|
310321
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: mdiobus: fix unbalanced node reference count
I got the following report while doing device(mscc-miim) load test
with CONFIG_…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2022-49016
|
2024-10-25 03:35 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310322
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: hsr: Fix potential use-after-free
The skb is delivered to netif_rx() which may free it, after calling this,
dereferencing sk…
|
CWE-416
Use After Free
|
CVE-2022-49015
|
2024-10-25 03:31 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310323
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: tun: Fix use-after-free in tun_detach()
syzbot reported use-after-free in tun_detach() [1]. This causes call
trace like bel…
|
CWE-416
Use After Free
|
CVE-2022-49014
|
2024-10-25 03:29 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310324
|
- |
|
-
|
-
|
A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: thi…
|
-
|
CVE-2024-46257
|
2024-10-25 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310325
|
7.5 |
HIGH
Network
|
mfasoft
|
secure_authentication_server
|
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows re…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-46937
|
2024-10-25 02:35 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310326
|
7.5 |
HIGH
Network
|
opendaylight
|
authentication\
_authorization_and_accounting
|
An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue con…
|
NVD-CWE-noinfo
|
CVE-2024-46943
|
2024-10-25 02:35 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310327
|
6.7 |
MEDIUM
Local
|
crucial
|
mx500_firmware
|
Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-42642
|
2024-10-25 02:35 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310328
|
- |
|
-
|
-
|
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.
|
-
|
CVE-2024-46256
|
2024-10-25 02:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310329
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream'
This commit adds a null check for 'stream_st…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-49912
|
2024-10-25 02:10 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310330
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe
This commit addresses a null pointer dereference …
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-49914
|
2024-10-25 02:09 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
