TeamViewer 安全漏洞

TeamViewer is software from TeamViewer, Inc. for remote access as well as remote control and remote maintenance of computers and other end devices. A security vulnerability exists in TeamViewer versions prior to 15.57 and prior to 15.55.3, which stems from an improper control in the clipboard...

PT-2024-5918 · Teamviewer · Teamviewer Full Client +1

Name of the Vulnerable Software and Affected Versions: TeamViewer Full Client versions prior to 15.57 TeamViewer Meeting versions prior to 15.55.3 Description: The issue is related to improper access control in the clipboard synchronization feature. This can lead to unintentional sharing of the...

AZL-48246 CVE-2024-44935 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseportaddsock. syzbot reported a null-ptr-deref while accessing sk2-skreuseportcb in reuseportaddsock. 0 The repro first creates a listener with SOREUSEPORT. Then, it creates another listener on the...

UBUNTU-CVE-2024-44935

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseportaddsock. syzbot reported a null-ptr-deref while accessing sk2-skreuseportcb in reuseportaddsock. 0 The repro first creates a listener with SOREUSEPORT. Then, it creates another listener on the...

CVE-2024-44935

CVE-2024-44935: In the Linux kernel SCTP, a null pointer dereference can occur in reuseport_add_sock() when concurrent close operations clear sk_reuseport_cb. The issue stems from insufficient synchronization among reuseport_alloc(), reuseport_add_sock(), and reuseport_detach_sock() across socket...

CVE-2024-44935 sctp: Fix null-ptr-deref in reuseport_add_sock().

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseportaddsock. syzbot reported a null-ptr-deref while accessing sk2-skreuseportcb in reuseportaddsock. 0 The repro first creates a listener with SOREUSEPORT. Then, it creates another listener on the...

CVE-2024-43892 memcg: protect concurrent access to mem_cgroup_idr

In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to memcgroupidr Commit 73f576c04b94 "mm: memcontrol: fix cgroup creation failure after many small jobs" decoupled the memcg IDs from the CSS ID space to fix the cgroup creation failures. It...

DEBIAN-CVE-2024-45234

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics...

DEBIAN-CVE-2024-45237

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without...

DEBIAN-CVE-2024-45238

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...

ROS-20240823-01

Vulnerability of amdgpurasgetcontext function in drm/amdgpu component of Linux operating system kernel is related to null pointer dereferencing on drmcvtmode failure. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability of brcmfnotifyescancomplete...

SUSE CVE-2024-43869

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via freeevent directly, this can potentially result in a leaked...

Ubuntu 18.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-6979-1)

"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6979-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws i...

Authorization Bypass

com.ctrip.framework.apollo:apollo is vulnerable to an Authorization Bypass. The vulnerability is due to insufficient permission checks in the synchronization configuration feature, allowing an attacker to modify a namespace without the necessary permissions...

UBUNTU-CVE-2024-43869

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via freeevent directly, this can potentially result in a leaked...

kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge

CVE-2024-36000 addresses a synchronization issue in the Linux kernel's management of huge pages. The problem arises when multiple threads modify the reservation map concurrently without proper locking, leading to potential inconsistencies and system instability...

ROS-20240821-01

The vulnerability of the kobjectadd function in the md component of the Linux operating system kernel is related to the lack of releasing the previous state of a synchronization request before assigning a reference to a new one. Exploitation the vulnerability could allow an attacker to cause a...

SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2024:2983-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2983-1 advisory. - CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command bsc1227322 -...

GHSA-C6C3-H4F7-3962 apollo-portal has potential unauthorized access issue

Impact A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. Patches The issue was addressed with an input parameter check in...

apollo-portal has potential unauthorized access issue

Impact A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. Patches The issue was addressed with an input parameter check in...