CVE-2024-3774
published 2024-04-15CVE-2024-3774: aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.36%
27.6th percentile
aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aenrich | a_+hrd | — | — |
| aenrich | a_+hrd | — | — |
| aenrich | a_+hrd | — | — |
| aenrich | a_+hrd | — | — |
| aenrich_technology | a+hrd | — | — |
| aenrich_technology | a+hrd | 7.0 – 7.2 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v26c-v53c-85v2: aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, all
ghsa_unreviewed·2024-04-15
CVE-2024-3774 [MEDIUM] CWE-200 GHSA-v26c-v53c-85v2: aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, all
aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values.
Red Hat
kernel: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream'
vendor_redhat·2024-10-21·CVSS 5.5
CVE-2024-49912 [MEDIUM] CWE-476 kernel: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream'
kernel: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream'
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream'
This commit adds a null check for 'stream_status' in the function
'planes_changed_for_existing_stream'. Previously, the code assumed
'stream_status' could be null, but did not handle the case where it was
actually null. This could lead to a null pointer dereference.
Reported by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:3784 planes_changed_for_existing_stream() error: we previously assumed 'stream_status' could be null (see line 3774)
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat En
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-15
Published