Dell RecoverPoint for Virtual Machines update for third-party components
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 517 |
| CVE-ID | CVE-2024-41078 CVE-2024-41015 CVE-2024-27437 CVE-2022-48826 CVE-2024-40987 CVE-2024-41059 CVE-2024-40998 CVE-2022-48823 CVE-2022-48792 CVE-2024-40978 CVE-2024-41081 CVE-2024-35949 CVE-2024-41064 CVE-2024-41071 CVE-2022-48827 CVE-2024-41063 CVE-2022-48828 CVE-2022-48829 CVE-2024-41060 CVE-2024-41089 CVE-2024-42093 CVE-2024-41066 CVE-2024-41044 CVE-2024-40995 CVE-2024-41048 CVE-2024-41072 CVE-2024-42224 CVE-2024-41095 CVE-2024-42120 CVE-2024-41016 CVE-2024-42070 CVE-2024-42223 CVE-2024-40982 CVE-2024-40941 CVE-2024-40923 CVE-2024-39507 CVE-2024-40937 CVE-2020-26558 CVE-2021-0129 CVE-2022-48811 CVE-2021-47580 CVE-2022-48855 CVE-2023-52594 CVE-2022-48810 CVE-2021-47395 CVE-2021-47468 CVE-2021-47582 CVE-2024-35995 CVE-2022-48850 CVE-2024-40966 CVE-2024-40967 CVE-2022-48804 CVE-2021-47588 CVE-2024-35837 CVE-2024-40999 CVE-2024-41090 CVE-2024-41091 CVE-2024-41014 CVE-2021-47388 CVE-2021-47403 CVE-2024-40932 CVE-2024-40988 CVE-2024-42119 CVE-2024-42124 CVE-2022-48863 CVE-2022-48769 CVE-2024-43831 CVE-2024-42285 CVE-2024-42301 CVE-2024-42322 CVE-2024-43854 CVE-2024-42309 CVE-2024-42310 CVE-2024-42312 CVE-2024-42284 CVE-2024-42280 CVE-2024-26677 CVE-2024-40984 CVE-2024-43856 CVE-2024-43839 CVE-2024-42271 CVE-2021-47341 CVE-2024-42157 CVE-2024-43819 CVE-2024-26668 CVE-2024-41012 CVE-2024-41020 CVE-2024-36013 CVE-2024-27011 CVE-2024-43879 CVE-2024-42244 CVE-2024-42236 CVE-2024-42226 CVE-2024-39489 CVE-2024-43872 CVE-2024-42281 CVE-2024-41035 CVE-2024-42145 CVE-2024-42082 CVE-2021-47619 CVE-2021-47295 CVE-2024-38630 CVE-2021-47559 CVE-2024-39506 CVE-2024-42096 CVE-2021-47405 CVE-2024-41070 CVE-2024-39494 CVE-2021-47257 CVE-2024-42228 CVE-2024-42101 CVE-2024-42090 CVE-2024-41068 CVE-2024-42162 CVE-2022-48865 CVE-2024-42106 CVE-2024-42148 CVE-2024-42110 CVE-2024-38662 CVE-2024-42232 CVE-2022-48786 CVE-2021-4440 CVE-2024-41098 CVE-2024-42246 CVE-2021-47425 CVE-2021-47373 CVE-2021-47549 CVE-2023-52708 CVE-2022-48860 CVE-2024-40953 CVE-2024-43871 CVE-2024-46784 CVE-2024-20696 CVE-2024-6232 CVE-2024-34459 CVE-2024-1975 CVE-2024-1737 CVE-2024-23984 CVE-2024-6923 CVE-2024-7592 CVE-2023-4408 CVE-2019-12795 CVE-2024-4032 CVE-2023-52425 CVE-2024-6345 CVE-2024-46739 CVE-2023-49141 CVE-2024-46737 CVE-2024-44947 CVE-2022-48790 CVE-2024-43892 CVE-2024-43853 CVE-2024-42289 CVE-2024-42288 CVE-2024-42287 CVE-2024-42286 CVE-2024-42240 CVE-2024-42077 CVE-2024-41097 CVE-2024-36270 CVE-2023-52901 CVE-2023-42667 CVE-2024-24853 CVE-2022-48938 CVE-2014-10401 CVE-2024-24968 CVE-2024-38632 CVE-2024-43912 CVE-2022-48791 CVE-2022-48789 CVE-2024-6655 CVE-2021-47162 CVE-2024-7006 CVE-2023-46316 CVE-2024-7264 CVE-2023-7256 CVE-2024-24980 CVE-2024-8006 CVE-2013-4235 CVE-2024-5642 CVE-2024-8096 CVE-2024-21147 CVE-2024-21145 CVE-2024-21144 CVE-2024-21140 CVE-2024-21138 CVE-2024-21131 CVE-2024-25939 CVE-2023-2176 CVE-2022-48931 CVE-2024-39499 CVE-2024-26830 CVE-2023-52669 CVE-2024-26659 CVE-2024-39490 CVE-2021-47597 CVE-2023-52435 CVE-2021-47599 CVE-2024-27025 CVE-2024-36901 CVE-2021-47542 CVE-2023-52743 CVE-2024-39501 CVE-2021-47501 CVE-2021-47516 CVE-2024-26924 CVE-2021-47191 CVE-2024-40901 CVE-2021-47606 CVE-2022-48857 CVE-2024-40942 CVE-2024-40912 CVE-2024-40929 CVE-2024-27019 CVE-2022-48775 CVE-2021-47194 CVE-2021-47441 CVE-2024-40959 CVE-2024-35934 CVE-2024-39487 CVE-2024-39509 CVE-2023-31315 CVE-2021-47197 CVE-2022-48930 CVE-2024-36939 CVE-2022-48925 CVE-2022-48919 CVE-2022-48905 CVE-2022-48899 CVE-2022-48896 CVE-2022-48822 CVE-2022-48751 CVE-2021-47289 CVE-2024-40990 CVE-2024-40943 CVE-2024-40904 CVE-2024-39488 CVE-2024-36952 CVE-2024-36924 CVE-2021-47219 CVE-2024-35967 CVE-2024-35966 CVE-2024-35887 CVE-2024-26920 CVE-2023-52885 CVE-2022-48839 CVE-2022-48836 CVE-2022-48805 CVE-2022-48794 CVE-2022-2964 CVE-2022-20368 CVE-2021-47438 CVE-2021-47399 CVE-2024-42158 CVE-2023-52907 CVE-2023-50868 CVE-2023-1206 CVE-2023-4622 CVE-2023-4208 CVE-2023-4207 CVE-2023-4206 CVE-2023-39194 CVE-2023-40283 CVE-2023-3776 CVE-2023-34319 CVE-2023-3611 CVE-2023-3609 CVE-2023-35001 CVE-2023-3390 CVE-2023-3212 CVE-2023-45863 CVE-2023-42753 CVE-2023-1077 CVE-2023-0590 CVE-2021-44879 CVE-2023-43787 CVE-2023-43786 CVE-2023-43785 CVE-2023-36054 CVE-2024-22195 CVE-2022-2929 CVE-2022-2928 CVE-2023-4693 CVE-2023-4692 CVE-2022-23219 CVE-2022-23218 CVE-2023-3772 CVE-2023-39189 CVE-2021-35942 CVE-2024-26801 CVE-2022-27384 CVE-2022-27383 CVE-2022-27381 CVE-2022-27380 CVE-2022-27379 CVE-2022-27378 CVE-2022-27377 CVE-2022-27376 CVE-2022-21427 CVE-2021-46669 CVE-2023-22084 CVE-2024-36905 CVE-2024-36886 CVE-2023-45871 CVE-2023-39192 CVE-2023-1989 CVE-2023-6606 CVE-2023-51782 CVE-2023-51781 CVE-2023-51780 CVE-2023-6931 CVE-2023-6932 CVE-2023-5717 CVE-2023-34324 CVE-2023-42754 CVE-2023-25775 CVE-2023-4921 CVE-2023-4623 CVE-2023-39193 CVE-2021-3999 CVE-2021-33574 CVE-2022-27387 CVE-2024-38618 CVE-2024-35978 CVE-2023-52619 CVE-2024-26615 CVE-2024-38558 CVE-2024-26663 CVE-2024-36004 CVE-2024-36902 CVE-2024-27020 CVE-2024-35893 CVE-2024-38560 CVE-2024-26735 CVE-2023-52623 CVE-2024-35915 CVE-2024-26851 CVE-2023-52612 CVE-2024-36286 CVE-2024-38596 CVE-2023-4244 CVE-2023-42755 CVE-2024-32487 CVE-2022-48624 CVE-2020-12762 CVE-2024-2961 CVE-2024-33602 CVE-2024-33601 CVE-2024-33600 CVE-2024-33599 CVE-2024-34397 CVE-2024-35235 CVE-2023-52615 CVE-2024-35806 CVE-2021-3326 CVE-2023-42116 CVE-2021-27645 CVE-2020-6096 CVE-2020-27618 CVE-2020-1752 CVE-2020-10029 CVE-2019-25013 CVE-2019-19126 CVE-2016-10228 CVE-2023-32665 CVE-2023-32611 CVE-2023-29499 CVE-2021-3800 CVE-2023-30861 CVE-2023-42114 CVE-2024-35819 CVE-2022-42012 CVE-2022-42011 CVE-2022-42010 CVE-2023-34969 CVE-2023-7207 CVE-2021-38185 CVE-2019-14866 CVE-2022-42898 CVE-2023-5388 CVE-2024-36954 CVE-2024-26852 CVE-2024-38381 CVE-2024-36919 CVE-2024-36288 CVE-2022-27386 CVE-2022-27445 CVE-2022-48875 CVE-2024-46676 CVE-2024-46743 CVE-2024-46738 CVE-2024-46731 CVE-2024-46723 CVE-2024-46722 CVE-2024-46721 CVE-2024-46715 CVE-2024-46707 CVE-2024-46702 CVE-2024-46686 CVE-2024-46685 CVE-2024-46679 CVE-2024-46677 CVE-2024-46675 CVE-2024-46745 CVE-2024-46673 CVE-2024-45008 CVE-2024-44999 CVE-2024-44998 CVE-2024-44987 CVE-2024-44982 CVE-2024-44969 CVE-2024-44954 CVE-2024-44952 CVE-2024-44950 CVE-2024-44948 CVE-2024-44946 CVE-2024-43914 CVE-2024-43898 CVE-2024-46744 CVE-2024-46750 CVE-2024-43884 CVE-2024-43863 CVE-2024-42155 CVE-2023-52893 CVE-2022-48910 CVE-2024-43866 CVE-2024-43882 CVE-2024-26812 CVE-2022-48920 CVE-2024-43902 CVE-2024-43900 CVE-2024-43893 CVE-2024-43905 CVE-2024-43907 CVE-2024-41087 CVE-2024-43861 CVE-2024-46753 CVE-2024-42259 CVE-2024-41062 CVE-2024-43883 CVE-2024-35933 CVE-2024-35965 CVE-2024-46859 CVE-2024-46854 CVE-2024-46853 CVE-2024-46822 CVE-2024-46787 CVE-2024-46783 CVE-2024-46770 CVE-2024-46761 CVE-2024-46759 CVE-2024-43890 CVE-2024-42306 CVE-2022-27447 CVE-2023-34059 CVE-2022-44792 CVE-2023-32681 CVE-2023-25577 CVE-2023-23934 CVE-2018-25091 CVE-2023-43804 CVE-2020-26137 CVE-2019-11324 CVE-2019-11236 CVE-2020-14422 CVE-2024-3651 CVE-2023-23931 CVE-2023-20900 CVE-2023-34058 CVE-2022-24805 CVE-2020-19189 CVE-2023-29491 CVE-2021-39537 CVE-2024-5742 CVE-2022-32091 CVE-2022-32088 CVE-2022-32087 CVE-2022-32085 CVE-2022-32084 CVE-2022-32083 CVE-2022-27456 CVE-2022-27452 CVE-2022-27449 CVE-2022-27448 CVE-2022-44793 CVE-2022-24806 CVE-2024-42305 CVE-2024-38428 CVE-2024-42265 CVE-2024-42154 CVE-2024-41082 CVE-2024-41079 CVE-2024-41073 CVE-2023-52915 CVE-2022-48945 CVE-2022-48943 CVE-2022-48911 CVE-2022-48844 CVE-2022-48799 CVE-2022-48788 CVE-2021-47387 CVE-2024-24577 CVE-2022-24807 CVE-2023-50387 CVE-2020-14145 CVE-2021-37600 CVE-2024-28085 CVE-2022-0530 CVE-2022-0529 CVE-2023-39804 CVE-2022-3821 CVE-2021-23239 CVE-2023-7090 CVE-2023-28487 CVE-2023-28486 CVE-2022-24809 CVE-2022-24808 |
| CWE-ID | CWE-401 CWE-20 CWE-399 CWE-667 CWE-908 CWE-682 CWE-416 CWE-125 CWE-119 CWE-191 CWE-476 CWE-388 CWE-843 CWE-190 CWE-415 CWE-254 CWE-284 CWE-835 CWE-200 CWE-193 CWE-185 CWE-122 CWE-400 CWE-203 CWE-77 CWE-264 CWE-684 CWE-94 CWE-653 CWE-362 CWE-696 CWE-732 CWE-371 CWE-426 CWE-78 CWE-693 CWE-367 CWE-295 CWE-366 CWE-665 CWE-787 CWE-824 CWE-79 CWE-89 CWE-833 CWE-120 CWE-770 CWE-121 CWE-345 CWE-61 CWE-617 CWE-22 CWE-385 CWE-369 CWE-93 CWE-310 CWE-285 CWE-327 CWE-59 CWE-269 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #149 is available. Public exploit code for vulnerability #256 is available. Public exploit code for vulnerability #268 is available. Public exploit code for vulnerability #345 is available. Vulnerability #346 is being exploited in the wild. Public exploit code for vulnerability #352 is available. Public exploit code for vulnerability #358 is available. Public exploit code for vulnerability #377 is available. Public exploit code for vulnerability #416 is available. Public exploit code for vulnerability #456 is available. Public exploit code for vulnerability #457 is available. Public exploit code for vulnerability #461 is available. Public exploit code for vulnerability #463 is available. Public exploit code for vulnerability #464 is available. Public exploit code for vulnerability #485 is available. Public exploit code for vulnerability #504 is available. Public exploit code for vulnerability #507 is available. Public exploit code for vulnerability #508 is available. Public exploit code for vulnerability #509 is available. |
