed to check validation of fault attrs in parse_options(),\nlet's fix to add check condition in f2fs_build_fault_attr().\n- Use f2fs_build_fault_attr() in __sbi_store() to clean up code.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42160 was patched at 2024-08-01

280. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42161) - Medium [257]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: \t[...] \tunsigned long long val;\t\t\t\t\t\t \\ \t[...]\t\t\t\t\t\t\t\t \\ \tswitch (__CORE_RELO(s, field, BYTE_SIZE)) {\t\t\t \\ \tcase 1: val = *(const unsigned char *)p; break;\t\t\t \\ \tcase 2: val = *(const unsigned short *)p; break;\t\t \\ \tcase 4: val = *(const unsigned int *)p; break;\t\t\t \\ \tcase 8: val = *(const unsigned long long *)p; break;\t\t \\ } \t\t\t\t\t\t\t \\ \t[...] \tval;\t\t\t\t\t\t\t\t \\ \t}\t\t\t\t\t\t\t\t \\ This patch adds a default entry in the switch statement that sets `val' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE. Tested in bpf-next master. No regressions.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD\n\n[Changes from V1:\n - Use a default branch in the switch statement to initialize `val'.]\n\nGCC warns that `val' may be used uninitialized in the\nBPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:\n\n\t[...]\n\tunsigned long long val;\t\t\t\t\t\t \\\n\t[...]\t\t\t\t\t\t\t\t \\\n\tswitch (__CORE_RELO(s, field, BYTE_SIZE)) {\t\t\t \\\n\tcase 1: val = *(const unsigned char *)p; break;\t\t\t \\\n\tcase 2: val = *(const unsigned short *)p; break;\t\t \\\n\tcase 4: val = *(const unsigned int *)p; break;\t\t\t \\\n\tcase 8: val = *(const unsigned long long *)p; break;\t\t \\\n } \t\t\t\t\t\t\t \\\n\t[...]\n\tval;\t\t\t\t\t\t\t\t \\\n\t}\t\t\t\t\t\t\t\t \\\n\nThis patch adds a default entry in the switch statement that sets\n`val' to zero in order to avoid the warning, and random values to be\nused in case __builtin_preserve_field_info returns unexpected values\nfor BPF_FIELD_BYTE_SIZE.\n\nTested in bpf-next master.\nNo regressions.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42161 was patched at 2024-08-01, 2024-08-12

281. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42224) - Medium [257]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_entry() is non-NULL. This appears to be intended to guard against the list chip->mdios being empty. However, it is not the correct check as the implementation of list_first_entry is not designed to return NULL for empty lists. Instead, use list_first_entry_or_null() which does return NULL if the list is empty. Flagged by Smatch. Compile tested only.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO\nbusses") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty. However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42224 was patched at 2024-08-01, 2024-08-12

282. Unknown Vulnerability Type - Mozilla Firefox (CVE-2024-7531) - Medium [252]

Description: {'nvd_cve_data_all': 'Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.0006, EPSS Percentile is 0.26532

debian: CVE-2024-7531 was patched at 2024-08-07, 2024-08-21

ubuntu: CVE-2024-7531 was patched at 2024-08-19

283. Incorrect Calculation - Linux Kernel (CVE-2024-43828) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fast_commit When doing fast_commit replay an infinite loop may occur due to an uninitialized extent_status struct. ext4_ext_determine_insert_hole() does not detect the replay and calls ext4_es_find_extent_range(), which will return immediately without initializing the 'es' variable. Because 'es' contains garbage, an integer overflow may happen causing an infinite loop in this function, easily reproducible using fstest generic/039. This commit fixes this issue by unconditionally initializing the structure in function ext4_es_find_extent_range(). Thanks to Zhang Yi, for figuring out the real problem!

