Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-29 | CVE-2024-41066 | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: tx_buff[free_map[consumer_index]]->skb = new_skb; free_map[consumer_index] = IBMVNIC_INVALID_MAP; consumer_index ++; Where variable data looks like this: free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3] consumer_index^ tx_buff == [skb=null, skb=<ptr>, skb=<ptr>, skb=null, skb=null] The driver has checks to ensure that free_map[consumer_index] pointed to a valid index but there was no check to ensure that this index pointed to an unused/null skb address. | 5.5 |
| 2024-07-29 | CVE-2024-41076 | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4_set_security_label We leak nfs_fattr and nfs4_label every time we set a security xattr. | 5.5 |
| 2024-07-29 | CVE-2024-41080 | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: io_uring: fix possible deadlock in io_register_iowq_max_workers() The io_register_iowq_max_workers() function calls io_put_sq_data(), which acquires the sqd->lock without releasing the uring_lock. Similar to the commit 009ad9f0c6ee ("io_uring: drop ctx->uring_lock before acquiring sqd->lock"), this can lead to a potential deadlock situation. To resolve this issue, the uring_lock is released before calling io_put_sq_data(), and then it is re-acquired after the function call. This change ensures that the locks are acquired in the correct order, preventing the possibility of a deadlock. | 5.5 |
| 2024-07-29 | CVE-2024-41676 | Cross-site Scripting vulnerability in Openmage Magento Magento-lts is a long-term support alternative to Magento Community Edition (CE). | 4.8 |
| 2024-07-29 | CVE-2024-6124 | Cross-site Scripting vulnerability in M-Files Hubshare 3.3.10.9/3.3.11.3 Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session | 5.4 |
| 2024-07-29 | CVE-2024-6881 | Cross-site Scripting vulnerability in M-Files Hubshare 3.3.10.9/3.3.11.3 Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session | 5.4 |
| 2024-07-29 | CVE-2024-7200 | Cross-site Scripting vulnerability in Oretnom23 Complaints Report Management System 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester Complaints Report Management System 1.0. | 5.4 |
| 2024-07-28 | CVE-2024-7163 | Cross-site Scripting vulnerability in Seacms 12.9 A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. | 6.1 |
| 2024-07-28 | CVE-2024-7161 | Cross-Site Request Forgery (CSRF) vulnerability in Seacms 13.0 A vulnerability classified as problematic was found in SeaCMS 13.0. | 6.5 |
| 2024-07-28 | CVE-2024-7162 | Cross-site Scripting vulnerability in Seacms 12.9/13.0 A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. | 5.4 |