| Vulnerable software |
RecoverPoint for Virtual Machines Client/Desktop applications / Other client software |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 517 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU94929
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41078
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU94842
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU93202
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27437
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU94451
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48826
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vc4_dsi_host_attach() and vc4_dsi_dev_remove() functions in drivers/gpu/drm/vc4/vc4_dsi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU94307
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40987
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use of uninitialized resource
EUVDB-ID: #VU95033
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41059
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU94266
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40998
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Incorrect calculation
EUVDB-ID: #VU94488
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48823
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the qedf_initiate_cleanup() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU94420
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48792
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mpi_ssp_completion() and mpi_sata_completion() functions in drivers/scsi/pm8001/pm80xx_hwi.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Resource management error
EUVDB-ID: #VU94299
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40978
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource management error
EUVDB-ID: #VU95051
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41081
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ila_output() function in net/ipv6/ila/ila_lwt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU91391
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35949
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __btrfs_check_leaf() and __btrfs_check_node() functions in fs/btrfs/tree-checker.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper locking
EUVDB-ID: #VU94991
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41064
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU94956
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41071
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_prep_hw_scan() function in net/mac80211/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU94479
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48827
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfsd4_encode_read() and nfsd4_encode_read_plus() functions in fs/nfsd/nfs4xdr.c, within the nfsd4_read() function in fs/nfsd/nfs4proc.c, within the nfsd3_proc_read() function in fs/nfsd/nfs3proc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper locking
EUVDB-ID: #VU94992
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41063
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Integer underflow
EUVDB-ID: #VU94466
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48828
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nfsd_setattr() function in fs/nfsd/vfs.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU94492
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48829
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the svcxdr_decode_sattr3() function in fs/nfsd/nfs3xdr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU94978
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41060
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_gem_va_update_vm() function in drivers/gpu/drm/radeon/radeon_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU94971
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41089
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_hd_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU95039
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42093
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dpaa2_eth_xdp_xmit() and update_xps() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Memory leak
EUVDB-ID: #VU94927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41066
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU95108
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41044
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper locking
EUVDB-ID: #VU94267
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU94982
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41048
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sk_msg_recvmsg() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU95106
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41072
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cfg80211_wext_siwscan() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper error handling
EUVDB-ID: #VU95012
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42224
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU94966
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41095
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_ld_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Input validation error
EUVDB-ID: #VU95099
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dce110_vblank_set() function in drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds read
EUVDB-ID: #VU94837
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41016
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Type Confusion
EUVDB-ID: #VU94923
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42070
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a type confusion error within the nft_lookup_init() function in net/netfilter/nft_lookup.c,
within the nf_tables_fill_setelem() and nft_validate_register_store()
functions in net/netfilter/nf_tables_api.c. A local user can pass specially crafted data to the packet filtering to trigger a type confusion error and gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Integer overflow
EUVDB-ID: #VU95037
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42223
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the tda10048_set_if() function in drivers/media/dvb-frontends/tda10048.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU94240
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40982
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ssb_bus_match() function in drivers/ssb/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Buffer overflow
EUVDB-ID: #VU94315
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40941
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper error handling
EUVDB-ID: #VU94290
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40923
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vmxnet3_rq_destroy_all_rxdataring() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper locking
EUVDB-ID: #VU94284
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39507
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hclge_push_link_status(), hclge_update_link_status(), hclge_uninit_need_wait() and hclge_uninit_client_instance() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Double free
EUVDB-ID: #VU94289
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40937
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gve_rx_skb_hash() and gve_rx_poll_dqo() functions in drivers/net/ethernet/google/gve/gve_rx_dqo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Security features bypass
EUVDB-ID: #VU53579
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-26558
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to an impersonation in the Passkey Entry protocol flaw. A remote attacker on the local network can perform a man-in-the-middle (MITM) attack and impersonate the initiating device without any previous knowledge.