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.10865

debian: CVE-2024-43828 was patched at 2024-08-21

284. Memory Corruption - Linux Kernel (CVE-2023-52433) - Medium [251]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an already released object. Once transaction is finished, async GC will collect such expired element.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: skip sync GC for new elements in this transaction\n\nNew elements in this transaction might expired before such transaction\nends. Skip sync GC for such elements otherwise commit path might walk\nover an already released object. Once transaction is finished, async GC\nwill collect such expired element.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.10865

redos: CVE-2023-52433 was patched at 2024-08-13

285. Memory Corruption - Linux Kernel (CVE-2024-36030) - Medium [251]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: fix the double free in rvu_npc_freemem() Clang static checker(scan-build) warning: drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c:line 2184, column 2 Attempt to free released memory. npc_mcam_rsrcs_deinit() has released 'mcam->counters.bmap'. Deleted this redundant kfree() to fix this double free problem.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: fix the double free in rvu_npc_freemem()\n\nClang static checker(scan-build) warning:\ndrivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c:line 2184, column 2\nAttempt to free released memory.\n\nnpc_mcam_rsrcs_deinit() has released 'mcam->counters.bmap'. Deleted this\nredundant kfree() to fix this double free problem.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

ubuntu: CVE-2024-36030 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13

286. Memory Corruption - Linux Kernel (CVE-2024-41012) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. Separately, posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13709

debian: CVE-2024-41012 was patched at 2024-08-01, 2024-08-12

287. Memory Corruption - Linux Kernel (CVE-2024-41014) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed members of xlog_op_header in the xlog_recover_process_data. We can create a crafted image to trigger an out of bounds read by following these steps: 1) Mount an image of xfs, and do some file operations to leave records 2) Before umounting, copy the image for subsequent steps to simulate abnormal exit. Because umount will ensure that tail_blk and head_blk are the same, which will result in the inability to enter xlog_recover_process_data 3) Write a tool to parse and modify the copied image in step 2 4) Make the end of the xlog_op_header entries only 1 byte away from xlog_rec_header->h_size 5) xlog_rec_header->h_num_logops++ 6) Modify xlog_rec_header->h_crc Fix: Add a check to make sure there is sufficient space to access fixed members of xlog_op_header.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-41014 was patched at 2024-08-01

288. Memory Corruption - Linux Kernel (CVE-2024-41023) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix task_struct reference leak During the execution of the following stress test with linux-rt: stress-ng --cyclic 30 --timeout 30 --minimize --quiet kmemleak frequently reported a memory leak concerning the task_struct: unreferenced object 0xffff8881305b8000 (size 16136): comm "stress-ng", pid 614, jiffies 4294883961 (age 286.412s) object hex dump (first 32 bytes): 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ debug hex dump (first 16 bytes): 53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S............... backtrace: [<00000000046b6790>] dup_task_struct+0x30/0x540 [<00000000c5ca0f0b>] copy_process+0x3d9/0x50e0 [<00000000ced59777>] kernel_clone+0xb0/0x770 [<00000000a50befdc>] __do_sys_clone+0xb6/0xf0 [<000000001dbf2008>] do_syscall_64+0x5d/0xf0 [<00000000552900ff>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 The issue occurs in start_dl_timer(), which increments the task_struct reference count and sets a timer. The timer callback, dl_task_timer, is supposed to decrement the reference count upon expiration. However, if enqueue_task_dl() is called before the timer expires and cancels it, the reference count is not decremented, leading to the leak. This patch fixes the reference leak by ensuring the task_struct reference count is properly decremented when the timer is canceled.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-41023 was patched at 2024-08-01

