Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-21 | CVE-2024-49991 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the local variable, the original pointer not set to NULL, this could cause use-after-free bug. | 7.8 |
| 2024-10-21 | CVE-2024-49992 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/stm: Avoid use-after-free issues with crtc and plane ltdc_load() calls functions drm_crtc_init_with_planes(), drm_universal_plane_init() and drm_encoder_init(). | 7.8 |
| 2024-10-21 | CVE-2024-49995 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16) This does seem to be the case so guard against this possibility by using strscpy() and failing if truncation occurs. Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge") Compile tested only. | 7.8 |
| 2024-10-21 | CVE-2024-49996 | Classic Buffer Overflow vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseDataLength. Function cifs_strndup_from_utf16() is currentlly accessing buf->DataBuffer at position after the end of the buffer because it does not subtract InodeType size from the length. | 7.8 |
| 2024-10-21 | CVE-2024-49997 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. | 7.5 |
| 2024-10-21 | CVE-2024-49366 | Path Traversal vulnerability in Nginxui Nginx UI Nginx UI is a web user interface for the Nginx web server. | 7.5 |
| 2024-10-21 | CVE-2024-49367 | Missing Authorization vulnerability in Nginxui Nginx UI Nginx UI is a web user interface for the Nginx web server. | 7.5 |
| 2024-10-21 | CVE-2024-45309 | Path Traversal vulnerability in Onedev Project Onedev OneDev is a Git server with CI/CD, kanban, and packages. | 7.5 |
| 2024-10-21 | CVE-2024-47723 | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: jfs: fix out-of-bounds in dbNextAG() and diAlloc() In dbNextAG() , there is no check for the case where bmp->db_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. | 7.1 |
| 2024-10-21 | CVE-2024-47727 | Improper Check for Unusual or Exceptional Conditions vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. | 7.8 |