Lista CVE 2024/45xxx

CVE nel gruppo: 45xxx

CVE-2024-45020 (N/A)

CVE-2024-45021 (bpf: Fix a kernel verifier crash in stacksafe())

CVE-2024-45022 (memcg_write_event_control(): fix a user-triggerable oops)

CVE-2024-45023 (mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0)

CVE-2024-45024 (md/raid1: Fix data corruption for degraded array with slow disk)

CVE-2024-45025 (mm/hugetlb: fix hugetlb vs. core-mm PT locking)

CVE-2024-45026 (fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE)

CVE-2024-45027 (s390/dasd: fix error recovery leading to data corruption on ESE devices)

CVE-2024-45028 (usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup())

CVE-2024-45029 (mmc: mmc_test: Fix NULL dereference on allocation failure)

CVE-2024-45030 (i2c: tegra: Do not mark ACPI devices as irq safe)

CVE-2024-45031 (igb: cope with large MAX_SKB_FRAGS)

CVE-2024-45032 (Apache Syncope: Stored XSS in Console and Enduser)

CVE-2024-45033 (N/A)

CVE-2024-45034 (Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli)

CVE-2024-45036 (Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes)

CVE-2024-45037 (Improper Access Control Vulnerability When Accessing a Maliciously Crafted Tophat Link)

CVE-2024-45038 (AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template)

CVE-2024-45039 (Device crash via malformed MQTT packet when downlink is enabled in Meshtastic device firmware)

CVE-2024-45040 (gnark’s Groth16 commitment extension unsound for more than one commitment)

CVE-2024-45041 (gnark’s commitments to private witnesses in Groth16 as implemented break zero-knowledge property)

CVE-2024-45042 (External Secrets Operator vulnerable to privilege escalation)

CVE-2024-45043 (Ory Kratos’s `highest_available` setting does not properly respect code + mfa credentials)

CVE-2024-45044 (OpenTelemetry Collector AWS Firehose Receiver Authentication Bypass Vulnerability)

CVE-2024-45045 (Bareos’s negative command ACLs can be circumvented by abbreviating commands)

CVE-2024-45046 (JavaScript Injection via url encoded values in links in Collabora Office Android)

CVE-2024-45047 (PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information)

CVE-2024-45048 (Potential mXSS vulnerability due to improper HTML escaping in svelte)

CVE-2024-45049 (XML External Entity Reference (XXE) in PHPSpreadsheet)

CVE-2024-45050 (Nix Hydra Missing authentication when triggering evaluations)

CVE-2024-45051 (Ringer Server Does Not Check Members When Loading Messages)

CVE-2024-45052 (Bypass of email address validation via encoded email addresses in Discourse)

CVE-2024-45053 (Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability)

CVE-2024-45054 (Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine)

CVE-2024-45056 (Potential Permission Leakage of Cluster Level in hwameistor)

CVE-2024-45057 (`fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc)

CVE-2024-45058 (Reflected Cross-Site Scripting in i-Educar)

CVE-2024-45059 (Privilege escalation in i-Educar)

CVE-2024-45060 (Authenticated SQL Injection in i-Educar)

CVE-2024-45061 (Unauthenticated Cross-Site-Scripting (XSS) in sample file in PHPSpreadsheet)