PT-2025-3602 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel's ptrace functionality, specifically with the arm64 architecture. The problem arises when the poe set function does not initialize a temporary...

RUSTSEC-2024-0409 Build corruption when using `PYO3_CONFIG_FILE` environment variable

In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...

postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables...

CVE-2024-45207

DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently,...

CVE-2024-45207

CVE-2024-45207 affects Veeam Agent for Windows (Microsoft Windows) where DLL injection can occur if PATH contains insecure directories. The agent searches PATH for DLLs and may load a malicious DLL placed in those directories, enabling code execution with potential unauthorized access, data theft...

CVE-2024-45207

DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently,...

ALSA-2024:10785 Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

RHEL 8 : postgresql:13 (RHSA-2024:10800)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10800 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL PL/Perl environment variable...

PT-2025-3661 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns the RDMA/bnxt re component in the Linux kernel, where the maximum number of SGEs Scatter-Gather Elements for a Work Request is not properly handled. Specifically, Ge...

postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables...

CVE-2024-33036

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access...

CVE-2024-33036

CVE-2024-33036: Memory corruption in Qualcomm camera driver parsing sensor packets. The root cause is using a user-space variable during kernel memory allocation/parsing, which can trigger large allocations or invalid memory access. Documented impact is memory corruption with potential out-of-bou...

CVE-2024-33036 Use of Out-of-range Pointer Offset in Camera Driver

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access...

postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables...

PT-2024-25081 · Qualcomm · Qualcomm Snapdragon Auto To Xr2 5G Platform

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto to XR2 5G Platform affected versions not specified Description: The issue involves memory corruption when analyzing sensor packets in the camera driver. A user-space variable is used while allocating memory in the...

PT-2024-9678 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: The issue allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, potentially exposing credentials for a remot...

CVE-2024-22037

CVE-2024-22037 is referenced in SUSE updates for Uyuni tooling. The issue stems from database credentials being exposed via environment in a systemd/Podman context. The connected SUSE advisory notes that CVE-2024-22037 is fixed by switching to podman secrets to store database credentials (uyuni-t...

CVE-2024-22037 Database password leaked by systemd uyuni-server-attestation service

The uyuni-server-attestation systemd service needs a databasepassword environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users...

CVE-2024-22037 Database password leaked by systemd uyuni-server-attestation service

The uyuni-server-attestation systemd service needs a databasepassword environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users...

Updated postgresql15 & postgresql13 packages fix security vulnerabilities

PostgreSQL row security below e.g. subqueries disregards user ID changes. CVE-2024-10976 PostgreSQL libpq retains an error message from man-in-the-middle. CVE-2024-10977 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID. CVE-2024-10978 PostgreSQL PL/Perl environment variable...