Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-27 | CVE-2024-46863 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_machine_select(). So an empty item in struct snd_soc_acpi_link_adr array is required. | 5.5 |
| 2024-09-27 | CVE-2024-46864 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption commit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") introduces a new cpuhp state for hyperv initialization. cpuhp_setup_state() returns the state number if state is CPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states. For the hyperv case, since a new cpuhp state was introduced it would return 0. | 5.5 |
| 2024-09-27 | CVE-2024-46865 | Use of Uninitialized Resource vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. | 7.1 |
| 2024-09-27 | CVE-2024-46866 | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in show_meminfo() bo_meminfo() wants to inspect bo state like tt and the ttm resource, however this state can change at any point leading to stuff like NPD and UAF, if the bo lock is not held. | 5.5 |
| 2024-09-27 | CVE-2024-46867 | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: fix deadlock in show_meminfo() There is a real deadlock as well as sleeping in atomic() bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. | 5.5 |
| 2024-09-27 | CVE-2024-46868 | Improper Locking vulnerability in Linux Kernel 6.10.2/6.11 In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire() If the __qcuefi pointer is not set, then in the original code, we would hold onto the lock. | 5.5 |
| 2024-09-27 | CVE-2024-9281 | Cross-Site Request Forgery (CSRF) vulnerability in Bg5Sbk Minicms A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. | 4.3 |
| 2024-09-27 | CVE-2024-9282 | Cross-Site Request Forgery (CSRF) vulnerability in Bg5Sbk Minicms A vulnerability was found in bg5sbk MiniCMS 1.11. | 4.3 |
| 2024-09-27 | CVE-2024-8607 | SQL Injection vulnerability in Oceanicsoft Valeapp Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0. | 9.8 |
| 2024-09-27 | CVE-2024-8608 | Cross-site Scripting vulnerability in Oceanicsoft Valeapp Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS.This issue affects ValeApp: before v2.0.0. | 5.4 |