Astra Linux – Vulnerability in bluez

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability, as the target must connect...

CVE-2024-53429

Open62541 v1.4.6 is has an assertion failure in fuzzbinarydecode, which leads to a crash...

CVE-2024-1271

Rejected reason: This CVE was previously published at https://bugzilla.redhat.com/showbug.cgi?id=2262978 but later rejected for the following reason: The flaw requires an attacker to have superuser credentials which is a condition that already permits all impacts, hence not constituing a security...

CVE-2024-53051

In the Linux kernel, the following vulnerability has been resolved: drm/i915/hdcp: Add encoder check in intelhdcpgetcapability Sometimes during hotplug scenario or suspend/resume scenario encoder is not always initialized when intelhdcpgetcapability add a check to avoid kernel null pointer...

CVE-2024-53069

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: fix a NULL-pointer dereference Some SCM calls can be invoked with scm being NULL the driver may not have been and will not be probed as there's no SCM entry in device-tree. Make sure we don't dereference a NU...

CVE-2024-53072

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available Loading the amdpmc module as: amdpmc enablestb=1 ...can result in the following messages in the kernel ring buffer: amdpmc AMDI0009:00: SMU cmd failed. err: 0xff ioremap on R...

CVE-2024-53053

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix another deadlock during RTC update If ufshcdrtcwork calls ufshcdrpmputsync and the pm's usagecount is 0, we will enter the runtime suspend callback. However, the runtime suspend callback will wait to flush...

CVE-2024-53052

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: fix missing NOWAIT check for ODIRECT start write When iouring starts a write, it'll call kiocbstartwrite to bump the super block rwsem, preventing any freezes from happening while that write is in-flight. The freeze...

CVE-2023-52921

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpucspass1 Since the gangsize check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang @VAR10CK of Baidu Security...

CVE-2023-39176

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose...

CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...

CVE-2024-45611

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another user account and use a malicious payload t...

CVE-2024-38479

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue...

CVE-2024-11159

Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird 128.4.3 and Thunderbird 132.0.1...

CVE-2024-52530

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header...

CVE-2024-43435

A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary...

CVE-2024-50251

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: sanitize offset and length before calling skbchecksum If access to offset + length is larger than the skbuff length, then skbchecksum triggers BUGON. skbchecksum internally subtracts the length parameter...

CVE-2024-50232

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: fix division by zero in ad7124setchannelodr In the ad7124writeraw function, parameter val can potentially be zero. This may lead to a division by zero when DIVROUNDCLOSEST is called within ad7124setchannelodr. T...

CVE-2024-50259

In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsimnexthopbucketactivitywrite This was found by a static analyzer. We should not forget the trailing zero after copyfromuser if we will further do some string operations,...

CVE-2024-50249

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Make rmwlock a rawspinlock The following BUG was triggered: ============================= BUG: Invalid wait context 6.12.0-rc2-XXX 406 Not tainted ----------------------------- kworker/1:1/62 is trying to lock:...