Note: This vulnerability affects the following specifications:
- BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2
- BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2
- LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2
Mitigation
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper access control
EUVDB-ID: #VU54202
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-0129
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote authenticated attacker on the local network can bypass implemented security restrictions and enable information disclosure
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) NULL pointer dereference
EUVDB-ID: #VU94444
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48811
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_crq_queue(), __ibmvnic_open() and ibmvnic_open() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU92318
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47580
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the p_fill_from_dev_buffer(), resp_inquiry(), resp_requests(), resp_mode_sense(), resp_ie_l_pg(), resp_log_sense() and resp_report_zones() functions in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use of uninitialized resource
EUVDB-ID: #VU94464
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48855
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_diag_msg_sctpasoc_fill() and inet_sctp_diag_fill() functions in net/sctp/sctp_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds read
EUVDB-ID: #VU90343
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper locking
EUVDB-ID: #VU94453
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48810
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip6mr_rules_init() function in net/ipv6/ip6mr.c, within the ipmr_rules_init() function in net/ipv4/ipmr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Resource management error
EUVDB-ID: #VU93467
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47395
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ieee80211_parse_tx_radiotap() function in net/mac80211/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper locking
EUVDB-ID: #VU92012
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47468
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nj_release() function in drivers/isdn/hardware/mISDN/netjet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Resource management error
EUVDB-ID: #VU93277
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47582
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbdev_release(), do_proc_control() and do_proc_bulk() functions in drivers/usb/core/devio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Buffer overflow
EUVDB-ID: #VU92955
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35995
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the show_cppc_data(), acpi_cppc_processor_probe(), cpc_read() and cpc_write() functions in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) NULL pointer dereference
EUVDB-ID: #VU94437
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48850
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the speed_show() function in net/core/net-sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Improper locking
EUVDB-ID: #VU94275
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40966
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the con_cleanup() function in drivers/tty/vt/vt.c, within the tty_set_ldisc() function in drivers/tty/tty_ldisc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Improper locking
EUVDB-ID: #VU94274
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40967
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the imx_uart_console_write() function in drivers/tty/serial/imx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Out-of-bounds read
EUVDB-ID: #VU94431
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48804
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vt_ioctl() function in drivers/tty/vt/vt_ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Integer underflow
EUVDB-ID: #VU92374
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47588
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the sit_init_net() function in net/ipv6/sit.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Use of uninitialized resource
EUVDB-ID: #VU93435
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35837
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mvpp2_bm_pool_cleanup() and mvpp2_bm_init() functions in drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Input validation error
EUVDB-ID: #VU94287
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40999
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ena_com_cdesc_rx_pkt_get() and ena_com_rx_pkt() functions in drivers/net/ethernet/amazon/ena/ena_eth_com.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Out-of-bounds read
EUVDB-ID: #VU94840
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41090
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Out-of-bounds read
EUVDB-ID: #VU94841
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41091
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Out-of-bounds read
EUVDB-ID: #VU94836
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41014
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xlog_recover_process_data() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Use-after-free
EUVDB-ID: #VU90140
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47388
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_crypto_ccmp_decrypt() and ieee80211_crypto_gcmp_decrypt() functions in net/mac80211/wpa.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Memory leak
EUVDB-ID: #VU91623
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47403
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ipoctal_port_activate() and ipoctal_cleanup() functions in drivers/ipack/devices/ipoctal.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Memory leak
EUVDB-ID: #VU94204
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40932
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Resource management error
EUVDB-ID: #VU94308
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40988
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/radeon/sumo_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Improper error handling
EUVDB-ID: #VU95015
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42119
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the find_first_free_audio() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Input validation error
EUVDB-ID: #VU95097
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42124
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qedf_execute_tmf() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Memory leak
EUVDB-ID: #VU94393
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48863
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dsp_pipeline_destroy() and dsp_pipeline_build() functions in drivers/isdn/mISDN/dsp_pipeline.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Buffer overflow
EUVDB-ID: #VU93248
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48769
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efi_systab_report_header() function in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Input validation error
EUVDB-ID: #VU96196
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43831
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vpu_dec_init() function in drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Use-after-free
EUVDB-ID: #VU96107
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42285
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Out-of-bounds read
EUVDB-ID: #VU96116
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Resource management error
EUVDB-ID: #VU96189
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42322
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ip_vs_add_service() function in net/netfilter/ipvs/ip_vs_ctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Memory leak
EUVDB-ID: #VU96099
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) NULL pointer dereference
EUVDB-ID: #VU96135
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42309
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the psb_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/psb_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) NULL pointer dereference
EUVDB-ID: #VU96134
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42310
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdv_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/cdv_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Input validation error
EUVDB-ID: #VU96209
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42312
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Buffer overflow
EUVDB-ID: #VU96176
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42284
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Use-after-free
EUVDB-ID: #VU96106
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42280
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Input validation error
EUVDB-ID: #VU94139
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26677
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rxrpc_propose_delay_ACK(), rxrpc_send_initial_ping() and rxrpc_input_call_event() functions in net/rxrpc/call_event.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) NULL pointer dereference
EUVDB-ID: #VU94239
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Buffer overflow
EUVDB-ID: #VU96191
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43856
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dmam_free_coherent() function in kernel/dma/mapping.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Input validation error
EUVDB-ID: #VU96197
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43839
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Use-after-free
EUVDB-ID: #VU96105
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42271
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Use-after-free
EUVDB-ID: #VU90132
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47341
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_vm_ioctl_unregister_coalesced_mmio() function in virt/kvm/coalesced_mmio.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Input validation error
EUVDB-ID: #VU95090
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42157
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) NULL pointer dereference
EUVDB-ID: #VU96130
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43819
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kvm_arch_prepare_memory_region() function in arch/s390/kvm/kvm-s390.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Integer overflow
EUVDB-ID: #VU91180
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26668
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nft_limit_eval() and nft_limit_init() functions in net/netfilter/nft_limit.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Use-after-free
EUVDB-ID: #VU94672
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Improper locking
EUVDB-ID: #VU94996
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41020
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Use-after-free
EUVDB-ID: #VU90057
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36013
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_command_rej(), l2cap_connect() and l2cap_chan_unlock() functions in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Memory leak
EUVDB-ID: #VU90463
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27011
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_data_hold() and __nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Resource management error
EUVDB-ID: #VU96304
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43879
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Input validation error
EUVDB-ID: #VU95510
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42244
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mos7840_port_remove() function in drivers/usb/serial/mos7840.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Memory leak
EUVDB-ID: #VU95502
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_string_copy() function in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Resource management error
EUVDB-ID: #VU95063
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42226
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the handle_tx_event() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Memory leak
EUVDB-ID: #VU94084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39489
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Improper locking
EUVDB-ID: #VU96294
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43872
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the next_ceqe_sw_v2(), hns_roce_v2_msix_interrupt_eq(), hns_roce_ceq_work(), __hns_roce_request_irq() and __hns_roce_free_irq() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Input validation error
EUVDB-ID: #VU96206
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42281
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bpf_skb_net_grow() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Input validation error
EUVDB-ID: #VU95109
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41035
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the usb_parse_endpoint() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Buffer overflow
EUVDB-ID: #VU95054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Buffer overflow
EUVDB-ID: #VU95055
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42082
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __xdp_reg_mem_model() function in net/core/xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) NULL pointer dereference
EUVDB-ID: #VU92919
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47619
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_get_lump() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Memory leak
EUVDB-ID: #VU89955
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47295
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcindex_filter_result_init() and tcindex_partial_destroy_work() functions in net/sched/cls_tcindex.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Use-after-free
EUVDB-ID: #VU93021
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38630
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cpu5wdt_exit() function in drivers/watchdog/cpu5wdt.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) NULL pointer dereference
EUVDB-ID: #VU90532
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47559
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_link_down_work() and smc_vlan_by_tcpsk() functions in net/smc/smc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) NULL pointer dereference
EUVDB-ID: #VU94258
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39506
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Improper locking
EUVDB-ID: #VU94987
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42096
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the profile_pc() function in arch/x86/kernel/time.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Memory leak
EUVDB-ID: #VU89966
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47405
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hid_ctrl() and usbhid_stop() functions in drivers/hid/usbhid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Use-after-free
EUVDB-ID: #VU94942
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41070
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_spapr_tce_attach_iommu_group() function in arch/powerpc/kvm/book3s_64_vio.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Use-after-free
EUVDB-ID: #VU94223
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39494
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) NULL pointer dereference
EUVDB-ID: #VU93262
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47257
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ieee802154_llsec_parse_dev_addr() function in net/ieee802154/nl802154.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Use of uninitialized resource
EUVDB-ID: #VU95029
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42228
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) NULL pointer dereference
EUVDB-ID: #VU94963
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42101
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nouveau_connector_get_modes() function in drivers/gpu/drm/nouveau/nouveau_connector.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Improper locking
EUVDB-ID: #VU94988
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42090
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the create_pinctrl() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Resource management error
EUVDB-ID: #VU95072
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41068
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Incorrect calculation
EUVDB-ID: #VU95074
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42162
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the gve_get_drvinfo() and gve_get_ethtool_stats() functions in drivers/net/ethernet/google/gve/gve_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) NULL pointer dereference
