π¨ CVE-2024-43702
Software installed and run as a non-privileged user may conduct improper GPU system calls to allow unprivileged access to arbitrary physical memory page.
π@cveNotify
Software installed and run as a non-privileged user may conduct improper GPU system calls to allow unprivileged access to arbitrary physical memory page.
π@cveNotify
Imagination
Imagination GPU Driver Vulnerabilities - Imagination
This page contains summary details of security vulnerabilities reported on Imagination Technologies Power VR Graphics driver.
π¨ CVE-2024-43703
Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW.
π@cveNotify
Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW.
π@cveNotify
Imagination
Imagination GPU Driver Vulnerabilities - Imagination
This page contains summary details of security vulnerabilities reported on Imagination Technologies Power VR Graphics driver.
π¨ CVE-2024-12007
A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. This affects an unknown part of the file /visualizar-produto.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. This affects an unknown part of the file /visualizar-produto.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2024-53605
Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data.
π@cveNotify
Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data.
π@cveNotify
μ μν[ νλΆμ¬ν / μ¬μ΄λ²κ΅λ°©νκ³Ό ] βμ Notion on Notion
Improper Access Control to content Provider in NextSMS | Notion
1. Vulnerable Package and Version
π¨ CVE-2024-26952
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix potencial out-of-bounds when buffer offset is invalid
I found potencial out-of-bounds when buffer offset fields of a few requests
is invalid. This patch set the minimum value of buffer offset field to
->Buffer offset to validate buffer length.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix potencial out-of-bounds when buffer offset is invalid
I found potencial out-of-bounds when buffer offset fields of a few requests
is invalid. This patch set the minimum value of buffer offset field to
->Buffer offset to validate buffer length.
π@cveNotify
π¨ CVE-2024-26954
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
If ->NameOffset of smb2_create_req is smaller than Buffer offset of
smb2_create_req, slab-out-of-bounds read can happen from smb2_open.
This patch set the minimum value of the name offset to the buffer offset
to validate name length of smb2_create_req().
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
If ->NameOffset of smb2_create_req is smaller than Buffer offset of
smb2_create_req, slab-out-of-bounds read can happen from smb2_open.
This patch set the minimum value of the name offset to the buffer offset
to validate name length of smb2_create_req().
π@cveNotify
π¨ CVE-2024-35964
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Fix not validating setsockopt user input
Check user input length before copying data.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Fix not validating setsockopt user input
Check user input length before copying data.
π@cveNotify
π¨ CVE-2023-52812
In the Linux kernel, the following vulnerability has been resolved:
drm/amd: check num of link levels when update pcie param
In SR-IOV environment, the value of pcie_table->num_of_link_levels will
be 0, and num_of_levels - 1 will cause array index out of bounds
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
drm/amd: check num of link levels when update pcie param
In SR-IOV environment, the value of pcie_table->num_of_link_levels will
be 0, and num_of_levels - 1 will cause array index out of bounds
π@cveNotify
π¨ CVE-2024-10490
An βAuthentication Bypass Using an Alternate Path or Channelβ vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions.
B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.
π@cveNotify
An βAuthentication Bypass Using an Alternate Path or Channelβ vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions.
B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.
π@cveNotify
π¨ CVE-2024-33036
Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.
π@cveNotify
Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.
π@cveNotify
π¨ CVE-2024-33037
Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.
π@cveNotify
Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.
π@cveNotify
π¨ CVE-2024-33039
Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service.
π@cveNotify
Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service.
π@cveNotify
π¨ CVE-2024-33040
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.
π@cveNotify
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.
π@cveNotify
π¨ CVE-2024-33044
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
π@cveNotify
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
π@cveNotify
π¨ CVE-2024-33053
Memory corruption when multiple threads try to unregister the CVP buffer at the same time.
π@cveNotify
Memory corruption when multiple threads try to unregister the CVP buffer at the same time.
π@cveNotify
π¨ CVE-2024-33056
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
π@cveNotify
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
π@cveNotify
π¨ CVE-2024-33063
Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.
π@cveNotify
Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.
π@cveNotify
π¨ CVE-2024-43048
Memory corruption when invalid input is passed to invoke GPU Headroom API call.
π@cveNotify
Memory corruption when invalid input is passed to invoke GPU Headroom API call.
π@cveNotify
π¨ CVE-2024-43049
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.
π@cveNotify
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.
π@cveNotify
π¨ CVE-2024-43050
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.
π@cveNotify
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.
π@cveNotify
π¨ CVE-2024-31248
Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.This issue affects All-in-One Video Gallery: from n/a through 3.5.2.
π@cveNotify
Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.This issue affects All-in-One Video Gallery: from n/a through 3.5.2.
π@cveNotify
Patchstack
Broken Access Control in WordPress All-in-One Video Gallery Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π1