Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-26 | CVE-2017-15832 | Out-of-bounds Write vulnerability in Qualcomm products Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW | 7.8 |
| 2024-11-26 | CVE-2017-18153 | Use After Free vulnerability in Qualcomm products A race condition exists in a driver potentially leading to a use-after-free condition. | 7.0 |
| 2024-11-26 | CVE-2018-11952 | Improper Authentication vulnerability in Qualcomm products An image with a version lower than the fuse version may potentially be booted lead to improper authentication. | 7.8 |
| 2024-11-26 | CVE-2024-49597 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. | 7.2 |
| 2024-11-26 | CVE-2024-11674 | Unrestricted Upload of File with Dangerous Type vulnerability in Hospital Management System Project Hospital Management System 1.0 A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. | 8.8 |
| 2024-11-25 | CVE-2024-53096 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmap_region() error path behaviour The mmap_region() function is somewhat terrifying, with spaghetti-like control flow and numerous means by which issues can arise and incomplete state, memory leaks and other unpleasantness can occur. A large amount of the complexity arises from trying to handle errors late in the process of mapping a VMA, which forms the basis of recently observed issues with resource leaks and observable inconsistent state. Taking advantage of previous patches in this series we move a number of checks earlier in the code, simplifying things by moving the core of the logic into a static internal function __mmap_region(). Doing this allows us to perform a number of checks up front before we do any real work, and allows us to unwind the writable unmap check unconditionally as required and to perform a CONFIG_DEBUG_VM_MAPLE_TREE validation unconditionally also. We move a number of things here: 1. | 7.8 |
| 2024-11-25 | CVE-2024-53098 | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address access_ok() only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. (cherry picked from commit 9408c4508483ffc60811e910a93d6425b8e63928) | 7.8 |
| 2024-11-25 | CVE-2024-53099 | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: bpf: Check validity of link->type in bpf_link_show_fdinfo() If a newly-added link type doesn't invoke BPF_LINK_TYPE(), accessing bpf_link_type_strs[link->type] may result in an out-of-bounds access. To spot such missed invocations early in the future, checking the validity of link->type in bpf_link_show_fdinfo() and emitting a warning when such invocations are missed. | 7.1 |
| 2024-11-25 | CVE-2024-27134 | Unspecified vulnerability in Lfprojects Mlflow Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. | 7.0 |
| 2024-11-25 | CVE-2024-11659 | Command Injection vulnerability in Engeniustech products A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. | 7.2 |