VYPR

CVEs

100,472 total · page 646 of 2,010

  • CVE-2024-41074HigJul 29, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set object to close if ondemand_id < 0 in copen If copen is maliciously called in the user mode, it may delete the request corresponding to the random id. And the request may have not been read…

  • CVE-2024-41073HigJul 29, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. Clear the RQF_SPECIAL_LOAD when the…

  • CVE-2024-41070HigJul 29, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Al reported a possible use-after-free (UAF) in kvm_spapr_tce_attach_iommu_group(). It looks up `stt` from tablefd, but then continues to…

  • CVE-2024-41069HigJul 29, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ASoC: topology: Fix references to freed memory Most users after parsing a topology file, release memory used by it, so having pointer references directly into topology file contents is wrong. Use…

  • CVE-2024-41061HigJul 29, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport [Why] Potential out of bounds access in dml2_calculate_rq_and_dlg_params() because the value of out_lowest_state_idx used as an index…

  • CVE-2024-41059HigJul 29, 2024
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 …

  • CVE-2024-41058HigJul 29, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN:…

  • CVE-2024-41057HigJul 29, 2024
    risk 0.39cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following issue in our fault injection stress test: ================================================================== BUG:…

  • CVE-2024-41051HigJul 29, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: cachefiles: wait for ondemand_object_worker to finish when dropping object When queuing ondemand_object_worker() to re-open the object, cachefiles_object is not pinned. The cachefiles_object may be freed when…

  • CVE-2024-41050HigJul 29, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: cachefiles: cyclic allocation of msg_id to avoid reuse Reusing the msg_id after a maliciously completed reopen request may cause a read request to remain unprocessed and result in a hung, as shown below: …

  • CVE-2024-41049HigJul 29, 2024
    risk 0.39cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was…

  • CVE-2024-41046HigJul 29, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix double free in detach The number of the currently released descriptor is never incremented which results in the same skb being released multiple times.

  • CVE-2024-41045HigJul 29, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bpf: Defer work in bpf_timer_cancel_and_free Currently, the same case as previous patch (two timer callbacks trying to cancel each other) can be invoked through bpf_map_update_elem as well, or more precisely,…

  • CVE-2024-41042HigJul 29, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prefer nft_chain_validate nft_chain_validate already performs loop detection because a cycle will result in a call stack overflow (ctx->level >= NFT_JUMP_STACK_SIZE). It also follows…

  • CVE-2024-41040HigJul 29, 2024
    risk 0.39cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct] Read of size 1 at addr ffff888c07603600 by…

  • CVE-2024-41039HigJul 29, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the…

  • CVE-2024-41028HigJul 29, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_acpi: Fix array out-of-bounds access In order to use toshiba_dmi_quirks[] together with the standard DMI matching functions, it must be terminated by a empty entry. Since this entry is…

  • CVE-2024-6984HigJul 29, 2024
    risk 0.00cvss 8.8epss 0.00

    An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.

  • CVE-2024-6576HigJul 29, 2024
    risk 0.48cvss 7.3epss 0.01

    Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3.

  • CVE-2024-7196HigJul 29, 2024
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql…

  • CVE-2024-41881HigJul 29, 2024
    risk 0.50cvss 8.8epss 0.01

    SDoP versions prior to 1.11 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted XML file, arbitrary code may be executed on…

  • CVE-2024-41726HigJul 29, 2024
    risk 0.49cvss 7.5epss 0.01

    Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary executable file may be executed by a user who can log in to the PC where the product's Windows client is installed.

  • CVE-2024-41143HigJul 29, 2024
    risk 0.51cvss 7.8epss 0.00

    Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed.

  • CVE-2024-41139HigJul 29, 2024
    risk 0.51cvss 7.8epss 0.00

    Incorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210.04e. If a user who can log in to the PC where the product's Windows client is installed places a specially crafted DLL file in a specific folder, arbitrary code may be executed…

  • CVE-2024-7188HigJul 29, 2024
    risk 0.48cvss 7.3epss 0.07

    A vulnerability was found in Bylancer Quicklancer 2.4. It has been rated as critical. This issue affects some unknown processing of the file /listing of the component GET Parameter Handler. The manipulation of the argument range2 leads to sql injection. The attack may be…

  • CVE-2024-7187HigJul 29, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be…

  • CVE-2024-41091HigJul 29, 2024
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tun_xdp_one() path, which could cause a corrupted skb to be sent downstack. Even…

  • CVE-2024-41090HigJul 29, 2024
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack.…

  • CVE-2024-41014HigJul 29, 2024
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed members of xlog_op_header in the xlog_recover_process_data. We can create a crafted image…

  • CVE-2024-41013HigJul 29, 2024
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry to make sure don't stray beyond valid memory region. Before patching, the loop…

  • CVE-2024-7186HigJul 29, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. This affects the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate…

  • CVE-2024-7185HigJul 29, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this issue is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument webWlanIdx leads to buffer overflow. The attack may be launched…

  • CVE-2024-5882HigJul 29, 2024
    risk 0.49cvss 7.5epss 0.01

    The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the listings page

  • CVE-2024-41637HigJul 29, 2024
    risk 0.47cvss 8.3epss 0.01

    RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password.

  • CVE-2024-37381HigJul 29, 2024
    risk 0.52cvss 8.0epss 0.03

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.

  • CVE-2024-7184HigJul 29, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to buffer overflow. The attack can…

  • CVE-2024-7183HigJul 29, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the…

  • CVE-2024-7182HigJul 29, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack may be…

  • CVE-2024-7180HigJul 29, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setPortForwardRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the…

  • CVE-2024-7179HigJul 29, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument startTime/endTime leads to buffer overflow. The attack…

  • CVE-2024-7178HigJul 29, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. Affected by this vulnerability is the function setMacQos of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument priority/macAddress leads to buffer overflow. The…

  • CVE-2024-7177HigJul 29, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. Affected is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to buffer overflow. It is possible to launch the…

  • CVE-2024-7176HigJul 29, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This issue affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. The attack may be initiated…

  • CVE-2024-7174HigJul 29, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setdeviceName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument deviceMac/deviceName leads to buffer overflow. It is possible to…

  • CVE-2024-7173HigJul 29, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password/http_host leads to buffer overflow. The…

  • CVE-2024-7172HigJul 28, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this vulnerability is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. The…

  • CVE-2024-7164HigJul 28, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability has been found in SourceCodester School Fees Payment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated…

  • CVE-2024-7157HigJul 28, 2024
    risk 0.58cvss 8.8epss 0.07

    A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is…

  • CVE-2024-42053HigJul 28, 2024
    risk 0.51cvss 7.8epss 0.00

    The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder.

  • CVE-2024-42052HigJul 28, 2024
    risk 0.51cvss 7.8epss 0.00

    The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder.