Vuldb Updates

A vulnerability classified as critical was found in Linux Kernel up to 5.15.161/6.1.96/6.6.36/6.9.7. This vulnerability affects the function drm_gem_fb_get_obj of the component AMD GPU. The manipulation leads to buffer overflow. This vulnerability was named CVE-2024-41093. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.9.4. This vulnerability affects the function p9_client_rpc. The manipulation leads to improper initialization. This vulnerability was named CVE-2024-39301. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.90/6.6.30/6.8.9 and classified as critical. This vulnerability affects unknown code of the component Bluetooth. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-36032. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.15.160/6.1.93/6.6.33/6.9.4 on SCM and classified as critical. Affected by this vulnerability is an unknown functionality of the component lmh. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-39466. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.220/5.15.161/6.1.95/6.6.35/6.9.6. It has been declared as problematic. Affected by this vulnerability is the function lima_pm_idle. The manipulation leads to race condition. This vulnerability is known as CVE-2024-40976. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.10.221/5.15.162/6.1.97/6.6.38/6.9.8. This vulnerability affects the function qca_serdev_shutdown of the component QCA6390. The manipulation leads to use after free. This vulnerability was named CVE-2024-42137. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.161/6.1.95/6.6.35/6.9.6. It has been classified as critical. This affects the function NF_HOOK of the component seg6. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-40957. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.10.220/5.15.161/6.1.95/6.6.35/6.9.6. This issue affects some unknown processing of the component f2fs. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-40971. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.161/6.1.96/6.6.36/6.9.7. It has been declared as critical. This vulnerability affects the function ib_create_cq of the component restrack. The manipulation leads to memory corruption. This vulnerability was named CVE-2024-42080. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.9.2. It has been classified as critical. Affected is the function ibdev_err of the component RDMA. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-38590. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.15.160/6.1.92/6.6.32/6.8.11/6.9.2. Affected is the function acrn_vm_ram_map of the component virt. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-38610. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.15.161/6.1.94/6.6.34/6.9.5. This affects an unknown part of the file net/core/sock_map.c of the component sock_map. The manipulation leads to incorrect control flow. This vulnerability is uniquely identified as CVE-2024-39500. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.15.161/6.1.94/6.6.34/6.9.5. Affected by this issue is the function dev_kfree_skb_any. The manipulation leads to Privilege Escalation. This vulnerability is handled as CVE-2024-40937. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.9. This issue affects the function malidp_mw_connector_reset of the component DRM. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2024-36014. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Microsoft Exchange Server 2013 CU23/2016 CU20/2016 CU21/2019 CU9/2019 CU10 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2021-31196. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Dahua IPC-HX3XXX, HX5XXX, HUM7XXX, VTO75X95X, VTO65XXX, VTH542XH, SD1A1, SD22, SD49, SD50, SD52C, SD6AL, TPC-BF1241, TPC-BF2221, TPC-SD2221, TPC-BF5XXX, TPC-SD8X21 and TPC-PT8X21B. Affected by this vulnerability is an unknown functionality of the component Data Packet Handler. The manipulation leads to improper authentication. This vulnerability is known as CVE-2021-33044. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Dahua IPC-HX3XXX, HX5XXX, HUM7XXX, VTO75X95X, VTO65XXX, VTH542XH, NVR1XXX, NVR2XXX, NVR5XXX, NVR6XX, XVR4xxx, XVR5xxx and XVR7xxx. Affected by this issue is some unknown functionality of the component Data Packet Handler. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2021-33045. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in D-Link DIR-605 B2 2.01MT. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /getcfg.php of the component POST Request Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2021-40655. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Draytek VigorConnect 1.6.0-B3. This vulnerability affects unknown code of the component DownloadFileServlet Endpoint. The manipulation leads to file inclusion. This vulnerability was named CVE-2021-20123. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Linux Kernel. This vulnerability affects the function legacy_parse_param of the component Filesystem Handler. The manipulation of the argument supplied leads to integer overflow. This vulnerability was named CVE-2022-0185. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.