289. Memory Corruption - Linux Kernel (CVE-2024-41040) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct] Read of size 1 at addr ffff888c07603600 by task handler130/6469 Call Trace: <IRQ> dump_stack_lvl+0x48/0x70 print_address_description.constprop.0+0x33/0x3d0 print_report+0xc0/0x2b0 kasan_report+0xd0/0x120 __asan_load1+0x6c/0x80 tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct] tcf_ct_act+0x886/0x1350 [act_ct] tcf_action_exec+0xf8/0x1f0 fl_classify+0x355/0x360 [cls_flower] __tcf_classify+0x1fd/0x330 tcf_classify+0x21c/0x3c0 sch_handle_ingress.constprop.0+0x2c5/0x500 __netif_receive_skb_core.constprop.0+0xb25/0x1510 __netif_receive_skb_list_core+0x220/0x4c0 netif_receive_skb_list_internal+0x446/0x620 napi_complete_done+0x157/0x3d0 gro_cell_poll+0xcf/0x100 __napi_poll+0x65/0x310 net_rx_action+0x30c/0x5c0 __do_softirq+0x14f/0x491 __irq_exit_rcu+0x82/0xc0 irq_exit_rcu+0xe/0x20 common_interrupt+0xa1/0xb0 </IRQ> <TASK> asm_common_interrupt+0x27/0x40 Allocated by task 6469: kasan_save_stack+0x38/0x70 kasan_set_track+0x25/0x40 kasan_save_alloc_info+0x1e/0x40 __kasan_krealloc+0x133/0x190 krealloc+0xaa/0x130 nf_ct_ext_add+0xed/0x230 [nf_conntrack] tcf_ct_act+0x1095/0x1350 [act_ct] tcf_action_exec+0xf8/0x1f0 fl_classify+0x355/0x360 [cls_flower] __tcf_classify+0x1fd/0x330 tcf_classify+0x21c/0x3c0 sch_handle_ingress.constprop.0+0x2c5/0x500 __netif_receive_skb_core.constprop.0+0xb25/0x1510 __netif_receive_skb_list_core+0x220/0x4c0 netif_receive_skb_list_internal+0x446/0x620 napi_complete_done+0x157/0x3d0 gro_cell_poll+0xcf/0x100 __napi_poll+0x65/0x310 net_rx_action+0x30c/0x5c0 __do_softirq+0x14f/0x491 Freed by task 6469: kasan_save_stack+0x38/0x70 kasan_set_track+0x25/0x40 kasan_save_free_info+0x2b/0x60 ____kasan_slab_free+0x180/0x1f0 __kasan_slab_free+0x12/0x30 slab_free_freelist_hook+0xd2/0x1a0 __kmem_cache_free+0x1a2/0x2f0 kfree+0x78/0x120 nf_conntrack_free+0x74/0x130 [nf_conntrack] nf_ct_destroy+0xb2/0x140 [nf_conntrack] __nf_ct_resolve_clash+0x529/0x5d0 [nf_conntrack] nf_ct_resolve_clash+0xf6/0x490 [nf_conntrack] __nf_conntrack_confirm+0x2c6/0x770 [nf_conntrack] tcf_ct_act+0x12ad/0x1350 [act_ct] tcf_action_exec+0xf8/0x1f0 fl_classify+0x355/0x360 [cls_flower] __tcf_classify+0x1fd/0x330 tcf_classify+0x21c/0x3c0 sch_handle_ingress.constprop.0+0x2c5/0x500 __netif_receive_skb_core.constprop.0+0xb25/0x1510 __netif_receive_skb_list_core+0x220/0x4c0 netif_receive_skb_list_internal+0x446/0x620 napi_complete_done+0x157/0x3d0 gro_cell_poll+0xcf/0x100 __napi_poll+0x65/0x310 net_rx_action+0x30c/0x5c0 __do_softirq+0x14f/0x491 The ct may be dropped if a clash has been resolved but is still passed to the tcf_ct_flow_table_process_conn function for further usage. This issue can be fixed by retrieving ct from skb again after confirming conntrack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.10865

debian: CVE-2024-41040 was patched at 2024-08-01, 2024-08-12

290. Memory Corruption - Linux Kernel (CVE-2024-41049) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.10865

debian: CVE-2024-41049 was patched at 2024-08-01, 2024-08-12

291. Memory Corruption - Linux Kernel (CVE-2024-41070) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Al reported a possible use-after-free (UAF) in kvm_spapr_tce_attach_iommu_group(). It looks up `stt` from tablefd, but then continues to use it after doing fdput() on the returned fd. After the fdput() the tablefd is free to be closed by another thread. The close calls kvm_spapr_tce_release() and then release_spapr_tce_table() (via call_rcu()) which frees `stt`. Although there are calls to rcu_read_lock() in kvm_spapr_tce_attach_iommu_group() they are not sufficient to prevent the UAF, because `stt` is used outside the locked regions. With an artifcial delay after the fdput() and a userspace program which triggers the race, KASAN detects the UAF: BUG: KASAN: slab-use-after-free in kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm] Read of size 4 at addr c000200027552c30 by task kvm-vfio/2505 CPU: 54 PID: 2505 Comm: kvm-vfio Not tainted 6.10.0-rc3-next-20240612-dirty #1 Hardware name: 8335-GTH POWER9 0x4e1202 opal:skiboot-v6.5.3-35-g1851b2a06 PowerNV Call Trace: dump_stack_lvl+0xb4/0x108 (unreliable) print_report+0x2b4/0x6ec kasan_report+0x118/0x2b0 __asan_load4+0xb8/0xd0 kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm] kvm_vfio_set_attr+0x524/0xac0 [kvm] kvm_device_ioctl+0x144/0x240 [kvm] sys_ioctl+0x62c/0x1810 system_call_exception+0x190/0x440 system_call_vectored_common+0x15c/0x2ec ... Freed by task 0: ... kfree+0xec/0x3e0 release_spapr_tce_table+0xd4/0x11c [kvm] rcu_core+0x568/0x16a0 handle_softirqs+0x23c/0x920 do_softirq_own_stack+0x6c/0x90 do_softirq_own_stack+0x58/0x90 __irq_exit_rcu+0x218/0x2d0 irq_exit+0x30/0x80 arch_local_irq_restore+0x128/0x230 arch_local_irq_enable+0x1c/0x30 cpuidle_enter_state+0x134/0x5cc cpuidle_enter+0x6c/0xb0 call_cpuidle+0x7c/0x100 do_idle+0x394/0x410 cpu_startup_entry+0x60/0x70 start_secondary+0x3fc/0x410 start_secondary_prolog+0x10/0x14 Fix it by delaying the fdput() until `stt` is no longer in use, which is effectively the entire function. To keep the patch minimal add a call to fdput() at each of the existing return paths. Future work can convert the function to goto or __cleanup style cleanup. With the fix in place the test case no longer triggers the UAF.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.10865

