It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure VSTS CLI. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure Arc Jumpstart. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Object Detection Solution Accelerator. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure IoT Edge Dev Tool. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Service Fabric for Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
