Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2024-08-22 CVE-2022-48939 Excessive Iteration vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcu_barrier Nothing prevents batch ops to process huge amount of data, we need to add schedule points in them. Note that maybe_wait_bpf_programs(map) calls from generic_map_delete_batch() can be factorized by moving the call after the loop. This will be done later in -next tree once we get this fix merged, unless there is strong opinion doing this optimization sooner.
local
low complexity
linux CWE-834
3.3
2024-08-19 CVE-2024-43379 Server-Side Request Forgery (SSRF) vulnerability in Trufflesecurity Trufflehog
TruffleHog is a secrets scanning tool.
network
high complexity
trufflesecurity CWE-918
3.1
2024-08-17 CVE-2024-43841 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_not_found). The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even if the SSID is different from the one virt_wifi has advertised. Eventually cfg80211 won't be able to find the cfg80211_bss and generate the warning. Fixed it by checking the SSID (from user space) in the connection code.
local
low complexity
linux
3.3
2024-08-17 CVE-2024-43845 Use of Uninitialized Resource vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updating checksum of '..' directory entry of a moved directory.
local
low complexity
linux CWE-908
3.3
2024-08-14 CVE-2024-24973 Unspecified vulnerability in Intel Distribution for GDB and Oneapi Base Toolkit
Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.
local
low complexity
intel
3.3
2024-08-13 CVE-2024-41938 Path Traversal vulnerability in Siemens Sinec NMS 1.0/1.0.3/2.0
A vulnerability has been identified in SINEC NMS (All versions < V3.0).
network
low complexity
siemens CWE-22
3.8
2024-08-12 CVE-2024-7706 Unrestricted Upload of File with Dangerous Type vulnerability in Mainwww Mwcms 1.0.0
A vulnerability was found in Fujian mwcms 1.0.0.
network
low complexity
mainwww CWE-434
2.7
2024-08-12 CVE-2024-22123 Code Injection vulnerability in Zabbix
Setting SMS media allows to set GSM modem file.
network
low complexity
zabbix CWE-94
2.7
2024-08-12 CVE-2024-6692 The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping.
network
high complexity
3.3
2024-08-08 CVE-2024-42408 Path Traversal vulnerability in Dorsettcontrols Infoscan 1.32/1.33/1.35
The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure.
network
high complexity
dorsettcontrols CWE-22
3.7