debian: CVE-2024-41070 was patched at 2024-08-01, 2024-08-12

292. Memory Corruption - Linux Kernel (CVE-2024-42104) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file inodes, which triggers a kernel bug in lru_add_fn(). As Jan Kara pointed out, this is because the link count of a metadata file gets corrupted to 0, and nilfs_evict_inode(), which is called from iput(), tries to delete that inode (ifile inode in this case). The inconsistency occurs because directories containing the inode numbers of these metadata files that should not be visible in the namespace are read without checking. Fix this issue by treating the inode numbers of these internal files as errors in the sanity check helper when reading directory folios/pages. Also thanks to Hillf Danton and Matthew Wilcox for their initial mm-layer analysis.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13709

debian: CVE-2024-42104 was patched at 2024-08-01, 2024-08-12

293. Memory Corruption - Linux Kernel (CVE-2024-42105) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode being exposed in the namespace on a corrupted filesystem, and a couple of flaws that cause problems if the starting number of non-reserved inodes written in the on-disk super block is intentionally (or corruptly) changed from its default value. This patch (of 3): In the current implementation of nilfs2, "nilfs->ns_first_ino", which gives the first non-reserved inode number, is read from the superblock, but its lower limit is not checked. As a result, if a number that overlaps with the inode number range of reserved inodes such as the root directory or metadata files is set in the super block parameter, the inode number test macros (NILFS_MDT_INODE and NILFS_VALID_INODE) will not function properly. In addition, these test macros use left bit-shift calculations using with the inode number as the shift count via the BIT macro, but the result of a shift calculation that exceeds the bit width of an integer is undefined in the C specification, so if "ns_first_ino" is set to a large value other than the default value NILFS_USER_INO (=11), the macros may potentially malfunction depending on the environment. Fix these issues by checking the lower bound of "nilfs->ns_first_ino" and by preventing bit shifts equal to or greater than the NILFS_USER_INO constant in the inode number test macros. Also, change the type of "ns_first_ino" from signed integer to unsigned integer to avoid the need for type casting in comparisons such as the lower bound check introduced this time.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13709

debian: CVE-2024-42105 was patched at 2024-08-01, 2024-08-12

294. Memory Corruption - Linux Kernel (CVE-2024-42137) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown() by adding condition to avoid the serdev is flushed or wrote after closed but also introduces this regression issue regarding above steps since the VSC is not sent to reset controller during warm reboot. Fixed by sending the VSC to reset controller within qca_serdev_shutdown() once BT was ever enabled, and the use-after-free issue is also fixed by this change since the serdev is still opened before it is flushed or wrote. Verified by the reported machine Dell XPS 13 9310 laptop over below two kernel commits: commit e00fc2700a3f ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of bluetooth-next tree. commit b23d98d46d28 ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of linus mainline tree.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.10865

