Important: kernel-livepatch-5.10.201-191.748

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

CVE-2023-52432

Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds memory...

CVE-2024-20836

Out of bounds Read vulnerability in ssmisgetfrm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory...

CVE-2024-20830

Summary: Samsung Mobile AppLock had an incorrect default permission in versions prior to SMR Mar-2024 Release 1, enabling local attackers to configure AppLock settings. Impact (from available data): Local, low-complexity access with low confidentiality/integrity/availability impact (CVSS v3.1 bas...

CVE-2024-20034

CVE-2024-20034 affects MediaTek battery module, with a missing bounds check that could enable local privilege escalation to System level. The vulnerability relies on no user interaction and has a network-style CVSS base with high impact across confidentiality, integrity, and availability, though ...

Dell Digital Delivery 安全漏洞

Dell Digital Delivery is an application from Dell USA dedicated to Dell computer equipment for the online purchase of pre-installed software for computers. A buffer overflow vulnerability previously present in Dell Digital Delivery version 5.0.86.0, which arises from the program failing to proper...

CVE-2024-25839

The CVE-2024-25839 entry concerns Webbax “Super Newsletter” for PrestaShop (versions

CVE-2024-1453 Santesoft Sante DICOM Viewer Pro Out-of-Bounds Read

In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code...

CVE-2024-1191

A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

Design/Logic Flaw

A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

CVE-2024-1661

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity ...

Dell Unity Command Injection Vulnerability (CNVD-2024-09153)

Dell Unity is a unified hybrid storage array for general purpose workloads both locally and in the cloud. A command injection vulnerability exists in Dell Unity, which can be exploited by a local attacker to execute arbitrary operating system commands with root privileges...

Directory traversal

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

Wago Multiple Products Improper Privilege Management (CVE-2023-3379)

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-...

Design/Logic Flaw

Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component...

CVE-2024-22795

The CVE-2024-22795 entry covers an Insecure Permissions vulnerability in ForeScout SecureConnector (v11.3.06.0063). A local attacker can escalate privileges via the Recheck Compliance Status component, as documented across multiple sources in the connected set (Red Hat advisory mirrors the same i...

kernel: possible race condition in drivers/tty/tty_buffers.c

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flushtoldisc function. This flaw allows a local user to crash the...

CVE-2024-23769

Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 for Windows allows a local attacker to read privileged data...

PT-2024-1939

Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account. The vulnerability is due t...

PT-2024-2255 · Microsoft · Office

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to the incorrect handling of symbolic links by the Office Performance Monitor executable in Microsoft Office, which can be exploited by creating a specially...