EUVDB-ID: #VU94438
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48865
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_enable_bearer() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Use of uninitialized resource
EUVDB-ID: #VU95024
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42106
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_diag_dump_compat() and inet_diag_get_exact_compat() functions in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Out-of-bounds read
EUVDB-ID: #VU94952
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42148
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/broadcom/bnx2x/bnx2x.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Resource management error
EUVDB-ID: #VU95050
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42110
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ntb_netdev_rx_handler() function in drivers/net/ntb_netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Improper locking
EUVDB-ID: #VU93033
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38662
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the may_update_sockmap() and check_map_func_compatibility() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Use-after-free
EUVDB-ID: #VU95503
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Improper locking
EUVDB-ID: #VU94455
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48786
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vsock_stream_connect() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Resource management error
EUVDB-ID: #VU93596
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-4440
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the SYM_CODE_START() function in arch/x86/xen/xen-asm.S, within the native_patch() function in arch/x86/kernel/paravirt_patch.c, within the paravirt_patch_default() and native_steal_clock() functions in arch/x86/kernel/paravirt.c, within the main() function in arch/x86/kernel/asm-offsets_64.c, within the SYM_INNER_LABEL() and SYM_CODE_END() functions in arch/x86/entry/entry_64.S. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) NULL pointer dereference
EUVDB-ID: #VU94970
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41098
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_host_release() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Infinite loop
EUVDB-ID: #VU95515
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42246
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Information disclosure
EUVDB-ID: #VU91338
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47425
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the i2c_acpi_notify() function in drivers/i2c/i2c-core-acpi.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Off-by-one
EUVDB-ID: #VU91173
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47373
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the its_vpe_irq_domain_alloc() function in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Use-after-free
EUVDB-ID: #VU90056
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47549
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sata_fsl_init_controller() and sata_fsl_remove() functions in drivers/ata/sata_fsl.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Improper error handling
EUVDB-ID: #VU90936
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52708
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mmc_spi_probe() function in drivers/mmc/host/mmc_spi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Memory leak
EUVDB-ID: #VU94394
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48860
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xemaclite_of_probe() function in drivers/net/ethernet/xilinx/xilinx_emaclite.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Out-of-bounds read
EUVDB-ID: #VU94236
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40953
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the kvm_vcpu_on_spin() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Memory leak
EUVDB-ID: #VU96287
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43871
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Improper error handling
EUVDB-ID: #VU97547
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46784
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mana_destroy_txq(), mana_create_txq() and mana_destroy_rxq() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Integer overflow
EUVDB-ID: #VU85183
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-20696
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to integer overflow within the rar4 reader in Libarchive. A remote user can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Incorrect Regular Expression
EUVDB-ID: #VU96745
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-6232
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of .tar archives when processing it with regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Heap-based buffer overflow
EUVDB-ID: #VU89430
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-34459
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when parsing XML data. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Resource exhaustion
EUVDB-ID: #VU94711
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1975
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Resource management error
EUVDB-ID: #VU94710
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1737
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a very large number of RRs. Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Observable discrepancy
EUVDB-ID: #VU97424
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23984
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to observable discrepancy in Running Average Power Limit (RAPL) interface. A local privileged user can gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Command Injection
EUVDB-ID: #VU95571
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-6923
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient validation of newlines for email headers when
serializing an email message. A remote attacker can inject arbitrary headers into serialized email messages.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Resource exhaustion
EUVDB-ID: #VU96945
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-7592
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the 'http.cookies' standard library module when parsing cookies that contained backslashes for quoted characters in the cookie value. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Resource exhaustion
EUVDB-ID: #VU86383
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-4408
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing DNS messages. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU18791
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-12795
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to the daemon/gvfsdaemon.c opened a private D-Bus server socket without configuring an authorization rule. A local attacker can connect to this server socket and issue D-Bus method calls.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Incorrect provision of specified functionality
EUVDB-ID: #VU95157
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-4032
CWE-ID:
CWE-684 - Incorrect Provision of Specified Functionality
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists within the "ipaddress" module that contains incorrect information and private and public IP addresses for IPv4 and IPv6 protocols. This affects the is_private and is_global properties of the
ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and
ipaddress.IPv6Network classes. A remote attacker can bypass implemented security restrictions based on IP addresses or perform other actions, depending on the application's capabilities.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Resource exhaustion
EUVDB-ID: #VU86230
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-52425
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing large tokens. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Code Injection
EUVDB-ID: #VU95339
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-6345
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing URL in the package_index module of pypa/setuptools. A remote attacker can send a specially crafted request and execute arbitrary code on the target system via download functions.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) NULL pointer dereference
EUVDB-ID: #VU97528
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46739
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Improper isolation or compartmentalization
EUVDB-ID: #VU96240
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-49141
CWE-ID:
CWE-653 - Improper isolation or compartmentalization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an improper isolation in some Intel Processors stream cache mechanism. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) NULL pointer dereference
EUVDB-ID: #VU97529
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46737
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Memory leak
EUVDB-ID: #VU96711
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
150) Use-after-free
EUVDB-ID: #VU94422
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48790
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_async_event_work() function in drivers/nvme/host/core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Race condition
EUVDB-ID: #VU96546
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43892
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Use-after-free
EUVDB-ID: #VU96104
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_cpuset_show() function in kernel/cgroup/cpuset.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) NULL pointer dereference
EUVDB-ID: #VU96139
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42289
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla24xx_disable_vp() function in drivers/scsi/qla2xxx/qla_mid.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Buffer overflow
EUVDB-ID: #VU96177
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42288
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the qla2x00_number_of_exch() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) NULL pointer dereference
EUVDB-ID: #VU96140
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42287
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) NULL pointer dereference
EUVDB-ID: #VU96141
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42286
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla_nvme_register_remote() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Buffer overflow
EUVDB-ID: #VU95516
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42240
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYM_INNER_LABEL() function in arch/x86/entry/entry_64_compat.S. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Resource management error
EUVDB-ID: #VU95068
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42077
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_extend_trans() function in fs/ocfs2/journal.c, within the ocfs2_dio_end_io_write() function in fs/ocfs2/aops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Resource management error
EUVDB-ID: #VU95067
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41097
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) NULL pointer dereference
EUVDB-ID: #VU93028
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) NULL pointer dereference
EUVDB-ID: #VU96343
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_kill_endpoint_urbs() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Improper isolation or compartmentalization
EUVDB-ID: #VU96257
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42667
CWE-ID:
CWE-653 - Improper isolation or compartmentalization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper isolation in the Intel Core Ultra Processor stream cache mechanism. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Incorrect behavior order
EUVDB-ID: #VU96259
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-24853
CWE-ID:
CWE-696 - Incorrect Behavior Order
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an incorrect behavior order in SMI Transfer monitor (STM). A local user can escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Input validation error
EUVDB-ID: #VU96438
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48938
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cdc_ncm_rx_fixup() function in drivers/net/usb/cdc_ncm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Incorrect permission assignment for critical resource
EUVDB-ID: #VU46807
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-10401
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) State Issues
EUVDB-ID: #VU97423
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-24968
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to improper finite state machines (FSMs) in hardware logic. A local privileged user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Memory leak
EUVDB-ID: #VU93020
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38632
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vfio_intx_enable() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Input validation error
EUVDB-ID: #VU96548
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43912
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __nl80211_set_channel() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Use-after-free
EUVDB-ID: #VU94421
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pm8001_exec_internal_tmf_task() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Use-after-free
EUVDB-ID: #VU94423
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48789
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_tcp_error_recovery_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Untrusted search path
EUVDB-ID: #VU94791
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-6655
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a current working directory and execute arbitrary code with escalated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Use-after-free
EUVDB-ID: #VU91064
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47162
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) NULL pointer dereference
EUVDB-ID: #VU96001
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-7006
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in tif_dirinfo.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) OS Command Injection
EUVDB-ID: #VU81451
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-46316
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the tcptraceroute, tracepath, traceproto, and traceroute-nanog wrappers. A remote attacker can trick the victim into executing the traceroutecommand with specially crafted arguments and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Out-of-bounds read
EUVDB-ID: #VU95131
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-7264
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the ASN1 parser code in the GTime2str() function. A remote attacker can trigger an out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Double free
EUVDB-ID: #VU96669
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-7256
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the application.
The vulnerability exists due to a boundary error when configure for emote packet capture. A local user can trigger a double free error and crash the application.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Protection Mechanism Failure
EUVDB-ID: #VU96214
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-24980
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient implementation of security measures. A local privileged user can escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) NULL pointer dereference
EUVDB-ID: #VU96667
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-8006
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the pcap_findalldevs_ex() function in pcap.c. A local user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU59131
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-4235
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a local user to delete or modify arbitrary files on the system.
The vulnerability exists due to a race condition in shadow-utils when executing usermod/userdel operations. A local user with write access to the directory that is being moved or deleted by the usermod/userdel commands can modify or delete arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to corrupt arbitrary files on the system and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Out-of-bounds read
EUVDB-ID: #VU97633
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-5642
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API when NPN is used. A remote attacker can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Improper certificate validation
EUVDB-ID: #VU97150
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-8096
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to curl might fail to detect some OCSP problems when configured to use the Certificate Status Request TLS extension. A remote attacker can bypass OCSP stapling protection and perform a Man-in-the-Middle (MitM) attack.
