Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-05 | CVE-2024-50096 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error The `nouveau_dmem_copy_one` function ensures that the copy push command is sent to the device firmware but does not track whether it was executed successfully. In the case of a copy error (e.g., firmware or hardware failure), the copy push command will be sent via the firmware channel, and `nouveau_dmem_copy_one` will likely report success, leading to the `migrate_to_ram` function returning a dirty HIGH_USER page to the user. This can result in a security vulnerability, as a HIGH_USER page that may contain sensitive or corrupted data could be returned to the user. To prevent this vulnerability, we allocate a zero page. | 5.5 |
| 2024-11-05 | CVE-2024-50097 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: fec: don't save PTP state if PTP is unsupported Some platforms (such as i.MX25 and i.MX27) do not support PTP, so on these platforms fec_ptp_init() is not called and the related members in fep are not initialized. | 5.5 |
| 2024-11-05 | CVE-2024-9579 | Command Injection vulnerability in HP products A potential vulnerability was discovered in certain Poly video conferencing devices. | 7.5 |
| 2024-11-05 | CVE-2023-29116 | Unspecified vulnerability in Enelx Waybox PRO Firmware Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained. low complexity enelx | 4.3 |
| 2024-11-05 | CVE-2023-29117 | Improper Authentication vulnerability in Enelx Waybox PRO Firmware Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system. | 8.8 |
| 2024-11-05 | CVE-2023-29118 | SQL Injection vulnerability in Enelx Waybox PRO Firmware Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php. | 8.8 |
| 2024-11-05 | CVE-2023-29119 | SQL Injection vulnerability in Enelx Waybox PRO Firmware Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php. | 8.8 |
| 2024-11-05 | CVE-2023-29120 | OS Command Injection vulnerability in Enelx Waybox PRO Firmware Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system. | 8.8 |
| 2024-11-05 | CVE-2023-29121 | Unspecified vulnerability in Enelx Waybox PRO Firmware Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system. low complexity enelx | 8.8 |
| 2024-11-05 | CVE-2023-29125 | Out-of-bounds Write vulnerability in Enelx Waybox PRO Firmware A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700. | 8.0 |