Total
32236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38139 | 1 Microsoft | 1 Dataverse | 2024-11-08 | N/A | 8.8 HIGH |
| Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2024-38408 | 1 Qualcomm | 470 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 467 more | 2024-11-08 | N/A | 9.1 CRITICAL |
| Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. | |||||
| CVE-2024-50136 | 1 Linux | 1 Linux Kernel | 2024-11-08 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: [ 682.589148] ------------[ cut here ]------------ [ 682.590204] notifier callback eswitch_vport_event [mlx5_core] already registered [ 682.590256] WARNING: CPU: 13 PID: 2660 at kernel/notifier.c:31 notifier_chain_register+0x3e/0x90 [...snipped] [ 682.610052] Call Trace: [ 682.610369] <TASK> [ 682.610663] ? __warn+0x7c/0x110 [ 682.611050] ? notifier_chain_register+0x3e/0x90 [ 682.611556] ? report_bug+0x148/0x170 [ 682.611977] ? handle_bug+0x36/0x70 [ 682.612384] ? exc_invalid_op+0x13/0x60 [ 682.612817] ? asm_exc_invalid_op+0x16/0x20 [ 682.613284] ? notifier_chain_register+0x3e/0x90 [ 682.613789] atomic_notifier_chain_register+0x25/0x40 [ 682.614322] mlx5_eswitch_enable_locked+0x1d4/0x3b0 [mlx5_core] [ 682.614965] mlx5_eswitch_enable+0xc9/0x100 [mlx5_core] [ 682.615551] mlx5_device_enable_sriov+0x25/0x340 [mlx5_core] [ 682.616170] mlx5_core_sriov_configure+0x50/0x170 [mlx5_core] [ 682.616789] sriov_numvfs_store+0xb0/0x1b0 [ 682.617248] kernfs_fop_write_iter+0x117/0x1a0 [ 682.617734] vfs_write+0x231/0x3f0 [ 682.618138] ksys_write+0x63/0xe0 [ 682.618536] do_syscall_64+0x4c/0x100 [ 682.618958] entry_SYSCALL_64_after_hwframe+0x4b/0x53 | |||||
| CVE-2024-51513 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Vulnerability of processes not being fully terminated in the VPN module Impact: Successful exploitation of this vulnerability will affect power consumption. | |||||
| CVE-2024-51522 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Vulnerability of improper device information processing in the device management module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-51523 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 7.5 HIGH |
| Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-51524 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Permission control vulnerability in the Wi-Fi module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-33031 | 1 Qualcomm | 32 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 29 more | 2024-11-07 | N/A | 6.7 MEDIUM |
| Memory corruption while processing the update SIM PB records request. | |||||
| CVE-2024-51525 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Permission control vulnerability in the clipboard module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-51526 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Permission control vulnerability in the hidebug module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-51527 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Permission control vulnerability in the Gallery app Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-51529 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Data verification vulnerability in the battery module Impact: Successful exploitation of this vulnerability may affect function stability. | |||||
| CVE-2024-51530 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-51520 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-51521 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Input parameter verification vulnerability in the background service module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-23386 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2024-11-07 | N/A | 6.7 MEDIUM |
| memory corruption when WiFi display APIs are invoked with large random inputs. | |||||
| CVE-2024-51514 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Vulnerability of pop-up windows belonging to no app in the VPN module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-51516 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Permission control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to function abnormally. | |||||
| CVE-2022-48996 | 1 Linux | 1 Linux Kernel | 2024-11-07 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes() Commit da87878010e5 ("mm/damon/sysfs: support online inputs update") made 'damon_sysfs_set_schemes()' to be called for running DAMON context, which could have schemes. In the case, DAMON sysfs interface is supposed to update, remove, or add schemes to reflect the sysfs files. However, the code is assuming the DAMON context wouldn't have schemes at all, and therefore creates and adds new schemes. As a result, the code doesn't work as intended for online schemes tuning and could have more than expected memory footprint. The schemes are all in the DAMON context, so it doesn't leak the memory, though. Remove the wrong asssumption (the DAMON context wouldn't have schemes) in 'damon_sysfs_set_schemes()' to fix the bug. | |||||
| CVE-2022-48985 | 1 Linux | 1 Linux Kernel | 2024-11-07 | N/A | 4.7 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi work_done After calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq->work_done. If the other thread (for example, from busy_poll) sets it to a value >= budget, this thread will continue to run when it should stop, and cause memory corruption and panic. To fix this issue, save the per-CQ work_done variable in a local variable before napi_complete_done(), so it won't be corrupted by a possible concurrent thread after napi_complete_done(). Also, add a flag bit to advertise to the NIC firmware: the NAPI work_done variable race is fixed, so the driver is able to reliably support features like busy_poll. | |||||