Successful exploitation of the vulnerability requires that curl is build to use GnuTLS library.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Improper input validation
EUVDB-ID: #VU94555
Risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21147
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Improper input validation
EUVDB-ID: #VU94556
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21145
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the 2D component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Improper input validation
EUVDB-ID: #VU94558
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21144
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Concurrency component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Improper input validation
EUVDB-ID: #VU94557
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21140
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Improper input validation
EUVDB-ID: #VU94560
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21138
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) Improper input validation
EUVDB-ID: #VU94559
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21131
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Resource management error
EUVDB-ID: #VU96213
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-25939
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application. Mirrored regions with different values in 3rd Generation Intel Xeon
Scalable Processors may allow a local privileged user to crash the system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Out-of-bounds read
EUVDB-ID: #VU75995
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2176
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the compare_netdev_and_ip() function in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Resource management error
EUVDB-ID: #VU96444
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48931
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DECLARE_RWSEM(), configfs_register_subsystem() and configfs_unregister_subsystem() functions in fs/configfs/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Memory leak
EUVDB-ID: #VU94201
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39499
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) Input validation error
EUVDB-ID: #VU94135
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26830
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_check_vf_permission() and i40e_vc_del_mac_addr_msg() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Out-of-bounds read
EUVDB-ID: #VU91423
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52669
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ctr_paes_crypt() function in arch/s390/crypto/paes_s390.c, within the ctr_aes_crypt() function in arch/s390/crypto/aes_s390.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) Buffer overflow
EUVDB-ID: #VU93244
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26659
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the process_isoc_td() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) Memory leak
EUVDB-ID: #VU94085
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39490
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_input_core() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Use of uninitialized resource
EUVDB-ID: #VU92934
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47597
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_sk_diag_fill() function in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) Buffer overflow
EUVDB-ID: #VU87748
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52435
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the skb_segment() function. A local user can trigger memory corruption and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) Double free
EUVDB-ID: #VU93763
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47599
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the btrfs_unfreeze() function in fs/btrfs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Improper error handling
EUVDB-ID: #VU93453
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27025
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nbd_genl_status() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) NULL pointer dereference
EUVDB-ID: #VU91224
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip6_output() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) NULL pointer dereference
EUVDB-ID: #VU90396
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47542
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qlcnic_83xx_add_rings() function in drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Resource management error
EUVDB-ID: #VU93184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52743
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ice_module_init() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) Improper locking
EUVDB-ID: #VU94277
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39501
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) NULL pointer dereference
EUVDB-ID: #VU90392
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47501
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_dbg_dump_desc() function in drivers/net/ethernet/intel/i40e/i40e_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) Memory leak
EUVDB-ID: #VU89924
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47516
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfp_cpp_area_cache_add() function in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Resource management error
EUVDB-ID: #VU89055
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26924
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nft_pipapo_remove() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Out-of-bounds read
EUVDB-ID: #VU90325
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47191
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the resp_readcap16() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Out-of-bounds read
EUVDB-ID: #VU94233
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40901
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) Improper locking
EUVDB-ID: #VU92356
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47606
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netlink_sendmsg() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Use-after-free
EUVDB-ID: #VU94412
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48857
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfc_digital_free_device() function in drivers/nfc/port100.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) Memory leak
EUVDB-ID: #VU94207
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40942
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mesh_path_discard_frame() function in net/mac80211/mesh_pathtbl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) Improper locking
EUVDB-ID: #VU94282
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40912
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) Out-of-bounds read
EUVDB-ID: #VU94234
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40929
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) Race condition within a thread
EUVDB-ID: #VU91431
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27019
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Memory leak
EUVDB-ID: #VU94408
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48775
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmbus_add_channel_kobj() function in drivers/hv/vmbus_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) Improper initialization
EUVDB-ID: #VU92392
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47194
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper initialization error within the cfg80211_change_iface() function in net/wireless/util.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) Out-of-bounds read
EUVDB-ID: #VU90277
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47441
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the MLXSW_THERMAL_TEMP_SCORE_MAX GENMASK(), mlxsw_thermal_set_cur_state() and mlxsw_thermal_init() functions in drivers/net/ethernet/mellanox/mlxsw/core_thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) NULL pointer dereference
EUVDB-ID: #VU94246
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40959
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xfrm6_get_saddr() function in net/ipv6/xfrm6_policy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) Improper locking
EUVDB-ID: #VU92020
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35934
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_pnet_create_pnetids_list() function in net/smc/smc_pnet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
220) Out-of-bounds read
EUVDB-ID: #VU93889
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39487
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
221) Resource management error
EUVDB-ID: #VU94310
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39509
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the implement() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
222) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU96619
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31315
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper validation in a model specific register (MSR). A malicious application with ring0 access can modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
223) NULL pointer dereference
EUVDB-ID: #VU93057
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47197
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_debug_cq_remove() function in drivers/net/ethernet/mellanox/mlx5/core/debugfs.c, within the mlx5_core_destroy_cq() function in drivers/net/ethernet/mellanox/mlx5/core/cq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
224) Improper locking
EUVDB-ID: #VU96427
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48930
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the srp_remove_one() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
225) Improper error handling
EUVDB-ID: #VU92054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36939
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
226) Use-after-free
EUVDB-ID: #VU96414
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48925
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cma_bind_addr() function in drivers/infiniband/core/cma.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
227) Use-after-free
EUVDB-ID: #VU96413
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48919
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cifs_do_mount() function in fs/cifs/cifsfs.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
228) Memory leak
EUVDB-ID: #VU96404
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48905
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ibmvnic_reset() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
229) Use-after-free
EUVDB-ID: #VU96334
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_gpu_resource_create_ioctl() function in drivers/gpu/drm/virtio/virtgpu_ioctl.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
230) Memory leak
EUVDB-ID: #VU96321
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48896
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii() functions in drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
231) Memory leak
EUVDB-ID: #VU94403
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48822
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ffs_data_put(), ffs_data_new(), ffs_epfiles_destroy() and ffs_func_eps_disable() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
232) NULL pointer dereference
EUVDB-ID: #VU92914
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48751
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_stat_fallback(), smc_switch_to_fallback(), smc_listen_decline(), smc_listen_work(), smc_sendmsg(), smc_setsockopt() and smc_getsockopt() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
233) NULL pointer dereference
EUVDB-ID: #VU90489
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47289
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/acpi/acpi_bus.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
234) Input validation error
EUVDB-ID: #VU94325
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40990
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_ib_create_srq() function in drivers/infiniband/hw/mlx5/srq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
235) Improper locking
EUVDB-ID: #VU94278
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
236) Improper locking
EUVDB-ID: #VU94283
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40904
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wdm_int_callback() function in drivers/usb/class/cdc-wdm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
237) Improper error handling
EUVDB-ID: #VU94087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39488
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/include/asm/asm-bug.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
238) Race condition
EUVDB-ID: #VU91463
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36952
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
239) Improper locking
EUVDB-ID: #VU90734
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36924
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpfc_set_rrq_active() and lpfc_sli_post_recovery_event() functions in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c, within the lpfc_els_retry_delay() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
240) Out-of-bounds read
EUVDB-ID: #VU90324
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47219
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the resp_report_tgtpgs() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
241) Out-of-bounds read
EUVDB-ID: #VU90303
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35967
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sco_sock_setsockopt() function in net/bluetooth/sco.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
242) Out-of-bounds read
EUVDB-ID: #VU90306
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35966
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rfcomm_sock_setsockopt_old() and rfcomm_sock_setsockopt() functions in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
243) Use-after-free
EUVDB-ID: #VU90159
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35887
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
244) Buffer overflow
EUVDB-ID: #VU93805
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26920
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the register_snapshot_trigger() function in kernel/trace/trace_events_trigger.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
245) Use-after-free
EUVDB-ID: #VU94326
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52885
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the svc_tcp_listen_data_ready() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
246) Memory leak
EUVDB-ID: #VU94392
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48839
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpacket_rcv() and packet_recvmsg() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
247) Improper locking
EUVDB-ID: #VU94447
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48836
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aiptek_probe() function in drivers/input/tablet/aiptek.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
248) Out-of-bounds read
EUVDB-ID: #VU94432
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48805
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ax88179_rx_fixup() function in drivers/net/usb/ax88179_178a.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
249) Memory leak
EUVDB-ID: #VU94406
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48794
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at86rf230_async_error_recover_complete() and at86rf230_async_error_recover() functions in drivers/net/ieee802154/at86rf230.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
250) Out-of-bounds write
EUVDB-ID: #VU67811
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2964
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
251) Out-of-bounds read
EUVDB-ID: #VU67473
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20368
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the packet_recvmsg() function in Linux kernel. A local user can trigger an out-of-bounds read error and potentially escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
252) Memory leak
EUVDB-ID: #VU89935
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47438
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5_core_destroy_cq() function in drivers/net/ethernet/mellanox/mlx5/core/cq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
253) NULL pointer dereference
EUVDB-ID: #VU90502
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47399
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ixgbe_xdp_setup() function in drivers/net/ethernet/intel/ixgbe/ixgbe_main.c, within the ixgbe_max_channels() function in drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
254) Resource management error
