Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-19 | CVE-2024-43379 | Server-Side Request Forgery (SSRF) vulnerability in Trufflesecurity Trufflehog TruffleHog is a secrets scanning tool. | 3.1 |
| 2024-08-17 | CVE-2024-43841 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_not_found). The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even if the SSID is different from the one virt_wifi has advertised. Eventually cfg80211 won't be able to find the cfg80211_bss and generate the warning. Fixed it by checking the SSID (from user space) in the connection code. | 3.3 |
| 2024-08-17 | CVE-2024-43845 | Use of Uninitialized Resource vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updating checksum of '..' directory entry of a moved directory. | 3.3 |
| 2024-08-14 | CVE-2024-24973 | Unspecified vulnerability in Intel Distribution for GDB and Oneapi Base Toolkit Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access. | 3.3 |
| 2024-08-13 | CVE-2024-41938 | Path Traversal vulnerability in Siemens Sinec NMS 1.0/1.0.3/2.0 A vulnerability has been identified in SINEC NMS (All versions < V3.0). | 3.8 |
| 2024-08-12 | CVE-2024-7706 | Unrestricted Upload of File with Dangerous Type vulnerability in Mainwww Mwcms 1.0.0 A vulnerability was found in Fujian mwcms 1.0.0. | 2.7 |
| 2024-08-12 | CVE-2024-22123 | Code Injection vulnerability in Zabbix Setting SMS media allows to set GSM modem file. | 2.7 |
| 2024-08-12 | CVE-2024-6692 | Cross-site Scripting vulnerability in Awesomemotive Easy Digital Downloads The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. | 3.1 |
| 2024-08-08 | CVE-2024-42408 | Path Traversal vulnerability in Dorsettcontrols Infoscan 1.32/1.33/1.35 The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure. | 3.7 |
| 2024-08-07 | CVE-2024-42233 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: filemap: replace pte_offset_map() with pte_offset_map_nolock() The vmf->ptl in filemap_fault_recheck_pte_none() is still set from handle_pte_fault(). | 3.3 |