debian: CVE-2024-42137 was patched at 2024-08-01, 2024-08-12

295. Memory Corruption - Linux Kernel (CVE-2024-42287) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Complete command early within lock A crash was observed while performing NPIV and FW reset, BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT_RT SMP NOPTI RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0 RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034 R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000 FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x1a/0x60 ? page_fault_oops+0x16f/0x4a0 ? do_user_addr_fault+0x174/0x7f0 ? exc_page_fault+0x69/0x1a0 ? asm_exc_page_fault+0x22/0x30 ? dma_direct_unmap_sg+0x51/0x1e0 ? preempt_count_sub+0x96/0xe0 qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx] qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx] __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx] The command completion was done early while aborting the commands in driver unload path but outside lock to avoid the WARN_ON condition of performing dma_free_attr within the lock. However this caused race condition while command completion via multiple paths causing system crash. Hence complete the command early in unload path but within the lock to avoid race condition.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.10865

debian: CVE-2024-42287 was patched at 2024-08-21

296. Memory Corruption - Linux Kernel (CVE-2024-42288) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.10865

debian: CVE-2024-42288 was patched at 2024-08-21

297. Memory Corruption - Linux Kernel (CVE-2024-42302) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Keith reports a use-after-free when a DPC event occurs concurrently to hot-removal of the same portion of the hierarchy: The dpc_handler() awaits readiness of the secondary bus below the Downstream Port where the DPC event occurred. To do so, it polls the config space of the first child device on the secondary bus. If that child device is concurrently removed, accesses to its struct pci_dev cause the kernel to oops. That's because pci_bridge_wait_for_secondary_bus() neglects to hold a reference on the child device. Before v6.3, the function was only called on resume from system sleep or on runtime resume. Holding a reference wasn't necessary back then because the pciehp IRQ thread could never run concurrently. (On resume from system sleep, IRQs are not enabled until after the resume_noirq phase. And runtime resume is always awaited before a PCI device is removed.) However starting with v6.3, pci_bridge_wait_for_secondary_bus() is also called on a DPC event. Commit 53b54ad074de ("PCI/DPC: Await readiness of secondary bus after reset"), which introduced that, failed to appreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a reference on the child device because dpc_handler() and pciehp may indeed run concurrently. The commit was backported to v5.10+ stable kernels, so that's the oldest one affected. Add the missing reference acquisition. Abridged stack trace: BUG: unable to handle page fault for address: 00000000091400c0 CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0 RIP: pci_bus_read_config_dword+0x17/0x50 pci_dev_wait() pci_bridge_wait_for_secondary_bus() dpc_reset_link() pcie_do_recovery() dpc_handler()

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.10865

debian: CVE-2024-42302 was patched at 2024-08-21

298. Memory Corruption - Linux Kernel (CVE-2024-43861) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13709

debian: CVE-2024-43861 was patched at 2024-08-21

299. Memory Corruption - Linux Kernel (CVE-2024-43871) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13709

debian: CVE-2024-43871 was patched at 2024-08-21

300. Memory Corruption - Linux Kernel (CVE-2024-43882) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much later in the execve() code path, the file metadata (specifically mode, uid, and gid) is used to determine if/how to set the uid and gid. However, those values may have changed since the permissions check, meaning the execution may gain unintended privileges. For example, if a file could change permissions from executable and not set-id: ---------x 1 root root 16048 Aug 7 13:16 target to set-id and non-executable: ---S------ 1 root root 16048 Aug 7 13:16 target it is possible to gain root privileges when execution should have been disallowed. While this race condition is rare in real-world scenarios, it has been observed (and proven exploitable) when package managers are updating the setuid bits of installed programs. Such files start with being world-executable but then are adjusted to be group-exec with a set-uid bit. For example, "chmod o-x,u+s target" makes "target" executable only by uid "root" and gid "cdrom", while also becoming setuid-root: -rwxr-xr-x 1 root cdrom 16048 Aug 7 13:16 target becomes: -rwsr-xr-- 1 root cdrom 16048 Aug 7 13:16 target But racing the chmod means users without group "cdrom" membership can get the permission to execute "target" just before the chmod, and when the chmod finishes, the exec reaches brpm_fill_uid(), and performs the setuid to root, violating the expressed authorization of "only cdrom group members can setuid to root". Re-check that we still have execute permissions in case the metadata has changed. It would be better to keep a copy from the perm-check time, but until we can do that refactoring, the least-bad option is to do a full inode_permission() call (under inode lock). It is understood that this is safe against dead-locks, but hardly optimal.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13709

debian: CVE-2024-43882 was patched at 2024-08-21

301. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42162) - Medium [245]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped queues when reading NIC stats We now account for the fact that the NIC might send us stats for a subset of queues. Without this change, gve_get_ethtool_stats might make an invalid access on the priv->stats_report->stats array.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Account for stopped queues when reading NIC stats\n\nWe now account for the fact that the NIC might send us stats for a\nsubset of queues. Without this change, gve_get_ethtool_stats might make\nan invalid access on the priv->stats_report->stats array.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.0. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-42162 was patched at 2024-08-01

302. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42228) - Medium [245]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually need to have a separate value of 0xffffffff.(Christian)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n need to have a separate value of 0xffffffff.(Christian)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.0. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.05019

debian: CVE-2024-42228 was patched at 2024-08-01

303. Memory Corruption - nginx_open_source (CVE-2024-7347) - Medium [244]

Description: NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Product detected by a:f5:nginx_open_source (does NOT exist in CPE dict)
CVSS Base Score0.510CVSS Base Score is 4.7. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13333

debian: CVE-2024-7347 was patched at 2024-08-21

304. Security Feature Bypass - Unknown Product (CVE-2024-24980) - Medium [244]

Description: {'nvd_cve_data_all': 'Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.09526

debian: CVE-2024-24980 was patched at 2024-08-21

ubuntu: CVE-2024-24980 was patched at 2024-08-20

305. Unknown Vulnerability Type - GLPI (CVE-2022-39234) - Medium [240]

Description: {'nvd_cve_data_all': 'GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie is valid. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie is valid. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.510CVSS Base Score is 4.7. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00104, EPSS Percentile is 0.4323

redos: CVE-2022-39234 was patched at 2024-07-26

306. Unknown Vulnerability Type - GLPI (CVE-2023-51446) - Medium [240]

Description: {'nvd_cve_data_all': 'GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.610CVSS Base Score is 5.9. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00063, EPSS Percentile is 0.28035

redos: CVE-2023-51446 was patched at 2024-08-12

307. Unknown Vulnerability Type - GLPI (CVE-2024-27930) - Medium [240]

Description: {'nvd_cve_data_all': 'GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

redos: CVE-2024-27930 was patched at 2024-08-12

308. Unknown Vulnerability Type - GLPI (CVE-2024-27937) - Medium [240]

Description: {'nvd_cve_data_all': 'GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13. ', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13.\n', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GLPI is an open source IT Asset Management, issue tracking system and service desk system
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.16364

redos: CVE-2024-27937 was patched at 2024-08-12

309. Memory Corruption - Linux Kernel (CVE-2022-48869) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: USB: gadgetfs: Fix race between mounting and unmounting The syzbot fuzzer and Gerald Lee have identified a use-after-free bug in the gadgetfs driver, involving processes concurrently mounting and unmounting the gadgetfs filesystem. In particular, gadgetfs_fill_super() can race with gadgetfs_kill_sb(), causing the latter to deallocate the_device while the former is using it. The output from KASAN says, in part: BUG: KASAN: use-after-free in instrument_atomic_read_write include/linux/instrumented.h:102 [inline] BUG: KASAN: use-after-free in atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline] BUG: KASAN: use-after-free in __refcount_sub_and_test include/linux/refcount.h:272 [inline] BUG: KASAN: use-after-free in __refcount_dec_and_test include/linux/refcount.h:315 [inline] BUG: KASAN: use-after-free in refcount_dec_and_test include/linux/refcount.h:333 [inline] BUG: KASAN: use-after-free in put_dev drivers/usb/gadget/legacy/inode.c:159 [inline] BUG: KASAN: use-after-free in gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086 Write of size 4 at addr ffff8880276d7840 by task syz-executor126/18689 CPU: 0 PID: 18689 Comm: syz-executor126 Not tainted 6.1.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: <TASK> ... atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline] __refcount_sub_and_test include/linux/refcount.h:272 [inline] __refcount_dec_and_test include/linux/refcount.h:315 [inline] refcount_dec_and_test include/linux/refcount.h:333 [inline] put_dev drivers/usb/gadget/legacy/inode.c:159 [inline] gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086 deactivate_locked_super+0xa7/0xf0 fs/super.c:332 vfs_get_super fs/super.c:1190 [inline] get_tree_single+0xd0/0x160 fs/super.c:1207 vfs_get_tree+0x88/0x270 fs/super.c:1531 vfs_fsconfig_locked fs/fsopen.c:232 [inline] The simplest solution is to ensure that gadgetfs_fill_super() and gadgetfs_kill_sb() are serialized by making them both acquire a new mutex.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

