List of vulnerabilities | OCamlPro Security Monitor

CVE-2024-53154 – clk: clk-apple-nco: Add NULL check in applnco_probe

12/24/2024

Affected packages: albatross • cdrom • conf-bpftool • conf-libbpf • conf-linux-libc-dev • core • core_unix • hvsock • mirage-block-unix • mm ... (27)

Unknown severity

CVE-2024-53151 – svcrdma: Address an integer overflow

12/24/2024

Affected packages: albatross • cdrom • conf-bpftool • conf-libbpf • conf-linux-libc-dev • core • core_unix • hvsock • mirage-block-unix • mm ... (27)

Unknown severity

CVE-2024-53150 – ALSA: usb-audio: Fix out of bounds reads when finding clock sources

12/24/2024

Affected packages: albatross • cdrom • conf-bpftool • conf-libbpf • conf-linux-libc-dev • core • core_unix • hvsock • mirage-block-unix • mm ... (27)

High severity

CVE-2024-53149 – usb: typec: ucsi: glink: fix off-by-one in connector_status

12/24/2024

Affected packages: albatross • cdrom • conf-bpftool • conf-libbpf • conf-linux-libc-dev • core • core_unix • hvsock • mirage-block-unix • mm ... (27)

Unknown severity

CVE-2024-53146 – NFSD: Prevent a potential integer overflow

12/24/2024

Affected packages: albatross • cdrom • conf-bpftool • conf-libbpf • conf-linux-libc-dev • core • core_unix • hvsock • mirage-block-unix • mm ... (27)

Unknown severity

CVE-2024-53145 – um: Fix potential integer overflow during physmem setup

12/24/2024

Affected packages: albatross • cdrom • conf-bpftool • conf-libbpf • conf-linux-libc-dev • core • core_unix • hvsock • mirage-block-unix • mm ... (27)

Unknown severity

CVE-2024-29646

12/17/2024

Affected packages: conf-radare2 • radare2

Critical severity

CVE-2024-47834 – GHSL-2024-280: Gstreamer Use-After-Free read in Matroska CodecPrivate

12/11/2024

Affected packages: conf-gstreamer • gstreamer

Medium severity

CVE-2024-47835 – GHSL-2024-263: Gstreamer NULL-pointer dereference in LRC subtitle parser

12/11/2024

Affected packages: conf-gstreamer • gstreamer

Medium severity

CVE-2024-47778 – GHSL-2024-258: GStreamer has an OOB-read in gst_wavparse_adtl_chunk

12/11/2024

Affected packages: conf-gstreamer • gstreamer

Medium severity

CVE-2024-47777 – GHSL-2024-259: GStreamer has an OOB-read in gst_wavparse_smpl_chunk

12/11/2024

Affected packages: conf-gstreamer • gstreamer

Medium severity

CVE-2024-47776 – GHSL-2024-260: GStreamer has a OOB-read in gst_wavparse_cue_chunk

12/11/2024

Affected packages: conf-gstreamer • gstreamer

Medium severity

CVE-2024-47775 – GHSL-2024-261: GStreamer has an OOB-read in parse_ds64

12/11/2024

Affected packages: conf-gstreamer • gstreamer

Medium severity

CVE-2024-47774 – GHSL-2024-262: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk

12/11/2024

Affected packages: conf-gstreamer • gstreamer

Medium severity

CVE-2024-47613 – GHSL-2024-118: GStreamer has a null pointer dereference in gst_gdk_pixbuf_dec_flush

12/11/2024

Affected packages: conf-gstreamer • gstreamer

High severity

CVE-2024-47615 – GHSL-2024-117: GStreamer has an out-of-bounds write in Ogg demuxer

12/11/2024

Affected packages: conf-gstreamer • gstreamer

High severity

CVE-2024-47607 – GHSL-2024-116: Stack-buffer overflow in gst_opus_dec_parse_header

12/11/2024

Affected packages: conf-gstreamer • gstreamer

High severity

CVE-2024-47606 – GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes

12/11/2024

Affected packages: conf-gstreamer • gstreamer

High severity

CVE-2024-47603 – GHSL-2024-251: GStreamer NULL-pointer dereference in Matroska/WebM demuxer

12/11/2024

Affected packages: conf-gstreamer • gstreamer

Medium severity

CVE-2024-47602 – GHSL-2024-250: Streamer NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer

12/11/2024

Affected packages: conf-gstreamer • gstreamer

Medium severity

List of all vulnerabilities

CVE-2024-53154 – clk: clk-apple-nco: Add NULL check in applnco_probe

CVE-2024-53151 – svcrdma: Address an integer overflow

CVE-2024-53150 – ALSA: usb-audio: Fix out of bounds reads when finding clock sources

CVE-2024-53149 – usb: typec: ucsi: glink: fix off-by-one in connector_status

CVE-2024-53146 – NFSD: Prevent a potential integer overflow

CVE-2024-53145 – um: Fix potential integer overflow during physmem setup

CVE-2024-29646

CVE-2024-47834 – GHSL-2024-280: Gstreamer Use-After-Free read in Matroska CodecPrivate

CVE-2024-47835 – GHSL-2024-263: Gstreamer NULL-pointer dereference in LRC subtitle parser

CVE-2024-47778 – GHSL-2024-258: GStreamer has an OOB-read in gst_wavparse_adtl_chunk

CVE-2024-47777 – GHSL-2024-259: GStreamer has an OOB-read in gst_wavparse_smpl_chunk

CVE-2024-47776 – GHSL-2024-260: GStreamer has a OOB-read in gst_wavparse_cue_chunk

CVE-2024-47775 – GHSL-2024-261: GStreamer has an OOB-read in parse_ds64

CVE-2024-47774 – GHSL-2024-262: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk

CVE-2024-47613 – GHSL-2024-118: GStreamer has a null pointer dereference in gst_gdk_pixbuf_dec_flush

CVE-2024-47615 – GHSL-2024-117: GStreamer has an out-of-bounds write in Ogg demuxer

CVE-2024-47607 – GHSL-2024-116: Stack-buffer overflow in gst_opus_dec_parse_header

CVE-2024-47606 – GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes

CVE-2024-47603 – GHSL-2024-251: GStreamer NULL-pointer dereference in Matroska/WebM demuxer

CVE-2024-47602 – GHSL-2024-250: Streamer NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer