Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-05 | CVE-2024-50092 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: netconsole: fix wrong warning A warning is triggered when there is insufficient space in the buffer for userdata. | 3.3 |
| 2024-11-05 | CVE-2024-50093 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: thermal: intel: int340x: processor: Fix warning during module unload The processor_thermal driver uses pcim_device_enable() to enable a PCI device, which means the device will be automatically disabled on driver detach. | 5.5 |
| 2024-11-05 | CVE-2024-50094 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: sfc: Don't invoke xdp_do_flush() from netpoll. Yury reported a crash in the sfc driver originated from netpoll_send_udp(). | 5.5 |
| 2024-11-05 | CVE-2024-50095 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: RDMA/mad: Improve handling of timed out WRs of mad agent Current timeout handler of mad agent acquires/releases mad_agent_priv lock for every timed out WRs. | 5.5 |
| 2024-11-05 | CVE-2024-50096 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error The `nouveau_dmem_copy_one` function ensures that the copy push command is sent to the device firmware but does not track whether it was executed successfully. In the case of a copy error (e.g., firmware or hardware failure), the copy push command will be sent via the firmware channel, and `nouveau_dmem_copy_one` will likely report success, leading to the `migrate_to_ram` function returning a dirty HIGH_USER page to the user. This can result in a security vulnerability, as a HIGH_USER page that may contain sensitive or corrupted data could be returned to the user. To prevent this vulnerability, we allocate a zero page. | 5.5 |
| 2024-11-05 | CVE-2024-50097 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: fec: don't save PTP state if PTP is unsupported Some platforms (such as i.MX25 and i.MX27) do not support PTP, so on these platforms fec_ptp_init() is not called and the related members in fep are not initialized. | 5.5 |
| 2024-11-05 | CVE-2024-9579 | Command Injection vulnerability in HP products A potential vulnerability was discovered in certain Poly video conferencing devices. | 7.5 |
| 2024-11-05 | CVE-2023-29116 | Unspecified vulnerability in Enelx Waybox PRO Firmware Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained. low complexity enelx | 4.3 |
| 2024-11-05 | CVE-2023-29117 | Improper Authentication vulnerability in Enelx Waybox PRO Firmware Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system. | 8.8 |
| 2024-11-05 | CVE-2023-29118 | SQL Injection vulnerability in Enelx Waybox PRO Firmware Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php. | 8.8 |