VIR Vulnerability Intelligence Relay

Search

Found 5,398 results in 1942ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2024-47540 high 8.0 FIX rhel rockydebian debian 2y ago GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function withi…
CVE-2024-47539 high 8.0 FIX rhel rockydebian debian 2y ago GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerabil…
CVE-2024-47538 high 8.0 FIX rhel rockydebian debian 2y ago RHSA-2024:11345: gstreamer1-plugins-base security update (Important)
CVE-2024-47537 high 8.0 FIX rhel rockydebian debian 2y ago GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_cou…
CVE-2024-9287 high 8.0 FIX rocky rhel sles 2y ago A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands int…
CVE-2024-7592 low 2.5 FIX rhel sles rocky 2y ago There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie…
CVE-2024-12254 high 8.0 FIX rhel rocky sles 2y ago RHSA-2024:10980: python3.12 security update (Important)
CVE-2024-11168 high 8.0 FIX rocky rhel sles 2y ago The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and poten…
CVE-2024-31449 high 8.0 FIX rhel rocky sles 2y ago Important: redis security update
CVE-2024-31228 high 8.0 FIX rhel rocky sles 2y ago Important: redis security update
CVE-2023-45145 high 8.0 FIX rhel rocky sles 2y ago Important: redis security update
CVE-2024-10979 high 8.0 FIX rhel rocky sles 2y ago RHSA-2024:10832: postgresql:13 security update (Important)
CVE-2024-10978 high 8.0 FIX rhel rocky sles 2y ago RHSA-2024:10832: postgresql:13 security update (Important)
CVE-2024-10976 high 8.0 FIX rhel rocky sles 2y ago RHSA-2024:10832: postgresql:13 security update (Important)
CVE-2024-52804 high 8.0 FIX rhel rocky sles 2y ago RHSA-2025:2872: pcs security update (Important)
CVE-2024-11699 high 8.0 FIX rhel rockydebian debian 2y ago Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could…
CVE-2024-11697 high 8.0 FIX rhel rockydebian debian 2y ago When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vul…
CVE-2024-11696 high 8.0 FIX rhel rockydebian debian 2y ago The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest…
CVE-2024-11695 high 8.0 FIX rhel rockydebian debian 2y ago A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Fir…
CVE-2024-11694 high 8.0 FIX rhel rockydebian debian 2y ago Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue c…
CVE-2024-11692 high 8.0 FIX rhel rockydebian debian 2y ago An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 12…
CVE-2024-11159 high 8.0 FIX rhel rocky sles 2y ago RHSA-2024:10591: thunderbird security update (Important)
CVE-2024-44309 high 9.5 KEVFIX rhel rocky sles 2y ago Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.
CVE-2024-52336 high 8.0 FIX rhel sles rocky 2y ago Important: tuned security update
CVE-2024-27043 low 2.5 FIX rocky slesdebian debian 2y ago In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several erro…
CVE-2024-10963 high 8.0 FIX rhel rocky sles 2y ago RHSA-2024:10379: pam security update (Important)
CVE-2024-53899 high 8.0 FIX rocky slesdebian debian 2y ago virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same…
CVE-2024-9632 high 8.0 FIX rhel rocky sles 2y ago A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payloa…
CVE-2024-45802 high 8.0 FIX rhel rocky sles 2y ago RHSA-2024:9644: squid:4 security update (Important)
CVE-2018-12699 low 2.5 FIX debian debian sles rocky 2y ago RHSA-2024:9689: binutils security update (Low)
CVE-2024-9050 high 8.0 rhel rocky 2y ago RHSA-2024:8353: NetworkManager-libreswan security update (Important)
CVE-2024-52532 high 8.0 FIX rhel rocky sles 2y ago RHSA-2024:9573: libsoup security update (Important)
CVE-2024-52530 high 8.0 FIX rhel rocky sles 2y ago RHSA-2024:9573: libsoup security update (Important)
CVE-2024-44296 high 8.0 FIX rocky slesdebian debian 2y ago The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Pr…
CVE-2024-44244 high 8.0 FIX rhel rocky sles 2y ago A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Proces…
CVE-2024-43499 high 8.0 FIX rhelalmalinux almalinux 2y ago Important: .NET 9.0 security update
CVE-2024-43498 high 8.0 FIX rhelalmalinux almalinux 2y ago Important: .NET 9.0 security update
CVE-2024-6501 low 2.5 FIX rhel slesdebian debian 2y ago Low: NetworkManager security update
CVE-2024-6126 low 2.5 FIX rheldebian debian sles 2y ago A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
CVE-2024-5742 low 2.5 FIX rhel rocky sles 2y ago RHSA-2024:6986: nano security update (Low)
CVE-2024-5535 critical 9.1 9.1 FIX rhel rocky sles 2y ago RHSA-2025:1673: mysql:8.0 security update (Important)
CVE-2024-4741 low 2.5 FIX rhel sles rocky 2y ago Low: openssl security update
CVE-2024-4603 low 2.5 FIX rhel sles rocky 2y ago Low: openssl security update
CVE-2024-44970 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from t…
CVE-2024-43830 high 7.8 7.8 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate() Triggers which have trigger specific sysfs attributes typi…
CVE-2024-42240 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warning in #DB handler due to BHI mitigation When BHI mitigation is enabled, if SYSENTER is invoked with the TF fl…
CVE-2024-42238 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Return error if block header overflows file Return an error from cs_dsp_power_up() if a block header is longer …
CVE-2024-42237 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff…
CVE-2024-42228 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_rel…
CVE-2024-42226 high 8.0 FIX rhel rocky sles 2y ago RHSA-2024:7001: kernel-rt security update (Important)
CVE-2024-42159 high 8.0 FIX rhel slesdebian debian 2y ago In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't b…
CVE-2024-42154 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long,…
CVE-2024-42124 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Make qedf_execute_tmf() non-preemptible Stop calling smp_processor_id() from preemptible code in qedf_execute_tmf90. …
