Vulnerabilities > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-22 | CVE-2022-48939 | Excessive Iteration vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcu_barrier Nothing prevents batch ops to process huge amount of data, we need to add schedule points in them. Note that maybe_wait_bpf_programs(map) calls from generic_map_delete_batch() can be factorized by moving the call after the loop. This will be done later in -next tree once we get this fix merged, unless there is strong opinion doing this optimization sooner. | 3.3 |
2024-08-19 | CVE-2024-43379 | Server-Side Request Forgery (SSRF) vulnerability in Trufflesecurity Trufflehog TruffleHog is a secrets scanning tool. | 3.1 |
2024-08-17 | CVE-2024-43841 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_not_found). The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even if the SSID is different from the one virt_wifi has advertised. Eventually cfg80211 won't be able to find the cfg80211_bss and generate the warning. Fixed it by checking the SSID (from user space) in the connection code. | 3.3 |
2024-08-17 | CVE-2024-43845 | Use of Uninitialized Resource vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updating checksum of '..' directory entry of a moved directory. | 3.3 |
2024-08-14 | CVE-2024-24973 | Unspecified vulnerability in Intel Distribution for GDB and Oneapi Base Toolkit Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access. | 3.3 |
2024-08-13 | CVE-2024-41938 | Path Traversal vulnerability in Siemens Sinec NMS 1.0/1.0.3/2.0 A vulnerability has been identified in SINEC NMS (All versions < V3.0). | 3.8 |
2024-08-12 | CVE-2024-7706 | Unrestricted Upload of File with Dangerous Type vulnerability in Mainwww Mwcms 1.0.0 A vulnerability was found in Fujian mwcms 1.0.0. | 2.7 |
2024-08-12 | CVE-2024-22123 | Code Injection vulnerability in Zabbix Setting SMS media allows to set GSM modem file. | 2.7 |
2024-08-12 | CVE-2024-6692 | The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. network high complexity | 3.3 |
2024-08-08 | CVE-2024-42408 | Path Traversal vulnerability in Dorsettcontrols Infoscan 1.32/1.33/1.35 The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure. | 3.7 |