CVE Daily
← All years

Uncategorized 2025

Page 22/22.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2025-01-11
Low

CVE-2024-49568

In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg When receiving proposal msg in server, the fields v2…

CVSS: N/ACWE: N/A
Read more
Low

CVE-2024-48876

In the Linux kernel, the following vulnerability has been resolved: stackdepot: fix stack_depot_save_flags() in NMI context Per documentation, stack_depot_save_flags() was meant to be usable from N…

CVSS: N/ACWE: N/A
Read more
Low

CVE-2024-47794

In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combi…

CVSS: N/ACWE: N/A
Read more
Low

CVE-2024-47408

In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset…

CVSS: N/ACWE: N/A
Read more
Low

CVE-2024-46896

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don't access invalid sched Since 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()") accessing job->ba…

CVSS: N/ACWE: N/A
Read more
Low

CVE-2024-41935

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to shrink read extent node in batches We use rwlock to protect core structure data of extent tree during its shrink, ho…

CVSS: N/ACWE: N/A
Read more
Low

CVE-2024-41932

In the Linux kernel, the following vulnerability has been resolved: sched: fix warning in sched_setaffinity Commit 8f9ea86fdf99b added some logic to sched_setaffinity that included a WARN when a pe…

CVSS: N/ACWE: N/A
Read more
2025-01-10
High

CVE-2024-9188

Specially constructed queries cause cross platform scripting leaking administrator tokens

CVSS: 8.8CWE: N/A
Read more
Medium

CVE-2024-5872

On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as ro…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2024-6437

On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- c…

CVSS: 5.8CWE: N/A
Read more
Critical

CVE-2024-29971

Scontain SCONE 5.8.0 has an interface vulnerability that leads to state corruption via injected signals.

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2024-29970

Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that leads to state corruption via injected signals.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2024-25371

Gramine before a390e33e16ed374a40de2344562a937f289be2e1 suffers from an Interface vulnerability due to mismatching SW signals vs HW exceptions.

CVSS: 7.5CWE: N/A
Read more
2025-01-09
High

CVE-2024-13311

Vulnerability in Drupal Allow All File Extensions for file fields.This issue affects Allow All File Extensions for file fields: *.*.

CVSS: 7.3CWE: N/A
Read more
Medium

CVE-2024-13310

Vulnerability in Drupal Git Utilities for Drupal.This issue affects Git Utilities for Drupal: *.*.

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2024-13300

Vulnerability in Drupal Print Anything.This issue affects Print Anything: *.*.

CVSS: 6.6CWE: N/A
Read more
Medium

CVE-2024-13299

Vulnerability in Drupal Megamenu Framework.This issue affects Megamenu Framework: *.*.

CVSS: 6.6CWE: N/A
Read more
Critical

CVE-2024-13285

Vulnerability in Drupal wkhtmltopdf.This issue affects wkhtmltopdf: *.*.

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2023-27539

There is a denial of service vulnerability in the header parsing component of Rack.

CVSS: 5.3CWE: N/A
Read more
2025-01-08
Medium

CVE-2024-56787

In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driver_async_probe=* on kernel command line, the following trace is prod…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2024-56785

In the Linux kernel, the following vulnerability has been resolved: MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Fix the dtc warnings: arch/mips/boot/dts/loongson/ls7a-pch.dtsi:6…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2024-56781

In the Linux kernel, the following vulnerability has been resolved: powerpc/prom_init: Fixup missing powermac #size-cells On some powermacs `escc` nodes are missing `#size-cells` properties, which…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2024-56780

In the Linux kernel, the following vulnerability has been resolved: quota: flush quota_release_work upon quota writeback One of the paths quota writeback is called from is: freeze_super() sync_f…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2024-56771

In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information These four chips: * W25N512GW * W25N01GW * W25N01JW * W25N0…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2024-56770

In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful qdisc should keep track of the…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2024-56449

Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 6.6CWE: CWE-840
Read more
High

CVE-2024-56444

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2024-56442

Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVSS: 5.5CWE: CWE-227
Read more
Medium

CVE-2024-56440

Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVSS: 6.2CWE: CWE-264
Read more
Medium

CVE-2024-56438

Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability.

CVSS: 6.0CWE: CWE-840
Read more
Medium

CVE-2023-52955

Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVSS: 6.5CWE: CWE-264
Read more
Medium

CVE-2023-52954

Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability.

CVSS: 4.4CWE: CWE-701
Read more
Medium

CVE-2024-56436

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 5.5CWE: CWE-264
Read more
2025-01-07
High

CVE-2022-45186

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database.

CVSS: 8.1CWE: N/A
Read more
Medium

CVE-2025-0246

When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue…

CVSS: 6.5CWE: N/A
Read more
Low

CVE-2025-0245

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134.

CVSS: 3.3CWE: N/A
Read more
2025-01-06
Medium

CVE-2024-54764

An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2024-54763

An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2024-53936

The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through 24 for Android enables any application (with no permissions) to place phone calls without user interaction by sendi…

CVSS: 6.3CWE: N/A
Read more
Medium

CVE-2024-53935

The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone Flash) application through 4.3 for Android enables any application (with no permissions) to place phone calls without user interac…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2024-53933

The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application through 1.0.7 for Android enables any application (with no permissions) to place phone calls without…

CVSS: 6.3CWE: N/A
Read more
Low

CVE-2024-48455

An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.…

CVSS: 2.7CWE: N/A
Read more
Medium

CVE-2024-56768

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP disab…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2024-56763

In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2024-56761

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into WAIT…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2024-56760

In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platfo…

CVSS: 5.5CWE: N/A
Read more
High

CVE-2024-43064

Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU.

CVSS: 7.5CWE: CWE-264
Read more
2025-01-03
High

CVE-2024-43764

In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. This could lead to local escalation of privilege with no additional execution privileges ne…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2024-43762

In multiple locations, there is a possible way to avoid unbinding of a service from the system due to a logic error in the code. This could lead to local escalation of privilege with no additional ex…

CVSS: 7.8CWE: N/A
Read more
2025-01-02
Medium

CVE-2024-11184

The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts

CVSS: 4.8CWE: N/A
Read more
2025-01-01
Medium

CVE-2024-11846

The does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS: 6.1CWE: N/A
Read more
>