CVE-2024-38412

Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors...

CVE-2024-38412

CVE-2024-38412 is a memory-corruption issue linked to IOCTL handling of session errors in Qualcomm chipsets. Multiple connected sources confirm a kernel-space/ user-space IOCTL path as the root cause, with local access required and high impact to confidentiality, integrity, and availability per C...

CVE-2024-38412 Use After Free in Computer Vision

Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors...

SUSE-SU-2025:0328-1 Security update for clamav

This update for clamav fixes the following issues: New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service DoS condition. - Start clamonacc with --fdpass to avoid errors due to clamd not being able to...

ROS-20250203-11

A vulnerability in the luaupvaluejoin function lapi.c of the Lua script interpreter is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service Vulnerability in the luaresume ldo.c component of the Lua...

Qualcomm Chipsets 输入验证错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. The Qualcomm Chipsets suffer from an input validation error vulnerability that originates from a memory corruption that occurs during power-up or power-down of the camera sensor...

Qualcomm Chipsets 输入验证错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An input validation error vulnerability exists in Qualcomm Chipsets that stems from a memory corruption when processing IOCTL from user space to handle GPU AHB bus errors...

PT-2025-2509 · Qualcomm · Snapdragon +6

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption that occurs when invoking IOCTL calls from user-space to kernel-space, specifically for handling session errors. Th...

PT-2025-2871 · Qualcomm · Snapdragon +45

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption that occurs while processing IOCTL from user space, specifically to handle GPU AHB bus errors. This corruption...

[SECURITY] [DLA 4039-1] ffmpeg security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4039-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz February 01, 2025 https://wiki.debian.org/LTS -...

Cross-site Scripting (XSS)

Overview open-web-calendar is an Embed a highly customizable web calendar into your website using ICal source links Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing validations in URL protocols and unsanitized error messages, leading to data theft or...

[SECURITY] [DLA 4038-1] dcmtk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4038-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk January 31, 2025 https://wiki.debian.org/LTS -...

octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c

...

octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c

...

Advisory ROSA-SA-2025-2631

software: libheif 1.12.0 WASP: ROSA-CHROME packageevrstring: libheif-1.12.0-4 CVE-ID: CVE-2021-36410 BDU-ID: 2023-01688 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the putepelhvfallback function of the fallback-motion.cc component of the h.265 Libde265 video codec implementation is related to...

SUSE CVE-2025-24389

Certain errors of the upstream libraries will insert sensitive information in the OTRS or OTRS Community Edition log mechanism and mails send to the system administrator. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS Community Edition: 6.0.x Products based on the OTRS...

ROS-20250128-05

Vulnerability of the library for processing XML and HTML Lxml markup is related to pointer dereferencing errors NULL in the iterwalk function. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

SUSE-SU-2025:0254-1 Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005565 fixes several issues. The following security issues were fixed: - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefileswithdrawcookie bsc1229275. - CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. - CVE-2024-50264:...

SUSE-SU-2025:0255-1 Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600237 fixes several issues. The following security issues were fixed: - CVE-2024-40921: net: bridge: mst: pass vlan group directly to brmstvlansetstate bsc1227784. - CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in brmstsetstate bsc1227781. ...

Advisory ROSA-SA-2025-2572

software: squid 5.10 OS: ROSA-CHROME packageevrstring: squid-5.10-1 CVE-ID: CVE-2024-45802 BDU-ID: 2024-08860 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to input processing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cau...