Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-21 CVE-2024-45309 Path Traversal vulnerability in Onedev Project Onedev
OneDev is a Git server with CI/CD, kanban, and packages.
network
low complexity
onedev-project CWE-22
7.5
2024-10-21 CVE-2024-8305 Unspecified vulnerability in Mongodb
prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries.
network
low complexity
mongodb
6.5
2024-10-21 CVE-2023-52917 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() The debugfs_create_dir() function returns error pointers. It never returns NULL.
local
low complexity
linux
5.5
2024-10-21 CVE-2024-47723 Out-of-bounds Read vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: jfs: fix out-of-bounds in dbNextAG() and diAlloc() In dbNextAG() , there is no check for the case where bmp->db_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds.
local
low complexity
linux CWE-125
7.1
2024-10-21 CVE-2024-47724 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: use work queue to process beacon tx event Commit 3a415daa3e8b ("wifi: ath11k: add P2P IE in beacon template") from Feb 28, 2024 (linux-next), leads to the following Smatch static checker warning: drivers/net/wireless/ath/ath11k/wmi.c:1742 ath11k_wmi_p2p_go_bcn_ie() warn: sleeping in atomic context The reason is that ath11k_bcn_tx_status_event() will directly call might sleep function ath11k_wmi_cmd_send() during RCU read-side critical sections.
local
low complexity
linux
5.5
2024-10-21 CVE-2024-47726 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode.
network
low complexity
linux
6.5
2024-10-21 CVE-2024-47727 Improper Check for Unusual or Exceptional Conditions vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations.
local
low complexity
linux CWE-754
7.8
2024-10-21 CVE-2024-47728 Incomplete Cleanup vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error For all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input arguments, zero the value for the case of an error as otherwise it could leak memory.
local
low complexity
linux CWE-459
5.5
2024-10-21 CVE-2024-47729 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use reserved copy engine for user binds on faulting devices User binds map to engines with can fault, faults depend on user binds completion, thus we can deadlock.
local
low complexity
linux
5.5
2024-10-21 CVE-2024-47730 Use After Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core reports memory error.
local
low complexity
linux CWE-416
7.8