Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-15 | CVE-2024-41007 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4. | 3.3 |
| 2024-07-12 | CVE-2023-41093 | Use After Free vulnerability in Silabs Bluetooth LOW Energy Software Development KIT Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0. | 3.1 |
| 2024-07-11 | CVE-2024-2880 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members. | 2.7 |
| 2024-07-11 | CVE-2024-5257 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace. | 2.7 |
| 2024-07-11 | CVE-2024-5470 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens. | 2.7 |
| 2024-07-09 | CVE-2024-28067 | Unspecified vulnerability in Samsung Exynos Modem 5300 Firmware A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the victim in plaintext. | 3.7 |
| 2024-07-03 | CVE-2024-29508 | Unspecified vulnerability in Artifex Ghostscript Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. | 3.3 |
| 2024-07-03 | CVE-2024-39353 | Unspecified vulnerability in Mattermost Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents. | 2.7 |
| 2024-07-02 | CVE-2024-39324 | Incorrect Authorization vulnerability in Aimeos Ai-Admin-Graphql aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. | 3.8 |
| 2024-07-02 | CVE-2024-20900 | Improper Authentication vulnerability in Samsung Android 12.0/13.0/14.0 Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication. | 3.3 |