The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-53124 - In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_so... read CVE-2024-53124
Published: December 02, 2024; 9:15:13 AM -0500V3.1: 4.7 MEDIUM
-
CVE-2024-53123 - In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero splat in the MPTCP protocol: Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 6094... read CVE-2024-53123
Published: December 02, 2024; 9:15:13 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-53122 - In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before... read CVE-2024-53122
Published: December 02, 2024; 9:15:13 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-53121 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware... read CVE-2024-53121
Published: December 02, 2024; 9:15:12 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-53120 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninit... read CVE-2024-53120
Published: December 02, 2024; 9:15:12 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-53119 - In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix accept_queue memory leak As the final stages of socket destruction may be delayed, it is possible that virtio_transport_recv_listen() will be called after the ... read CVE-2024-53119
Published: December 02, 2024; 9:15:12 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-53118 - In the Linux kernel, the following vulnerability has been resolved: vsock: Fix sk_error_queue memory leak Kernel queues MSG_ZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recv()ed. To prevent memory lea... read CVE-2024-53118
Published: December 02, 2024; 9:15:12 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-53117 - In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Improve MSG_ZEROCOPY error handling Add a missing kfree_skb() to prevent memory leaks.
Published: December 02, 2024; 9:15:12 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-44306 - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges.
Published: November 19, 2024; 7:15:16 PM -0500V3.1: 7.8 HIGH
-
CVE-2024-53116 - In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnin... read CVE-2024-53116
Published: December 02, 2024; 9:15:12 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-44307 - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges.
Published: November 19, 2024; 7:15:17 PM -0500V3.1: 7.8 HIGH
-
CVE-2024-53115 - In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle The 'vmw_user_object_buffer' function may return NULL with incorrect inputs. To avoid possible null poi... read CVE-2024-53115
Published: December 02, 2024; 9:15:12 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-53114 - In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client A number of Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE, but using these instructions is ... read CVE-2024-53114
Published: December 02, 2024; 9:15:12 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-53113 - In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is ... read CVE-2024-53113
Published: December 02, 2024; 9:15:12 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-53112 - In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: <TASK> ? __die_body+0x5... read CVE-2024-53112
Published: December 02, 2024; 9:15:11 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-53111 - In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix address wraparound in move_page_tables() On 32-bit platforms, it is possible for the expression `len + old_addr < old_end` to be false-positive if `len + old_addr... read CVE-2024-53111
Published: December 02, 2024; 9:15:11 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2023-6371 - An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowin... read CVE-2023-6371
Published: March 28, 2024; 4:15:26 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-2818 - An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using m... read CVE-2024-2818
Published: March 28, 2024; 4:15:26 AM -0400V3.1: 6.5 MEDIUM
-
CVE-2024-53110 - In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and... read CVE-2024-53110
Published: December 02, 2024; 9:15:11 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-1299 - A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner pr... read CVE-2024-1299
Published: March 06, 2024; 8:15:52 PM -0500V3.1: 8.1 HIGH