Vuldb Updates

A vulnerability labeled as critical has been found in tcpdump up to 4.9.1. Impacted is the function ripng_print of the file print-ripng.c of the component RIPng Parser. Executing manipulation can lead to memory corruption. This vulnerability is handled as CVE-2017-12992. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.10-rc2. It has been classified as problematic. Affected by this vulnerability is the function taprio_parse_mqprio_opt. Performing manipulation results in injection. This vulnerability is reported as CVE-2024-36974. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.10-rc1. The affected element is the function __dst_negative_advice. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-36971. Local access is required to approach this attack. Moreover, an exploit is present. You should upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 5.15.159/6.1.91/6.6.31/6.8.10/6.9.1. Affected by this vulnerability is the function tpm2_key_encode. Performing manipulation results in memory leak. This vulnerability is known as CVE-2024-36967. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.6.30/6.8.9. This affects the function __ip_make_skb of the component ipv4. The manipulation leads to uninitialized resource. This vulnerability is documented as CVE-2024-36927. The attack requires being on the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.8.9. This vulnerability affects the function rpc_proc_register of the file /proc/net/sunrpc/nfs of the component Net Namespace Handler. Performing manipulation results in privilege escalation. This vulnerability was named CVE-2024-36939. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.8.9. This vulnerability affects the function tcp_rcv_space_adjust. Executing manipulation can lead to allocation of resources. This vulnerability is tracked as CVE-2024-36905. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.90/6.6.30/6.8.9. This affects the function blk_ioctl_discard of the component block. Such manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2024-36917. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.6.30/6.8.9. Affected by this vulnerability is the function __ip6_make_skb of the component ipv6. The manipulation results in uninitialized resource. This vulnerability is known as CVE-2024-36903. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.90/6.6.30/6.8.9. Affected is the function ip6_output. The manipulation results in null pointer dereference. This vulnerability was named CVE-2024-36901. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.8.9. This affects the function fib6_rule_action of the component ipv6. Performing manipulation results in null pointer dereference. This vulnerability is identified as CVE-2024-36902. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel. It has been classified as problematic. This issue affects the function igb_set_fw_version of the file igb_main.c. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2024-36010. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as problematic was found in Linux Kernel up to 5.10.215/5.15.157/6.1.89/6.6.29/6.8.8. This issue affects some unknown processing of the file net/netfilter/core.c of the component nf_tables. Executing manipulation can lead to information disclosure. This vulnerability appears as CVE-2024-36005. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.1.90/6.6.29/6.8.8. It has been rated as problematic. Impacted is the function hugetlb_cgroup_uncharge_folio_rsvd of the component HugeTLB Page Handler. This manipulation causes reachable assertion. This vulnerability is tracked as CVE-2024-36000. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.8.6. Affected by this vulnerability is the function ipv6_get_ifaddr in the library lib/refcount.c:25. Such manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-35969. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.10.215/5.15.155/6.1.86/6.6.27/6.8.6. This vulnerability affects the function do_replace of the component Netfilter. Executing manipulation can lead to privilege escalation. This vulnerability is handled as CVE-2024-35962. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability described as critical has been identified in pagure. The impacted element is the function generate_archive of the component Temporary Clone Handler. The manipulation results in symlink following. This vulnerability is cataloged as CVE-2024-47515. The attack must originate from the local network. There is no exploit available.

A vulnerability was found in MuPDF 1.23.4. It has been classified as problematic. Affected by this vulnerability is the function pnm_binary_read_image of the file load-pnm.c. Performing manipulation results in divide by zero. This vulnerability is identified as CVE-2023-51104. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability was found in MuPDF 1.23.4. It has been rated as problematic. This affects the function bmp_decompress_rle4 of the file load-bmp.c. The manipulation leads to divide by zero. This vulnerability is listed as CVE-2023-51105. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability, which was classified as problematic, has been found in sfackler openssl Crate up to 0.10.54 on Rust. This issue affects the function X509VerifyParamRef::set_host. Performing manipulation results in buffer over-read. This vulnerability is identified as CVE-2023-53159. The attack is only possible with local access. There is not any exploit available. It is advisable to upgrade the affected component.