KLA73907 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure Monitor Agent can be exploited remotely to gain...

PT-2024-6835 · Microsoft · Defender For Endpoint For Linux

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for Endpoint for Linux affected versions not specified Description: The issue is related to errors in handling relative directory paths, which can be exploited to conduct spoofing attacks. Recommendations: At the moment,...

SUSE CVE-2024-43833

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix NULL pointer dereference in adding ancillary links In v4l2asynccreateancillarylinks, ancillary links are created for lens and flash sub-devices. These are sub-device to sub-device links and if the async...

UBUNTU-CVE-2024-43833

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix NULL pointer dereference in adding ancillary links In v4l2asynccreateancillarylinks, ancillary links are created for lens and flash sub-devices. These are sub-device to sub-device links and if the async...

PT-2024-24265 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 11.1 and 11.5 Description: The issue is a denial of service under specific non-default configurations, where the server may crash when using a specially crafted SQL...

CVE-2024-39485

...

SUSE CVE-2024-39485

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Properly re-initialise notifier entry in unregister The notifierentry of a notifier is not re-initialised after unregistering the notifier. This leads to dangling pointers being left there so use listdelinit to...

SUSE CVE-2024-39464

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2asyncnotifier has several listhead members, but only waitinglist and donelist are initialized. notifierentry was kept 'zeroed' leading to an uninitialized listhead. This...

Google Pixel Security Breach

Google Pixel is a smartphone from Google, an American company. A security vulnerability exists in Google Pixel, which stems from a lack of bounds checking in the v4l2smfcqbuf module of smfc-v4l2-ioctls.c, where out-of-bounds writes may exist...

SUSE CVE-2024-35830

In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access...

SUSE CVE-2024-27076

In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix v4l2ctrlhandler memory leak Free the memory allocated in v4l2ctrlhandlerinit on release...

UBUNTU-CVE-2024-27078

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpgalloc In tpgalloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleaks because tpgfree is...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a v4l2ctrlhandler memory leak...

CVE-2024-2223

CVE-2024-2223 is an Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server that enables Server-Side Request Forgery and relay reconfiguration. Affected products include Bitdefender Endpoint Security for Linux (7.0.5.200089), Bitdefender Endpoint Security for Windows (...

PT-2024-21775 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server versions 10.5, 11.1, and 11.5 Description: The issue is related to a denial of service condition that can be triggered with a specially crafted query under certain conditions...

PT-2024-28505 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel, where the struct v4l2 async notifier has several list head members, but only waiting list and done list are initialized. The notifier entry is...

CVE-2021-46943

In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix setfmt error handling If there in an error during a setfmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4l2-compliance ends up allocating 4GiB of RAM and causin...

DEBIAN-CVE-2021-46943

In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix setfmt error handling If there in an error during a setfmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4l2-compliance ends up allocating 4GiB of RAM and causin...

UBUNTU-CVE-2023-52459

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix duplicated list deletion The list deletion call dropped here is already called from the helper function in the line before. Having a second listdel call results in either a warning with CONFIGDEBUGLIST=y:...

kernel: media: em28xx: initialize refcount before kref_get

A use-after-free flaw was found in the Linux kernel’s video4linux driver in how a user triggers the em28xxusbprobe for the Empia 28xx-based TV cards. This flaw allows a local user to crash or potentially escalate their privileges on the system...