CVE-2024-42223

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state-xtalhz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pllmfactor. Create a new 64 bit variable to hold the calculations...

CVE-2024-42223

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state-xtalhz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pllmfactor. Create a new 64 bit variable to hold the calculations...

CVE-2024-42106

CVE-2024-42106 : In the Linux kernel, the inet_diag path for raw sockets could read an uninitialized pad field in inet_diag_req_v2 when converting inet_diag_req to v2, leading to uninitialized reads in raw_lookup(). The root cause is that inet_diag_get_exact_compat() and inet_diag_dump_compat() d...

CVE-2024-42106 inet_diag: Initialize pad field in struct inet_diag_req_v2

In the Linux kernel, the following vulnerability has been resolved: inetdiag: Initialize pad field in struct inetdiagreqv2 KMSAN reported uninit-value access in rawlookup 1. Diag for raw sockets uses the pad field in struct inetdiagreqv2 for the underlying protocol. This field corresponds to the...

CVE-2024-42106 inet_diag: Initialize pad field in struct inet_diag_req_v2

In the Linux kernel, the following vulnerability has been resolved: inetdiag: Initialize pad field in struct inetdiagreqv2 KMSAN reported uninit-value access in rawlookup 1. Diag for raw sockets uses the pad field in struct inetdiagreqv2 for the underlying protocol. This field corresponds to the...

CVE-2024-42094

In the Linux kernel, the following vulnerability has been resolved: net/iucv: Avoid explicit cpumask var allocation on stack For CONFIGCPUMASKOFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code...

CVE-2024-42094

In the Linux kernel, the following vulnerability has been resolved: net/iucv: Avoid explicit cpumask var allocation on stack For CONFIGCPUMASKOFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code...

CVE-2024-42094 net/iucv: Avoid explicit cpumask var allocation on stack

In the Linux kernel, the following vulnerability has been resolved: net/iucv: Avoid explicit cpumask var allocation on stack For CONFIGCPUMASKOFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code...

CVE-2024-42093 net/dpaa2: Avoid explicit cpumask var allocation on stack

In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIGCPUMASKOFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code...

AZL-47489 CVE-2024-41038 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

kernel: i40e: fix vf may be used uninitialized in this function warning

A flaw was found in the Linux kernel’s Ethernet Controller XL710 family driver. This flaw allows a local user to crash the system...

USN-6920-1 edk2 vulnerabilities

It was discovered that EDK II was not properly performing bounds checks in Tianocompress, which could lead to a buffer overflow. An authenticated user could use this issue to potentially escalate their privileges via local access. CVE-2017-5731 It was discovered that EDK II had an insufficient...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a possible overflow of a variable in a compensation function due to a displacement operation...

CVE-2024-41112 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option palette

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 380, leading to remote code execution. Commit...

ROS-20240723-05

A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is related to an insecure privilege management vulnerability. insecure privilege management. Exploitation of the vulnerability could allow an attacker to escalate their privileges A vulnerability in the...

CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...

PDF-XChange Editor Uninitialized Variable Vulnerability (CNVD-2024-33518)

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An uninitialized variable vulnerability exists in PDF-XChange Editor, which can be exploited by attackers to disclose sensitive information...

PDF-XChange Editor Uninitialized Variable Vulnerability

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An uninitialized variable vulnerability exists in PDF-XChange Editor, which can be exploited by an attacker to disclose sensitive information...

CVE-2024-40647

sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...

SUSE CVE-2022-48843

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...