In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-11
Updated
2024-02-11
qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-11
Updated
2024-02-11
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-11
Updated
2024-02-11
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-11
Updated
2024-02-11
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-09
Updated
2024-02-12
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-09
Updated
2024-02-12
Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-09
Updated
2024-02-12
Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-09
Updated
2024-02-12
Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-09
Updated
2024-02-12
Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function.
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-02-09
Updated
2024-02-12
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.
Max CVSS
8.8
EPSS Score
0.06%
Published
2024-02-11
Updated
2024-02-12
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.
Max CVSS
8.8
EPSS Score
0.06%
Published
2024-02-11
Updated
2024-02-12
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php.
Max CVSS
8.8
EPSS Score
0.06%
Published
2024-02-11
Updated
2024-02-12
A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.
Max CVSS
8.8
EPSS Score
0.09%
Published
2024-02-09
Updated
2024-02-12
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-09
Updated
2024-02-12
Toggle Search Form
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!