debian: CVE-2022-48869 was patched at 2024-08-21

310. Memory Corruption - Linux Kernel (CVE-2022-48872) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() until map->fl->lock is taken in fastrpc_free_map(), another thread can call fastrpc_map_lookup() and get a reference to a map that is about to be deleted. Rewrite fastrpc_map_get() to only increase the reference count of a map if it's non-zero. Propagate this to callers so they can know if a map is about to be deleted. Fixes this warning: refcount_t: addition on 0; use-after-free. WARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate ... Call trace: refcount_warn_saturate [fastrpc_map_get inlined] [fastrpc_map_lookup inlined] fastrpc_map_create fastrpc_internal_invoke fastrpc_device_ioctl __arm64_sys_ioctl invoke_syscall

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

debian: CVE-2022-48872 was patched at 2024-08-21

311. Memory Corruption - Linux Kernel (CVE-2022-48873) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Don't remove map on creater_process and device_release Do not remove the map from the list on error path in fastrpc_init_create_process, instead call fastrpc_map_put, to avoid use-after-free. Do not remove it on fastrpc_device_release either, call fastrpc_map_put instead. The fastrpc_free_map is the only proper place to remove the map. This is called only after the reference count is 0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

debian: CVE-2022-48873 was patched at 2024-08-21

312. Memory Corruption - Linux Kernel (CVE-2022-48874) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free and race in fastrpc_map_find Currently, there is a race window between the point when the mutex is unlocked in fastrpc_map_lookup and the reference count increasing (fastrpc_map_get) in fastrpc_map_find, which can also lead to use-after-free. So lets merge fastrpc_map_find into fastrpc_map_lookup which allows us to both protect the maps list by also taking the &fl->lock spinlock and the reference count, since the spinlock will be released only after. Add take_ref argument to make this suitable for all callers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

debian: CVE-2022-48874 was patched at 2024-08-21

313. Memory Corruption - Linux Kernel (CVE-2022-48878) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Fix driver shutdown on closed serdev The driver shutdown callback (which sends EDL_SOC_RESET to the device over serdev) should not be invoked when HCI device is not open (e.g. if hci_dev_open_sync() failed), because the serdev and its TTY are not open either. Also skip this step if device is powered off (qca_power_shutdown()). The shutdown callback causes use-after-free during system reboot with Qualcomm Atheros Bluetooth: Unable to handle kernel paging request at virtual address 0072662f67726fd7 ... CPU: 6 PID: 1 Comm: systemd-shutdow Tainted: G W 6.1.0-rt5-00325-g8a5f56bcfcca #8 Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT) Call trace: tty_driver_flush_buffer+0x4/0x30 serdev_device_write_flush+0x24/0x34 qca_serdev_shutdown+0x80/0x130 [hci_uart] device_shutdown+0x15c/0x260 kernel_restart+0x48/0xac KASAN report: BUG: KASAN: use-after-free in tty_driver_flush_buffer+0x1c/0x50 Read of size 8 at addr ffff16270c2e0018 by task systemd-shutdow/1 CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted 6.1.0-next-20221220-00014-gb85aaf97fb01-dirty #28 Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT) Call trace: dump_backtrace.part.0+0xdc/0xf0 show_stack+0x18/0x30 dump_stack_lvl+0x68/0x84 print_report+0x188/0x488 kasan_report+0xa4/0xf0 __asan_load8+0x80/0xac tty_driver_flush_buffer+0x1c/0x50 ttyport_write_flush+0x34/0x44 serdev_device_write_flush+0x48/0x60 qca_serdev_shutdown+0x124/0x274 device_shutdown+0x1e8/0x350 kernel_restart+0x48/0xb0 __do_sys_reboot+0x244/0x2d0 __arm64_sys_reboot+0x54/0x70 invoke_syscall+0x60/0x190 el0_svc_common.constprop.0+0x7c/0x160 do_el0_svc+0x44/0xf0 el0_svc+0x2c/0x6c el0t_64_sync_handler+0xbc/0x140 el0t_64_sync+0x190/0x194

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

debian: CVE-2022-48878 was patched at 2024-08-21

314. Memory Corruption - Linux Kernel (CVE-2022-48885) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ice: Fix potential memory leak in ice_gnss_tty_write() The ice_gnss_tty_write() return directly if the write_buf alloc failed, leaking the cmd_buf. Fix by free cmd_buf if write_buf alloc failed.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

debian: CVE-2022-48885 was patched at 2024-08-21

315.