EUVDB-ID: #VU95064
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42158
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
255) Use-after-free
EUVDB-ID: #VU96335
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52907
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pn533_usb_send_ack(), pn533_usb_send_frame(), pn533_acr122_poweron_rdr() and pn533_usb_probe() functions in drivers/nfc/pn533/usb.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
256) Resource exhaustion
EUVDB-ID: #VU86378
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-50868
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing DNSSEC related records. A remote attacker can trigger resource exhaustion by forcing the DNS server to query a specially crafted DNSSEC zone and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
257) Resource exhaustion
EUVDB-ID: #VU77953
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-1206
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
258) Use-after-free
EUVDB-ID: #VU80583
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4622
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the unix_stream_sendpage() function in af_unix component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
259) Use-after-free
EUVDB-ID: #VU80586
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4208
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the cls_u32 component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
260) Use-after-free
EUVDB-ID: #VU80587
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4207
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the cls_fw component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
261) Use-after-free
EUVDB-ID: #VU80580
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4206
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the cls_route component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
262) Out-of-bounds read
EUVDB-ID: #VU81919
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-39194
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the XFRM subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
263) Use-after-free
EUVDB-ID: #VU79714
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-40283
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
264) Use-after-free
EUVDB-ID: #VU79285
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3776
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel's net/sched: cls_fw component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
265) Buffer overflow
EUVDB-ID: #VU79260
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2023-34319
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in netback when processing certain packets. A malicious guest can send specially crafted packets to the backend, trigger memory corruption and crash the hypervisor.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
266) Out-of-bounds write
EUVDB-ID: #VU78943
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3611
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the qfq_change_agg() function in net/sched/sch_qfq.c within the Linux kernel net/sched: sch_qfq component. A local user trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
267) Use-after-free
EUVDB-ID: #VU78941
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3609
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: cls_u32 component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
268) Out-of-bounds write
EUVDB-ID: #VU78326
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-35001
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_byteorder() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
269) Use-after-free
EUVDB-ID: #VU78007
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3390
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within net/netfilter/nf_tables_api.c in the Linux kernel netfilter subsystem. A local user can trigger a use-after-fee error and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
270) NULL pointer dereference
EUVDB-ID: #VU78009
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3212
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the gfs2 file system in the Linux kernel. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
271) Out-of-bounds write
EUVDB-ID: #VU84354
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-45863
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the fill_kobj_path() function in lib/kobject.c. A local user can can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
272) Out-of-bounds write
EUVDB-ID: #VU81663
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42753
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
273) Type Confusion
EUVDB-ID: #VU72699
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1077
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error within the pick_next_rt_entity() function pick_next_rt_entity(). A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
274) Use-after-free
EUVDB-ID: #VU72098
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-0590
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the qdisc_graft() function in net/sched/sch_api.c. A local user can trigger a use-after-free error and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
275) NULL pointer dereference
EUVDB-ID: #VU62483
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-44879
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the gc_data_segment() function in fs/f2fs/gc.c. A local user can mount a specially crafted f2fs image, trigger a NULL pointer dereference and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
276) Integer overflow
EUVDB-ID: #VU81434
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-43787
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the XCreateImage() function. A local user can trigger integer overflow and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
277) Infinite loop
EUVDB-ID: #VU81433
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-43786
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the PutSubImage() function. A local user can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
278) Out-of-bounds read
EUVDB-ID: #VU81432
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-43785
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the _XkbReadKeySyms() function. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
279) Access of Uninitialized Pointer
EUVDB-ID: #VU79586
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-36054
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c does not validate the relationship between n_key_data and the key_data array count and frees an uninitialized pointer. A remote user can send a specially crafted request to the application and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
280) Cross-site scripting
EUVDB-ID: #VU85368
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-22195
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the xmlattr filter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
281) Memory leak
EUVDB-ID: #VU67943
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2929
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the fqdn_universe_decode() function when processing DHCP packets with DNS labels. A remote attacker can send specially crafted DHCP packets to the affected server, trigger memory leak and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
282) Input validation error
EUVDB-ID: #VU67944
Risk: Low
CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2928
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error related to the way processing lease queries are processed by the DHCP server. With a DHCP server configured with "allow leasequery;" a remote attacker can send lease queries for the same lease multiple times, leading to the "add_option()" function being repeatedly called. This can cause an option's "refcount" field to overflow and the server to abort.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
283) Out-of-bounds read
EUVDB-ID: #VU81628
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4693
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the NTFS driver in grub-core/fs/ntfs.c when reading data from the resident $DATA attribute. A attacker with physical access to the system use a specially crafted NTFS file system image to read arbitrary memory locations, such as data cached in memory or EFI variables values.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
284) Out-of-bounds write
EUVDB-ID: #VU81627
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4692
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass secure boot protection.
The vulnerability exists due to a boundary error in NTFS driver implementation in grub-core/fs/ntfs.c when parsing the $ATTRIBUTE_LIST attribute for the $MFT file. A local user can pass a specially crafted image to the application, trigger an out-of-bounds write and bypass secure boot protection.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
285) Buffer overflow
EUVDB-ID: #VU61295
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-23219
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the clnt_create() function in the sunrpc module. A remote attacker can pass specially crafted input to the application that is using the affected library version, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
286) Buffer overflow
EUVDB-ID: #VU61294
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-23218
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the svcunix_create() in the sunrpc module ib glibc. A remote attacker can pass specially crafted input to the application that is using the affected library version, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
287) NULL pointer dereference
EUVDB-ID: #VU80578
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
288) Out-of-bounds read
EUVDB-ID: #VU82659
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-39189
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the nfnl_osf_add_callback() function in Linux kernel Netfilter. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
289) Integer overflow
EUVDB-ID: #VU55972
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-35942
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information or perform a DoS attack.
The vulnerability exists due to integer overflow in parse_param in posix/wordexp.c in the GNU C Library when called with an untrusted pattern. A remote attacker can pass specially crafted data to the application, trigger integer overflow and read arbitrary memory on the system of perform a denial of service (DoS) attack.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
290) Use-after-free
EUVDB-ID: #VU90209
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26801
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_error_reset() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
291) SQL injection
EUVDB-ID: #VU63519
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27384
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Item_subselect::init_expr_cache_tracker() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
292) Use-after-free
EUVDB-ID: #VU63517
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27383
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the my_strcasecmp_8bit component. A remote user can pass specially crafted SQL statements and cause a denial of service.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
293) SQL injection
EUVDB-ID: #VU63515
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27381
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Field::set_default() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
294) SQL injection
EUVDB-ID: #VU63514
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27380
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the my_decimal::operator=() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
295) SQL injection
EUVDB-ID: #VU63512
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27379
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Arg_comparator::compare_real() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
296) SQL injection
EUVDB-ID: #VU63510
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27378
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Create_tmp_table::finalize() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
297) Use-after-free
EUVDB-ID: #VU63508
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27377
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the Item_func_in::cleanup() function. A remote user can pass specially crafted SQL statements and cause a denial of service.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
298) Use-after-free
EUVDB-ID: #VU63507
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27376
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the Item_args::walk_arg() function. A remote user can pass specially crafted SQL statements and cause a denial of service.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
299) Improper input validation
EUVDB-ID: #VU62418
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21427
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
300) Use-after-free
EUVDB-ID: #VU63827
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-46669
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the convert_const_to_int() function when processing BIGINT data type. A remote attacker can trigger use-after-free error and perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
301) Improper input validation
EUVDB-ID: #VU82154
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-22084
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
302) Race condition
EUVDB-ID: #VU93375
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36905
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
303) Use-after-free
EUVDB-ID: #VU90049
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-36886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
304) Buffer overflow
EUVDB-ID: #VU83381
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-45871
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c when handling frames larger than the MTU. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
305) Out-of-bounds read
EUVDB-ID: #VU81921
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-39192
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition within the the u32_match_it() function in Netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
306) Use-after-free
EUVDB-ID: #VU75452
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1989
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a use-after-free error within the btsdio_remove() function in driversluetoothtsdio.c. A local user can trigger a
use-after-free error and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
307) Out-of-bounds read
EUVDB-ID: #VU85442
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6606
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition within the smbCalcSize() function in fs/smb/client/netmisc.c file. A local user can trigger an out-of-bounds read error and gain access to sensitive information or crash the kernel.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
308) Race condition
EUVDB-ID: #VU85029
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-51782
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the Amateur Radio X.25 PLP (Rose) support. A local user can exploit the race and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
309) Race condition
EUVDB-ID: #VU85025
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-51781
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the Appletalk subsystem in Linux kernel. A local user can exploit the race and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
310) Race condition
EUVDB-ID: #VU85024
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-51780
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the ATM (Asynchronous Transfer Mode) subsystem in Linux kernel. A local user can exploit the race and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
311) Out-of-bounds write
EUVDB-ID: #VU85021
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6931
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's Performance Events system component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
312) Use-after-free
EUVDB-ID: #VU84585
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6932
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
The vulnerability exists due to a use-after-free error within the ipv4 igmp component in Linux kernel. A local authenticated user can trigger a use-after-free error and execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
313) Out-of-bounds write
EUVDB-ID: #VU83311
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-5717
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's Linux Kernel Performance Events (perf) component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
314) Deadlock
EUVDB-ID: #VU81900
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-34324
CWE-ID:
CWE-833 - Deadlock
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper event handling in Linux kernel. A malicious guest can disable paravirtualized device to cause a deadlock in a backend domain (other than dom0).