CVE-2024-42084 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat…
CVE-2024-41065 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc…
CVE-2024-41060 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bo_va->bo is non-NULL before using it The call to radeon_vm_clear_freed might clear bo_va->bo, so we have to ch…
CVE-2024-41056 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Use strnlen() instead of strlen() on the algorithm and coefficien…
CVE-2024-41039 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw he…
CVE-2024-41038 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into t…
CVE-2024-41012 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created l…
CVE-2024-41008 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm->task_info handling This patch changes the handling and lifecycle of vm->task_info object. The major change…
CVE-2024-41007 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero…
CVE-2024-40997 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on CPU EPP exit The cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is not freed …
CVE-2024-40989 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't…
CVE-2024-40988 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix UBSAN warning in kv_dpm.c Adds bounds check for sumo_vid_mapping_entry.
CVE-2024-40906 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always stop health timer during driver removal Currently, if teardown_hca fails to execute during driver removal, mlx5 …
CVE-2024-40901 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory There is a potential out-of-bounds access when using test_b…
CVE-2024-39503 high 7.0 7.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Lion Ackermann reported that there is a race con…
CVE-2024-39501 high 8.0 FIX rhel rocky sles 2y ago RHSA-2024:7001: kernel-rt security update (Important)
CVE-2024-39499 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in event_deliver() Coverity spotted that event_msg is controlled by user-spac…
CVE-2024-39471 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should be stop to …
CVE-2024-39276 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Syzbot reports a warning as follows: =================…
CVE-2024-38635 high 7.1 7.1 FIX rhel slesdebian debian 2y ago In the Linux kernel, the following vulnerability has been resolved: soundwire: cadence: fix invalid PDI offset For some reason, we add an offset to the PDI, presumably to skip the PDI0 and PDI1 whi…
CVE-2024-38627 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which free…
CVE-2024-38612 critical 9.8 9.8 FIX rhel slesdebian debian 2y ago In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defin…
CVE-2024-38581 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix the ramdom use-after-free issue. v2: move to amdgpu_…
CVE-2024-38555 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal…
CVE-2024-3727 high 8.3 8.3 FIX rhelalmalinux almalinux rocky 2y ago A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, …
CVE-2024-36974 high 7.8 7.8 FIX rhel slesdebian debian 2y ago In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_par…
CVE-2024-36960 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure tha…
CVE-2024-36945 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: net/smc: fix neighbour and rtable leak in smc_ib_find_route() In smc_ib_find_route(), the neighbour found by neigh_lookup() and r…
CVE-2024-36940 high 7.8 7.8 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). I…
CVE-2024-36933 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and …
CVE-2024-36928 high 8.0 FIX rhel slesdebian debian 2y ago In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 devi…
CVE-2024-36927 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in __ip_make_skb() KMSAN reported uninit-value access in __ip_make_skb() [1]. __ip_make_skb() test…
CVE-2024-36920 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Avoid memcpy field-spanning write WARNING When the "storcli2 show" command is executed for eHBA-9600, mpi3mr driver…
CVE-2024-36917 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blk_ioctl_discard() There is no check for overflow of 'start + len' in blk_ioctl_discard(). Hung task occu…
CVE-2024-36901 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_out…
CVE-2024-36896 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in port.c:disable_stor…
CVE-2024-36010 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: igb: Fix string truncation warnings in igb_set_fw_version Commit 1978d3ead82c ("intel: fix string truncation warnings") fixes '-W…
CVE-2024-35959 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix mlx5e_priv_init() cleanup flow When mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup which calls…
CVE-2024-35947 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets ma…
CVE-2024-35946 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix null pointer access when abort scan During cancel scan we might use vif that weren't scanning. Fix this by using…
CVE-2024-35938 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB Currently buf_len field of ath11k_mhi_config_qca6390 is assigned with 0, …
CVE-2024-35924 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Limit read size on v1.2 Between UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was increased from 16 …
CVE-2024-35912 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup() fails, we still need …
CVE-2024-35905 high 7.8 7.8 FIX rhel slesdebian debian 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack m…
CVE-2024-35886 high 7.8 7.8 FIX rhel slesdebian debian 2y ago In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix infinite recursion in fib6_dump_done(). syzkaller reported infinite recursive calls of fib6_dump_done() during netlink …
CVE-2024-35876 high 8.0 FIX rhel rocky sles 2y ago RHSA-2024:5102: kernel-rt security update (Important)
CVE-2024-35855 high 8.0 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically t…