Vuldb Updates

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.11.6. Affected is an unknown function of the file drivers/dpll/dpll_core.c. The manipulation leads to improper initialization. This vulnerability is traded as CVE-2024-53048. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.6 and classified as critical. Affected by this issue is the function intel_hdcp_get_capability of the component hdcp. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-53051. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.6. It has been declared as critical. This vulnerability affects the function mtk_crtc_destroy of the component mediatek. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-53056. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.60/6.11.7. It has been declared as problematic. This vulnerability affects the function do_sve_acc of the component arm64. The manipulation leads to denial of service. This vulnerability was named CVE-2024-50275. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.11.7. This affects the function idpf_get_link_ksettings of the component idpf. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-50274. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.11.7. Affected is the function dvb_ca_ioctl of the file drivers/staging/media/av7110/av7110_ca.c. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-50289. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.59/6.11.6. It has been rated as critical. Affected by this issue is the function mi_enum_attr of the component ntfs3. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2024-50248. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Sophos Web Appliance 3.7.8.1. Affected is an unknown function of the file rss.php. The manipulation of the argument xss with the input %3Cscript%3Ealert%28String.fromCharCode%28120,%20115,%20115%29%29%3C/script%3E leads to cross site scripting. This vulnerability is traded as CVE-2013-2643. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.11.6. This vulnerability affects the function btrfs_bbio_propagate_error. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-50225. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.11.2. Affected is the function cursor_width of the component AMD Display. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2024-50177. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.58/6.11.5 and classified as problematic. Affected by this vulnerability is the function mac_probe of the component fman. The manipulation leads to improper update of reference count. This vulnerability is known as CVE-2024-50166. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.58/6.11.5 and classified as problematic. Affected by this issue is the function read_skb of the file net/vmw_vsock/virtio_transport_common.c. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-50169. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.114/6.6.58/6.11.5. This affects the function __octep_oq_process_rx. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-50145. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.113/6.6.57/6.11.4. Affected is the function blk_mq_submit_bio. The manipulation leads to deadlock. This vulnerability is traded as CVE-2024-50098. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.114/6.6.58/6.11.5. It has been rated as critical. This issue affects the function iso_sock_timeout of the component Bluetooth. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-50124. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.114/6.11.5. It has been rated as critical. Affected by this issue is the function in_atomic of the file kernel/locking/spinlock_rt.c of the component bpf. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-50138. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.6.58/6.11.5. Affected by this issue is some unknown functionality of the file arch/arm64/kvm/sys_regs.c of the component KVM. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-50139. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.113/6.6.57/6.11.4. It has been declared as problematic. This vulnerability affects the function read_alloc_one_name of the component btrfs. The manipulation of the argument name leads to uninitialized pointer. This vulnerability was named CVE-2024-50087. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.113/6.6.57/6.11.4. It has been rated as problematic. This issue affects the function add_inode_ref of the component btrfs. The manipulation leads to uninitialized pointer. The identification of this vulnerability is CVE-2024-50088. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Haudenschilt Family Connections CMS 2.5.0. This issue affects some unknown processing. The manipulation of the argument argv[1] leads to code injection. The identification of this vulnerability is CVE-2011-5130. The attack may be initiated remotely. Furthermore, there is an exploit available.