In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 28-29, 2024.
During this period, The National Vulnerability Database published 51, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 6
Medium: 5
Low: 5
Severity Not Assigned: 35
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-43705
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Software installed and run as a non-privileged user can trigger the GPU kernel driver to write to arbitrary read-only system files that have been mapped into application memory.
References: https://www.imaginationtech.com/gpu-driver-vulnerabilities/
CWE-ID: CWE-280
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-46973
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
References: https://www.imaginationtech.com/gpu-driver-vulnerabilities/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
3. CVE-2021-22484
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data.
Successful exploitation of this vulnerability may cause a server out of memory (OOM).
References: https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
4. CVE-2021-37000
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: Some Huawei wearables have a permission management vulnerability.
References: https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780
CWE-ID: CWE-255
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-7263
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450)
This vulnerability has been assigned a (CVE)ID:CVE-2023-7263
References: https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-ptvihhms-20747ba3-en
CWE-ID: CWE-35
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-7266
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)
This vulnerability has been assigned a (CVE)ID:CVE-2023-7266
References: https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-chvishhr-d616b19e-en
CWE-ID: CWE-420
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 28-29, 2024.
During this period, The National Vulnerability Database published 51, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 6
Medium: 5
Low: 5
Severity Not Assigned: 35
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-43705
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Software installed and run as a non-privileged user can trigger the GPU kernel driver to write to arbitrary read-only system files that have been mapped into application memory.
References: https://www.imaginationtech.com/gpu-driver-vulnerabilities/
CWE-ID: CWE-280
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-46973
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
References: https://www.imaginationtech.com/gpu-driver-vulnerabilities/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
3. CVE-2021-22484
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data.
Successful exploitation of this vulnerability may cause a server out of memory (OOM).
References: https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
4. CVE-2021-37000
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: Some Huawei wearables have a permission management vulnerability.
References: https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780
CWE-ID: CWE-255
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-7263
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450)
This vulnerability has been assigned a (CVE)ID:CVE-2023-7263
References: https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-ptvihhms-20747ba3-en
CWE-ID: CWE-35
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-7266
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)
This vulnerability has been assigned a (CVE)ID:CVE-2023-7266
References: https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-chvishhr-d616b19e-en
CWE-ID: CWE-420
Common Platform Enumerations (CPE): Not Found