CVE List - 2024 / May
Showing 101 - 200 of 4994 CVEs for May 2024 (Page 2 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-26989 | 2024-05-01 | arm64: hibernate: Fix level3 translation fault in swsusp_save() |
| CVE-2024-26990 | 2024-05-01 | KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status |
| CVE-2024-26991 | 2024-05-01 | KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes |
| CVE-2024-26992 | 2024-05-01 | KVM: x86/pmu: Disable support for adaptive PEBS |
| CVE-2024-26993 | 2024-05-01 | fs: sysfs: Fix reference leak in sysfs_break_active_protection() |
| CVE-2024-26994 | 2024-05-01 | speakup: Avoid crash on very long word |
| CVE-2024-26995 | 2024-05-01 | usb: typec: tcpm: Correct the PDO counting in pd_set |
| CVE-2024-26996 | 2024-05-01 | usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error |
| CVE-2024-26997 | 2024-05-01 | usb: dwc2: host: Fix dereference issue in DDMA completion flow. |
| CVE-2024-26998 | 2024-05-01 | serial: core: Clearing the circular buffer before NULLifying it |
| CVE-2024-26999 | 2024-05-01 | serial/pmac_zilog: Remove flawed mitigation for rx irq flood |
| CVE-2024-27000 | 2024-05-01 | serial: mxs-auart: add spinlock around changing cts state |
| CVE-2024-27001 | 2024-05-01 | comedi: vmk80xx: fix incomplete endpoint checking |
| CVE-2024-27002 | 2024-05-01 | clk: mediatek: Do a runtime PM get on controllers during probe |
| CVE-2024-27003 | 2024-05-01 | clk: Get runtime PM before walking tree for clk_summary |
| CVE-2024-27004 | 2024-05-01 | clk: Get runtime PM before walking tree during disable_unused |
| CVE-2024-27005 | 2024-05-01 | interconnect: Don't access req_list while it's being manipulated |
| CVE-2024-27006 | 2024-05-01 | thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up() |
| CVE-2024-27007 | 2024-05-01 | userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE |
| CVE-2024-27008 | 2024-05-01 | drm: nv04: Fix out of bounds access |
| CVE-2024-27009 | 2024-05-01 | s390/cio: fix race condition during online processing |
| CVE-2024-27010 | 2024-05-01 | net/sched: Fix mirred deadlock on device recursion |
| CVE-2024-27011 | 2024-05-01 | netfilter: nf_tables: fix memleak in map from abort path |
| CVE-2024-27012 | 2024-05-01 | netfilter: nf_tables: restore set elements when delete set fails |
| CVE-2024-27013 | 2024-05-01 | tun: limit printing rate when illegal packet received by tun dev |
| CVE-2024-27014 | 2024-05-01 | net/mlx5e: Prevent deadlock while disabling aRFS |
| CVE-2024-27015 | 2024-05-01 | netfilter: flowtable: incorrect pppoe tuple |
| CVE-2024-27016 | 2024-05-01 | netfilter: flowtable: validate pppoe header |
| CVE-2024-27017 | 2024-05-01 | netfilter: nft_set_pipapo: walk over current view on netlink dump |
| CVE-2024-27018 | 2024-05-01 | netfilter: br_netfilter: skip conntrack input hook for promisc packets |
| CVE-2024-27019 | 2024-05-01 | netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() |
| CVE-2024-27020 | 2024-05-01 | netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() |
| CVE-2024-27021 | 2024-05-01 | r8169: fix LED-related deadlock on module removal |
| CVE-2024-27022 | 2024-05-01 | fork: defer linking file vma until vma is fully initialized |
| CVE-2024-32966 | 2024-05-01 | Stored Cross-site Scripting in directory listings via file names in static-web-server |
| CVE-2024-3591 | 2024-05-01 | WordPress Geo Controller < 8.6.5 - PHP Object Injection |
| CVE-2024-31225 | 2024-05-01 | Lack of size check and buffer overflow in RIOT |
| CVE-2024-32017 | 2024-05-01 | Buffer overflows in RIOT |
| CVE-2024-32018 | 2024-05-01 | Ineffective size check due to assert() and buffer overflow in RIOT |
| CVE-2024-23336 | 2024-05-01 | Incomplete disallowed remote addresses list in MyBB |
| CVE-2024-23335 | 2024-05-01 | Backups directory .htaccess deletion in. MyBB |
| CVE-2024-32890 | 2024-05-01 | Stored Cross-site Scripting in results JSON API in librespeed/speedtest |
| CVE-2024-32963 | 2024-05-01 | Parameter Tampering vulnerability in Navidrome |
| CVE-2024-32967 | 2024-05-01 | Zitadel exposes internal database user name and host information |
| CVE-2024-32973 | 2024-05-01 | Remote for TLS session may be trusted despite constraints in Pluto lang |
| CVE-2024-32984 | 2024-05-01 | Yamux Memory Exhaustion Vulnerability via Active::pending_frames property |
| CVE-2024-32979 | 2024-05-01 | Reflected Cross-site Scripting potential in all object list views in Nautobot |
| CVE-2024-0334 | 2024-05-01 | The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attribute of a link in several Elementor widgets in all versions up to, and... |