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
315) NULL pointer dereference
EUVDB-ID: #VU81452
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42754
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
316) Improper access control
EUVDB-ID: #VU79371
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25775
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in the Intel Ethernet Controller RDMA driver for Linux. A remote non-authenticated attacker can bypass implemented security restrictions and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
317) Use-after-free
EUVDB-ID: #VU81693
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4921
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the qfq_dequeue() function within the the Linux kernel's net/sched: sch_qfq component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
318) Use-after-free
EUVDB-ID: #VU81664
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4623
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: sch_hfsc (HFSC qdisc traffic control) component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
319) Out-of-bounds read
EUVDB-ID: #VU81920
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-39193
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sctp_mt_check() function in Netfilter subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
320) Off-by-one
EUVDB-ID: #VU61293
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3999
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to an off-by-one error glibc getcwd() function. A remote attacker can pass specially crafted input to the application that is using the affected library version, trigger an off-by-one error and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
321) Use-after-free
EUVDB-ID: #VU54560
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-33574
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the mq_notify() function in the GNU C Library. A remote attacker can force the library to use the notification thread attributes object (passed through its struct
sigevent parameter) after it has been freed by the caller, leading to a
denial of service or possibly remote code execution.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
322) Buffer overflow
EUVDB-ID: #VU63521
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27387
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to buffer overflow error in the decimal_bin_size component. A remote user can send specially crafted SQL statements to the affected application, trigger buffer overflow error and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
323) Input validation error
EUVDB-ID: #VU92371
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38618
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
324) Memory leak
EUVDB-ID: #VU89973
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35978
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hci_req_sync_complete() function in net/bluetooth/hci_request.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
325) Buffer overflow
EUVDB-ID: #VU93668
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52619
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
326) NULL pointer dereference
EUVDB-ID: #VU90627
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26615
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __smc_diag_dump() function in net/smc/smc_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
327) Input validation error
EUVDB-ID: #VU94117
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-38558
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
328) NULL pointer dereference
EUVDB-ID: #VU92073
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26663
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_nl_bearer_add() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
329) Resource management error
EUVDB-ID: #VU93281
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36004
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
330) NULL pointer dereference
EUVDB-ID: #VU91222
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
331) Race condition within a thread
EUVDB-ID: #VU91432
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27020
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
332) Memory leak
EUVDB-ID: #VU93609
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35893
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
333) Out-of-bounds read
EUVDB-ID: #VU92327
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38560
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
334) Use-after-free
EUVDB-ID: #VU90215
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
335) Improper locking
EUVDB-ID: #VU92046
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52623
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
336) Use of uninitialized resource
EUVDB-ID: #VU90874
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35915
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_rx_work() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
337) Out-of-bounds read
EUVDB-ID: #VU91096
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
338) Buffer overflow
EUVDB-ID: #VU91314
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52612
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scomp_acomp_comp_decomp() function in crypto/scompress.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
339) Improper locking
EUVDB-ID: #VU93036
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36286
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
340) Race condition within a thread
EUVDB-ID: #VU92380
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38596
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
341) Use-after-free
EUVDB-ID: #VU82306
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4244
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Linux kernel netfilter: nf_tables component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
342) Out-of-bounds read
EUVDB-ID: #VU82305
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42755
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the the IPv4 Resource Reservation Protocol (RSVP) classifier function in the Linux kernel. A local user can trigger an out-of-bounds read error and crash the Linux kernel.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
343) OS Command Injection
EUVDB-ID: #VU88533
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-32487
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when handling newline characters in the filename in filename.c. A remote attacker can trick the victim to pass a specially crafted filename to the affected command and execute arbitrary OS commands on the system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
344) OS Command Injection
EUVDB-ID: #VU86885
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-48624
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the close_altfile() function in filename.c. A remote attacker can trick the victim into using a specially crafted argument for the less command and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
345) Out-of-bounds write
EUVDB-ID: #VU27882
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2020-12762
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the "printbuf_memappend". A remote attacker can create a specially crafted JSON file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
346) Buffer overflow
EUVDB-ID: #VU88822
Risk: High
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-2961
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the iconv() function when converting string to the ISO-2022-CN-EXT character set. A remote attacker can pass specially crafted input to the application, trigger a 4 byte buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
347) Buffer overflow
EUVDB-ID: #VU89709
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-33602
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to netgroup cache assumes NSS callback is using in-buffer strings in nscd binary. A remote attacker can trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
348) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU89710
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33601
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The
vulnerability exists due to the Name Service Cache Daemon (nscd) can terminate the service during its startup. A local use can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
349) NULL pointer dereference
EUVDB-ID: #VU89711
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-33600
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when nscd cache fails to add a not-found netgroup response to the cache. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
350) Stack-based buffer overflow
EUVDB-ID: #VU89712
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-33599
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in nscd binary. A remote unauthenticated attacker can exhaust the nscd fixed size cache to trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
351) Insufficient verification of data authenticity
EUVDB-ID: #VU89351
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-34397
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing authorization for D-Bus signals. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
352) UNIX symbolic link following
EUVDB-ID: #VU92075
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-35235
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue. A local user can create a specially crafted symbolic link to a critical file on the system and make it world-writable.
Successful exploitation of this vulnerability may result in privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
353) Improper locking
EUVDB-ID: #VU90798
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52615
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rng_get_data() and rng_dev_read() functions in drivers/char/hw_random/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
354) Improper locking
EUVDB-ID: #VU90755
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35806
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qm_congestion_task() and qman_create_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
355) Reachable Assertion
EUVDB-ID: #VU50075
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-3326
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the iconv function in the GNU C Library (aka glibc or libc6) when processing invalid input sequences in the ISO-2022-JP-3 encoding. A remote attacker can pass specially crafted data to the application, trigger an assertion failure and crash the affected application.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
356) Stack-based buffer overflow
EUVDB-ID: #VU81253
Risk: Critical
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red]
CVE-ID: CVE-2023-42116
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling NTLM challenge requests. A remote unauthenticated attacker can send specially crafted data to the server, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
357) Double Free
EUVDB-ID: #VU54559
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-27645
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the nameserver caching daemon (nscd) in the GNU C Library when processing a request for netgroup lookup. A local user can initiate a specially crafted request, trigger a double free error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
358) Integer overflow
EUVDB-ID: #VU28193
Risk: Medium
CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2020-6096
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
359) Infinite loop
EUVDB-ID: #VU50404
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-27618
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within iconv implementation when processing multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings. A remote attacker can pass specially crafted data to the application, consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
360) Use-after-free
EUVDB-ID: #VU26628
Risk: High
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-1752
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the glob() function in glibc in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username are affected by this issue. A local user can create a specially crafted path that, when processed by the glob() function, would potentially lead to arbitrary code execution.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
361) Stack-based buffer overflow
EUVDB-ID: #VU26388
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-10029
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within "sysdeps/ieee754/ldbl-96/e_rem_pio2l.c" in GNU C Library (aka glibc or libc6). An attacker can pas specially crafted input to the application and trigger a stack-based buffer overflow.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system or denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
362) Out-of-bounds read
EUVDB-ID: #VU50329
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-25013
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in GNU C Library within the iconv feature when processing multi-byte input sequences in the EUC-KR encoding. A remote attacker can pass specially crafted input to the application, trigger out-of-bounds read error and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
363) Information disclosure
EUVDB-ID: #VU30596
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-19126
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
364) Input validation error
EUVDB-ID: #VU54337
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10228
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
365) Resource exhaustion
EUVDB-ID: #VU77349
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32665
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
366) Resource exhaustion
EUVDB-ID: #VU77350
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32611
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the g_variant_byteswap() function. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
367) Input validation error
EUVDB-ID: #VU77351
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-29499
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
368) Information disclosure
EUVDB-ID: #VU65849
Risk: Medium
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-3800
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can trick the victim into opening a specially crafted file to gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
369) Information disclosure
EUVDB-ID: #VU75664
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-30861
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to missing Vary: Cookie header. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
370) Out-of-bounds read
EUVDB-ID: #VU81251
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42114
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling NTLM challenge requests. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
371) Improper locking
EUVDB-ID: #VU91448
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35819
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
372) Use-after-free
EUVDB-ID: #VU67971
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
373) Out-of-bounds read
EUVDB-ID: #VU67970
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42011
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error caused by an invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element. A local user can trigger an out-of-bounds read and gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
374) Reachable Assertion
EUVDB-ID: #VU67969
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42010
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in debug builds caused by a syntactically invalid type signature with incorrectly nested parentheses and curly brackets. A local user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
375) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU78490
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-34969
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in the dbus-daemon when sending a reply message from the "bus driver". If a local privileged user (e.g. root) is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, another unprivileged user with the ability to connect to the same dbus-daemon can force the service to send an unreplyable message and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
376) Path traversal
EUVDB-ID: #VU85896
Risk: High
CVSSv4.0: 5.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-7207
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to input validation error when processing filenames inside cpio archives. A remote attacker can trick the victim to open a specially crafted cpio archive and overwrite arbitrary files on the system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
377) Integer overflow
EUVDB-ID: #VU55853
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2021-38185
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the "ds_fgetstr" parameter in "dstring.c". A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
378) Input validation error
EUVDB-ID: #VU22598
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-14866
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to GNU cpio does not properly validate files when writing tar headers during tar archive creation. A local user can trick the victim into creating a tar archive out of a directory with specially crafted files. As a result the generated archive may contain files that the attacker does not have access to.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
379) Integer overflow
EUVDB-ID: #VU69337
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-42898
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to an integer overflow within the S4U2Proxy handler on 32-bit systems. A remote user can send specially crafted request to the KDC server, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
380) Covert timing channel
EUVDB-ID: #VU85267
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-5388
CWE-ID:
CWE-385 - Covert Timing Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to insufficient fix for #VU84108 (CVE-2023-4421). A remote attacker can perform Marvin attack and gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
381) Memory leak
EUVDB-ID: #VU90431
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36954
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
382) Use-after-free
EUVDB-ID: #VU90194
