CVE List - 2024 / December
Showing 3101 - 3200 of 3433 CVEs for December 2024 (Page 32 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-56636 | 2024-12-27 | geneve: do not assume mac header is set in geneve_xmit_skb() |
| CVE-2024-56637 | 2024-12-27 | netfilter: ipset: Hold module reference while requesting a module |
| CVE-2024-56638 | 2024-12-27 | netfilter: nft_inner: incorrect percpu area handling under softirq |
| CVE-2024-56639 | 2024-12-27 | net: hsr: must allocate more bytes for RedBox support |
| CVE-2024-56640 | 2024-12-27 | net/smc: fix LGR and link use-after-free issue |
| CVE-2024-56641 | 2024-12-27 | net/smc: initialize close_work early to avoid warning |
| CVE-2024-56642 | 2024-12-27 | tipc: Fix use-after-free of kernel socket in cleanup_bearer(). |
| CVE-2024-56643 | 2024-12-27 | dccp: Fix memory leak in dccp_feat_change_recv |
| CVE-2024-56644 | 2024-12-27 | net/ipv6: release expired exception dst cached in socket |
| CVE-2024-56645 | 2024-12-27 | can: j1939: j1939_session_new(): fix skb reference counting |
| CVE-2024-56646 | 2024-12-27 | ipv6: avoid possible NULL deref in modify_prefix_route() |
| CVE-2024-56647 | 2024-12-27 | net: Fix icmp host relookup triggering ip_rt_bug |
| CVE-2024-56648 | 2024-12-27 | net: hsr: avoid potential out-of-bound access in fill_frame_info() |
| CVE-2024-56649 | 2024-12-27 | net: enetc: Do not configure preemptible TCs if SIs do not support |
| CVE-2024-56650 | 2024-12-27 | netfilter: x_tables: fix LED ID check in led_tg_check() |
| CVE-2024-56651 | 2024-12-27 | can: hi311x: hi3110_can_ist(): fix potential use-after-free |
| CVE-2024-56652 | 2024-12-27 | drm/xe/reg_sr: Remove register pool |
| CVE-2024-56653 | 2024-12-27 | Bluetooth: btmtk: avoid UAF in btmtk_process_coredump |
| CVE-2024-56654 | 2024-12-27 | Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating |
| CVE-2024-56655 | 2024-12-27 | netfilter: nf_tables: do not defer rule destruction via call_rcu |
| CVE-2024-56656 | 2024-12-27 | bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips |
| CVE-2024-56657 | 2024-12-27 | ALSA: control: Avoid WARN() for symlink errors |
| CVE-2024-56658 | 2024-12-27 | net: defer final 'struct net' free in netns dismantle |
| CVE-2024-56659 | 2024-12-27 | net: lapb: increase LAPB_HEADER_LEN |
| CVE-2024-56660 | 2024-12-27 | net/mlx5: DR, prevent potential error pointer dereference |
| CVE-2024-56661 | 2024-12-27 | tipc: fix NULL deref in cleanup_bearer() |
| CVE-2024-56662 | 2024-12-27 | acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl |
| CVE-2024-56663 | 2024-12-27 | wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one |
| CVE-2024-56664 | 2024-12-27 | bpf, sockmap: Fix race between element replace and close() |
| CVE-2024-56665 | 2024-12-27 | bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog |
| CVE-2024-56666 | 2024-12-27 | drm/amdkfd: Dereference null return value |
| CVE-2024-56667 | 2024-12-27 | drm/i915: Fix NULL pointer dereference in capture_engine |
| CVE-2024-56668 | 2024-12-27 | iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain |
| CVE-2024-56669 | 2024-12-27 | iommu/vt-d: Remove cache tags before disabling ATS |
| CVE-2024-56670 | 2024-12-27 | usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer |
| CVE-2024-56671 | 2024-12-27 | gpio: graniterapids: Fix vGPIO driver crash |
| CVE-2024-56672 | 2024-12-27 | blk-cgroup: Fix UAF in blkcg_unpin_online() |
| CVE-2024-56673 | 2024-12-27 | riscv: mm: Do not call pmd dtor on vmemmap page table teardown |
| CVE-2024-56674 | 2024-12-27 | virtio_net: correct netdev_tx_reset_queue() invocation point |
| CVE-2024-56675 | 2024-12-27 | bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors |
| CVE-2024-12986 | 2024-12-27 | DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupptim os command injection |
| CVE-2024-56507 | 2024-12-27 | Reflected Cross-Site Scripting (XSS) Vulnerability in LinkAce |
| CVE-2024-56508 | 2024-12-27 | File Upload Vulnerability Leading to XSS in LinkAce v1.15.5 |
| CVE-2024-56509 | 2024-12-27 | changedetection.io has Improper Input Validation Leading to LFR/Path Traversal |
| CVE-2024-12987 | 2024-12-27 | DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection |
| CVE-2024-12856 | 2024-12-27 | Four-Faith Industrial Router adjust_sys_time OS Command Injection |
| CVE-2024-12988 | 2024-12-27 | Netgear R6900P/R7000P HTTP Header sub_16C4C buffer overflow |
| CVE-2024-12989 | 2024-12-27 | WISI Tangram GT31 HTTP Request server-side request forgery |
| CVE-2024-12990 | 2024-12-27 | ruifang-tech Rebuild Admin Verification Page admin-verify redirect |
| CVE-2024-12991 | 2024-12-27 | Beijing Longda Jushang Technology DBShop商城系统 home-order cross site scripting |
| CVE-2024-56732 | 2024-12-27 | HarfBuzz heap-buffer-overflow on hb_cairo_glyphs_from_buffer |
| CVE-2024-46972 | 2024-12-28 | GPU DDK - Security: Reference count overflow in pvr_sync_rollback_export_fence |
