Security Vulnerabilities - CVEs Published In March 2024
Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-04
Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-03-04
Memory corruption in Audio while processing RT proxy port register driver.
CVSS Score
8.4
EPSS Score
0.001
Published
2024-03-04
Information Disclosure while processing IOCTL request in FastRPC.
CVSS Score
5.1
EPSS Score
0.0
Published
2024-03-04
Memory corruption in Core Services while executing the command for removing a single event listener.
CVSS Score
9.3
EPSS Score
0.001
Published
2024-03-04
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system’s memory is carefully prepared by the user and the system is under heavy load, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r1p0 through r18p0; Valhall GPU Kernel Driver: from r37p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.
CVSS Score
8.4
EPSS Score
0.001
Published
2024-03-04
Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period.
CVSS Score
7.3
EPSS Score
0.002
Published
2024-03-04
In the Linux kernel, the following vulnerability has been resolved:
tomoyo: fix UAF write bug in tomoyo_write_control()
Since tomoyo_write_control() updates head->write_buf when write()
of long lines is requested, we need to fetch head->write_buf after
head->io_sem is held. Otherwise, concurrent write() requests can
cause use-after-free-write and double-free problems.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-03-04
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-03-04
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions.
CVSS Score
4.0
EPSS Score
0.0
Published
2024-03-04