Vuldb Updates

A vulnerability was found in Linux Kernel up to 5.15.149/6.1.79/6.6.18/6.7.6. It has been rated as critical. Affected by this issue is the function flow_offload_add of the component netfilter. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-27403. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of default credentials. This vulnerability is traded as CVE-2025-7907. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in D-Link DI-8100 1.0. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file /ddns.asp?opt=add of the component jhttpd. The manipulation of the argument mx leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-7908. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Linux Kernel up to 6.6.18/6.7.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/Kconfig.debug. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-27406. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.79/6.6.18/6.7.6. It has been declared as critical. Affected by this vulnerability is the function skb_queue_empty of the component phonet. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2024-27402. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.8.5 and classified as critical. This vulnerability affects the function sb_bread of the component sysv. The manipulation leads to deadlock. This vulnerability was named CVE-2023-52699. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.208/5.15.147/6.1.74/6.6.13/6.7.1. It has been classified as problematic. This affects the function tpd12s015_remove of the component drm. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2023-52694. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.13/6.7.1. This issue affects the function sof_sdw_rt_sdca_jack_exit of the component ASoC. The manipulation leads to infinite loop. The identification of this vulnerability is CVE-2023-52697. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.7.1 on Jakub. It has been declared as critical. This vulnerability affects the function netlbl_calipso_add_pass in the library include/linux/slab.h. The manipulation leads to memory leak. This vulnerability was named CVE-2023-52698. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.7.1. This issue affects the function scarlett2_meter_ctl_get of the component ALSA. The manipulation of the argument meter_level_map[] leads to privilege escalation. The identification of this vulnerability is CVE-2023-52689. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.7.1. It has been rated as problematic. Affected by this issue is the function acpi_get_parent. The manipulation leads to uninitialized pointer. This vulnerability is handled as CVE-2023-52693. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0/6.1.80/6.6.18/6.7.6 and classified as problematic. This issue affects the function remote_id. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2024-27404. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.7.1. It has been classified as critical. This affects the function opal_powercap_init of the component powernv. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2023-52696. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.147/6.1.74/6.6.13/6.7.1. It has been declared as problematic. Affected by this vulnerability is the function scarlett2_usb_set_config of the component ALSA. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2023-52692. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.6/6.7/6.7.1. This affects an unknown part of the component ath12k. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2023-52688. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.7.1 and classified as problematic. Affected by this vulnerability is the function si_dpm_init. The manipulation leads to double free. This vulnerability is known as CVE-2023-52691. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.7.1. It has been classified as critical. Affected is the function opal_event_init of the component powernv. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2023-52686. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.74/6.6.13/6.7.1. This vulnerability affects the function dma_map_sg of the component safexcel. The manipulation leads to buffer overflow. This vulnerability was named CVE-2023-52687. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.7.1. This affects the function lpit_update_residency of the component ACPI. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2023-52683. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.74/6.6.13/6.7.1. Affected by this issue is the function s_fs_info of the component efivarfs. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2023-52681. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.