| CVE-2024-46973 | 2024-12-28 | Exploitable kernel use-after-free on psServerMMUContext due to reference count mismanagement |
| CVE-2024-43705 | 2024-12-28 | GPU DDK - Security: Exploitable PVRSRVBridgePhysmemWrapExtMem may lead to overwrite read-only file/memory (e.g. libc.so) |
| CVE-2020-1820 | 2024-12-28 | There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur... |
| CVE-2020-1821 | 2024-12-28 | There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur... |
| CVE-2020-1822 | 2024-12-28 | There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur... |
| CVE-2020-1823 | 2024-12-28 | There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur... |
| CVE-2020-1824 | 2024-12-28 | There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur... |
| CVE-2021-37000 | 2024-12-28 | Some Huawei wearables have a permission management vulnerability. |
| CVE-2021-22484 | 2024-12-28 | Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data. Successful exploitation of this vulnerability may cause a server out of memory (OOM). |
| CVE-2022-48470 | 2024-12-28 | Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291) This vulnerability has been assigned a... |
| CVE-2023-7266 | 2024-12-28 | Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605) This vulnerability has been assigned a (CVE)ID:CVE-2023-7266 |
| CVE-2023-7263 | 2024-12-28 | Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450) This vulnerability has been... |
| CVE-2023-52718 | 2024-12-28 | A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408) This vulnerability has been assigned a (CVE)ID:CVE-2023-52718 |
| CVE-2024-56676 | 2024-12-28 | thermal: testing: Initialize some variables annoteded with _free() |
| CVE-2024-56677 | 2024-12-28 | powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() |
| CVE-2024-56678 | 2024-12-28 | powerpc/mm/fault: Fix kfence page fault reporting |
| CVE-2024-56679 | 2024-12-28 | octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c |
| CVE-2024-56680 | 2024-12-28 | media: intel/ipu6: do not handle interrupts when device is disabled |
| CVE-2024-56681 | 2024-12-28 | crypto: bcm - add error check in the ahash_hmac_init function |
| CVE-2024-56682 | 2024-12-28 | irqchip/riscv-aplic: Prevent crash when MSI domain is missing |
| CVE-2024-56683 | 2024-12-28 | drm/vc4: hdmi: Avoid hang with debug registers when suspended |
| CVE-2024-56684 | 2024-12-28 | mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks() |
| CVE-2024-56685 | 2024-12-28 | ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe |
| CVE-2024-56687 | 2024-12-28 | usb: musb: Fix hardware lockup on first Rx endpoint request |
| CVE-2024-56688 | 2024-12-28 | sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport |
| CVE-2024-56689 | 2024-12-28 | PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio' |
| CVE-2024-56690 | 2024-12-28 | crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY |
| CVE-2024-56691 | 2024-12-28 | mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device |
| CVE-2024-56692 | 2024-12-28 | f2fs: fix to do sanity check on node blkaddr in truncate_node() |
| CVE-2024-56693 | 2024-12-28 | brd: defer automatic disk creation until module initialization succeeds |
| CVE-2024-56694 | 2024-12-28 | bpf: fix recursive lock when verdict program return SK_PASS |
| CVE-2024-56695 | 2024-12-28 | drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()' |
| CVE-2024-56696 | 2024-12-28 | ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc() |
| CVE-2024-56697 | 2024-12-28 | drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info() |
| CVE-2024-56698 | 2024-12-28 | usb: dwc3: gadget: Fix looping of queued SG entries |
| CVE-2024-56699 | 2024-12-28 | s390/pci: Fix potential double remove of hotplug slot |
| CVE-2024-56700 | 2024-12-28 | media: wl128x: Fix atomicity violation in fmc_send_cmd() |
| CVE-2024-56701 | 2024-12-28 | powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore |
| CVE-2024-56702 | 2024-12-28 | bpf: Mark raw_tp arguments with PTR_MAYBE_NULL |
| CVE-2024-56703 | 2024-12-28 | ipv6: Fix soft lockups in fib6_select_path under high next hop churn |
| CVE-2024-56704 | 2024-12-28 | 9p/xen: fix release of IRQ |
| CVE-2024-56705 | 2024-12-28 | media: atomisp: Add check for rgby_data memory allocation failure |
| CVE-2024-56706 | 2024-12-28 | s390/cpum_sf: Fix and protect memory allocation of SDBs with mutex |
| CVE-2024-56707 | 2024-12-28 | octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c |
| CVE-2024-56708 | 2024-12-28 | EDAC/igen6: Avoid segmentation fault on module unload |
| CVE-2024-12994 | 2024-12-28 | running-elephant Datart File Upload import extractModel deserialization |
| CVE-2024-12995 | 2024-12-28 | ruifang-tech Rebuild Project Tasks Section tasks cross site scripting |
| CVE-2024-56512 | 2024-12-28 | Apache NiFi: Missing Complete Authorization for Parameter and Service References |