| CVE-2022-38386 | 2024-05-01 | IBM Cloud Pak for Security information disclosure |
| CVE-2024-4058 | 2024-05-01 | Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) |
| CVE-2024-4059 | 2024-05-01 | Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-4060 | 2024-05-01 | Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-27023 | 2024-05-01 | md: Fix missing release of 'active_io' for flush |
| CVE-2024-27024 | 2024-05-01 | net/rds: fix WARNING in rds_conn_connect_if_down |
| CVE-2024-27025 | 2024-05-01 | nbd: null check for nla_nest_start |
| CVE-2024-27026 | 2024-05-01 | vmxnet3: Fix missing reserved tailroom |
| CVE-2024-27027 | 2024-05-01 | dpll: fix dpll_xa_ref_*_del() for multiple registrations |
| CVE-2024-4331 | 2024-05-01 | Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2024-4368 | 2024-05-01 | Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-31412 | 2024-05-01 | Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed. |
| CVE-2023-52649 | 2024-05-01 | drm/vkms: Avoid reading beyond LUT array |
| CVE-2023-52650 | 2024-05-01 | drm/tegra: dsi: Add missing check for of_find_device_by_node |
| CVE-2024-27028 | 2024-05-01 | spi: spi-mt65xx: Fix NULL pointer access in interrupt handler |
| CVE-2024-27029 | 2024-05-01 | drm/amdgpu: fix mmhub client id out-of-bounds access |
| CVE-2024-27030 | 2024-05-01 | octeontx2-af: Use separate handlers for interrupts |
| CVE-2024-27031 | 2024-05-01 | NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt |
| CVE-2024-27032 | 2024-05-01 | f2fs: fix to avoid potential panic during recovery |
| CVE-2024-27033 | 2024-05-01 | f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic |
| CVE-2024-27034 | 2024-05-01 | f2fs: compress: fix to cover normal cluster write with cp_rwsem |
| CVE-2024-27035 | 2024-05-01 | f2fs: compress: fix to guarantee persisting compressed blocks by CP |
| CVE-2024-27036 | 2024-05-01 | cifs: Fix writeback data corruption |
| CVE-2024-27037 | 2024-05-01 | clk: zynq: Prevent null pointer dereference caused by kmalloc failure |
| CVE-2024-27038 | 2024-05-01 | clk: Fix clk_core_get NULL dereference |
| CVE-2024-27039 | 2024-05-01 | clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() |
| CVE-2024-27040 | 2024-05-01 | drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' |
| CVE-2024-27041 | 2024-05-01 | drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() |
| CVE-2024-27042 | 2024-05-01 | drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' |
| CVE-2024-27043 | 2024-05-01 | media: edia: dvbdev: fix a use-after-free |
| CVE-2024-27044 | 2024-05-01 | drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' |
| CVE-2024-31413 | 2024-05-01 | Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through... |
| CVE-2024-27045 | 2024-05-01 | drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' |
| CVE-2024-27046 | 2024-05-01 | nfp: flower: handle acti_netdevs allocation failure |
| CVE-2024-27047 | 2024-05-01 | net: phy: fix phy_get_internal_delay accessing an empty array |
| CVE-2024-27048 | 2024-05-01 | wifi: brcm80211: handle pmk_op allocation failure |
| CVE-2024-27049 | 2024-05-01 | wifi: mt76: mt7925e: fix use-after-free in free_irq() |
| CVE-2024-27050 | 2024-05-01 | libbpf: Use OPTS_SET() macro in bpf_xdp_query() |
| CVE-2024-27051 | 2024-05-01 | cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value |
| CVE-2024-27052 | 2024-05-01 | wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work |
| CVE-2024-27053 | 2024-05-01 | wifi: wilc1000: fix RCU usage in connect path |
| CVE-2024-27054 | 2024-05-01 | s390/dasd: fix double module refcount decrement |
| CVE-2024-27056 | 2024-05-01 | wifi: iwlwifi: mvm: ensure offloading TID queue exists |
| CVE-2024-27057 | 2024-05-01 | ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend |
| CVE-2024-28775 | 2024-05-01 | IBM WebSphere Automation cross-site scripting |
| CVE-2024-23597 | 2024-05-01 | Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was... |
| CVE-2024-27058 | 2024-05-01 | tmpfs: fix race on handling dquot rbtree |
| CVE-2024-27059 | 2024-05-01 | USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command |
| CVE-2024-27060 | 2024-05-01 | thunderbolt: Fix NULL pointer dereference in tb_port_update_credits() |
| CVE-2024-27061 | 2024-05-01 | crypto: sun8i-ce - Fix use after free in unprepare |
| CVE-2024-27062 | 2024-05-01 | nouveau: lock the client object tree. |
| CVE-2024-27063 | 2024-05-01 | leds: trigger: netdev: Fix kernel panic on interface rename trig notify |