Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-17 | CVE-2024-43841 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_not_found). The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even if the SSID is different from the one virt_wifi has advertised. Eventually cfg80211 won't be able to find the cfg80211_bss and generate the warning. Fixed it by checking the SSID (from user space) in the connection code. | 3.3 |
| 2024-08-17 | CVE-2024-43845 | Use of Uninitialized Resource vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updating checksum of '..' directory entry of a moved directory. | 3.3 |
| 2024-08-14 | CVE-2024-24973 | Unspecified vulnerability in Intel Distribution for GDB and Oneapi Base Toolkit Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access. | 3.3 |
| 2024-08-13 | CVE-2024-41938 | Path Traversal vulnerability in Siemens Sinec NMS 1.0/1.0.3/2.0 A vulnerability has been identified in SINEC NMS (All versions < V3.0). | 3.8 |
| 2024-08-12 | CVE-2024-7706 | Unrestricted Upload of File with Dangerous Type vulnerability in Mainwww Mwcms 1.0.0 A vulnerability was found in Fujian mwcms 1.0.0. | 2.7 |
| 2024-08-12 | CVE-2024-6692 | The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. network high complexity | 3.3 |
| 2024-08-08 | CVE-2024-42408 | Path Traversal vulnerability in Dorsettcontrols Infoscan 1.32/1.33/1.35 The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure. | 3.7 |
| 2024-08-07 | CVE-2024-42233 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: filemap: replace pte_offset_map() with pte_offset_map_nolock() The vmf->ptl in filemap_fault_recheck_pte_none() is still set from handle_pte_fault(). | 3.3 |
| 2024-08-07 | CVE-2024-42249 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: spi: don't unoptimize message in spi_async() Calling spi_maybe_unoptimize_message() in spi_async() is wrong because the message is likely to be in the queue and not transferred yet. | 3.3 |
| 2024-08-07 | CVE-2024-34617 | Incorrect Default Permissions vulnerability in Samsung Android 14.0 Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application. | 3.3 |