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
383) Use of uninitialized resource
EUVDB-ID: #VU93042
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38381
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_core_ntf_packet() and nci_rx_work() functions in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
384) Improper locking
EUVDB-ID: #VU92010
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36919
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
385) Infinite loop
EUVDB-ID: #VU93062
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36288
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the gss_read_proxy_verf() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
386) Buffer overflow
EUVDB-ID: #VU63520
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27386
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/sql_class.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
387) Buffer overflow
EUVDB-ID: #VU63525
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27445
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/sql_window.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
388) Improper error handling
EUVDB-ID: #VU96364
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48875
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the drv_ampdu_action() function in net/mac80211/driver-ops.c, within the ieee80211_tx_ba_session_handle_start() function in net/mac80211/agg-tx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
389) Division by zero
EUVDB-ID: #VU97276
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46676
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
390) Out-of-bounds read
EUVDB-ID: #VU97503
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
391) Use-after-free
EUVDB-ID: #VU97491
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46738
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
392) Out-of-bounds read
EUVDB-ID: #VU97512
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46731
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
393) Out-of-bounds read
EUVDB-ID: #VU97509
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46723
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
394) Out-of-bounds read
EUVDB-ID: #VU97508
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46722
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
395) NULL pointer dereference
EUVDB-ID: #VU97532
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46721
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __aafs_profile_mkdir() function in security/apparmor/apparmorfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
396) NULL pointer dereference
EUVDB-ID: #VU97531
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46715
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL(), iio_channel_read() and iio_channel_read_avail() functions in drivers/iio/inkern.c, within the iio_ev_state_store(), iio_ev_state_show() and iio_ev_value_show() functions in drivers/iio/industrialio-event.c, within the iio_read_channel_info() and iio_read_channel_info_avail() functions in drivers/iio/industrialio-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
397) NULL pointer dereference
EUVDB-ID: #VU97256
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46707
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the access_gic_sgi() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
398) Improper locking
EUVDB-ID: #VU97264
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46702
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tb_switch_remove() function in drivers/thunderbolt/switch.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
399) NULL pointer dereference
EUVDB-ID: #VU97260
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46686
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_new_read_req() function in fs/smb/client/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
400) NULL pointer dereference
EUVDB-ID: #VU97259
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46685
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcs_get_function() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
401) Input validation error
EUVDB-ID: #VU97269
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46679
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
402) NULL pointer dereference
EUVDB-ID: #VU97257
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46677
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
403) Buffer overflow
EUVDB-ID: #VU97287
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46675
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
404) Use-after-free
EUVDB-ID: #VU97493
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46745
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
405) Use-after-free
EUVDB-ID: #VU97251
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46673
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
406) Buffer overflow
EUVDB-ID: #VU96883
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45008
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the input_mt_init_slots() function in drivers/input/input-mt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
407) Use of uninitialized resource
EUVDB-ID: #VU96870
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44999
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
408) Use-after-free
EUVDB-ID: #VU96842
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44998
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
409) Use-after-free
EUVDB-ID: #VU96839
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44987
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_send_skb() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
410) Memory leak
EUVDB-ID: #VU96828
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44982
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dpu_plane_prepare_fb() function in drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
411) Buffer overflow
EUVDB-ID: #VU96885
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44969
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
412) Improper locking
EUVDB-ID: #VU96859
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44954
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
413) Improper locking
EUVDB-ID: #VU96857
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44952
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the make_driver_name() and module_remove_driver() functions in drivers/base/module.c, within the dev_uevent() and uevent_show() functions in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
414) Resource management error
EUVDB-ID: #VU96875
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44950
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sc16is7xx_set_baud() function in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
415) Input validation error
EUVDB-ID: #VU96889
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mtrr_save_state() function in arch/x86/kernel/cpu/mtrr/mtrr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
416) Use-after-free
EUVDB-ID: #VU96658
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44946
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
417) Input validation error
EUVDB-ID: #VU96542
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43914
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
418) NULL pointer dereference
EUVDB-ID: #VU96533
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43898
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_da_do_write_end() function in fs/ext4/inode.c, within the __block_commit_write() function in fs/buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
419) Input validation error
EUVDB-ID: #VU97540
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46744
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
420) Improper locking
EUVDB-ID: #VU97539
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46750
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
421) NULL pointer dereference
EUVDB-ID: #VU96538
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43884
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pair_device() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
422) Improper locking
EUVDB-ID: #VU96297
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43863
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vmw_fence_obj_destroy(), vmw_fence_obj_init() and vmw_fence_goal_new_locked() functions in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
423) Input validation error
EUVDB-ID: #VU95092
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42155
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
424) NULL pointer dereference
EUVDB-ID: #VU96349
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52893
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gsmi_get_variable() function in drivers/firmware/google/gsmi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
425) Memory leak
EUVDB-ID: #VU96407
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48910
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the addrconf_ifdown() and addrconf_del_rs_timer() functions in net/ipv6/addrconf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
426) NULL pointer dereference
EUVDB-ID: #VU96293
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43866
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_sf_dev_shutdown() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_try_fast_unload() and shutdown() functions in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
427) Improper locking
EUVDB-ID: #VU96295
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43882
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
428) Improper locking
EUVDB-ID: #VU91529
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26812
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_intx_handler() and vfio_pci_set_intx_trigger() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
429) Improper locking
EUVDB-ID: #VU96437
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48920
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_cleanup_pending_block_groups() function in fs/btrfs/transaction.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
430) NULL pointer dereference
EUVDB-ID: #VU96530
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dm_suspend(), create_eml_sink() and amdgpu_dm_connector_get_modes() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
431) Use-after-free
EUVDB-ID: #VU96515
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43900
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the load_firmware_cb() function in drivers/media/tuners/xc2028.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
432) Improper locking
EUVDB-ID: #VU96540
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43893
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
433) NULL pointer dereference
EUVDB-ID: #VU96528
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vega10_find_dpm_states_clocks_in_dpm_table(), vega10_generate_dpm_level_enable_mask(), vega10_check_states_equal(), vega10_set_sclk_od(), vega10_set_mclk_od(), vega10_odn_update_power_state() and vega10_get_performance_level() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
434) NULL pointer dereference
EUVDB-ID: #VU96526
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43907
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vega10_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c, within the smu8_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c, within the smu7_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
435) Double free
EUVDB-ID: #VU95008
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41087
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
436) Memory leak
EUVDB-ID: #VU96290
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43861
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
437) Improper error handling
EUVDB-ID: #VU97544
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46753
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the walk_up_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
438) Buffer overflow
EUVDB-ID: #VU96008
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42259
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the i915_error_to_vmf_fault() and vm_fault_gtt() functions in drivers/gpu/drm/i915/gem/i915_gem_mman.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
439) NULL pointer dereference
EUVDB-ID: #VU94977
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41062
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the l2cap_sock_kill(), l2cap_sock_new_connection_cb() and l2cap_sock_recv_cb() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
440) Input validation error
EUVDB-ID: #VU96493
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43883
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
441) NULL pointer dereference
EUVDB-ID: #VU90507
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35933
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btintel_read_version() function in drivers/bluetooth/btintel.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
442) Input validation error
EUVDB-ID: #VU93797
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35965
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the l2cap_sock_setsockopt_old() and l2cap_sock_setsockopt() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
443) Out-of-bounds read
EUVDB-ID: #VU97791
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46859
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DEVICE_ATTR_RW(), acpi_pcc_hotkey_resume() and acpi_pcc_hotkey_add() functions in drivers/platform/x86/panasonic-laptop.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
444) Memory leak
EUVDB-ID: #VU97776
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
445) Use-after-free
EUVDB-ID: #VU97782
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
446) NULL pointer dereference
EUVDB-ID: #VU97798
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46822
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
447) Improper locking
EUVDB-ID: #VU97536
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46787
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
448) Improper error handling
EUVDB-ID: #VU97546
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46783
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sk_stream_error() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
449) NULL pointer dereference
EUVDB-ID: #VU97520
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46770
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_prepare_for_reset(), ice_update_pf_netdev_link() and ice_rebuild() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
450) NULL pointer dereference
EUVDB-ID: #VU97513
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46761
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
451) Integer underflow
EUVDB-ID: #VU97554
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46759
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
452) Buffer overflow
EUVDB-ID: #VU96544
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43890
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
453) Buffer overflow
EUVDB-ID: #VU96184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42306
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udf_sb_free_bitmap() function in fs/udf/super.c, within the read_block_bitmap() and __load_block_bitmap() functions in fs/udf/balloc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
454) Use-after-free
EUVDB-ID: #VU63529
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27447
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to use-after-free error via the Binary_string::free_buffer() function in the /sql/sql_string.h component. A remote user can send specially crafted data and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
455) Improper access control
EUVDB-ID: #VU82560
Risk: Low
CVSSv4.0: 4.8 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-34059
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the vmware-user-suid-wrapper. A local attacker can hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
456) NULL pointer dereference
EUVDB-ID: #VU70878
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2022-44792
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the handle_ipDefaultTTL() function in agent/mibgroup/ip-mib/ip_scalars.c. A remote non-authenticated attacker can send specially crafted UDP to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
457) Information disclosure
EUVDB-ID: #VU77164
Risk: Medium
CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-32681
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
458) Resource exhaustion
EUVDB-ID: #VU72339
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25577
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing multipart form data with many fields. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
459) Input validation error
EUVDB-ID: #VU72340
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-23934
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of "nameless" cookies. A remote attacker can manipulate cookie values for an arbitrary domain.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
460) Information disclosure
EUVDB-ID: #VU82979
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-25091
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to urllib3 does not remove the authorization HTTP header when following a cross-origin redirect. A remote attacker can gain access to sensitive information.
Note, the vulnerability exists due to incomplete fix for #VU26413 (CVE-2018-20060).
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
461) Information disclosure
EUVDB-ID: #VU81322
Risk: Low
CVSSv4.0: 2.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-43804
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to urllib does not strip the "Cookie" HTTP header during cross-origin HTTP redirects. A remote attacker can gain unauthorized access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
462) CRLF injection
EUVDB-ID: #VU47403
Risk: Medium
CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-26137
CWE-ID:
CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to inject arbitrary data in server response.
The vulnerability exists due to insufficient validation of attacker-supplied data passed via the "method" parameter. A remote authenticated attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
463) Improper Certificate Validation
EUVDB-ID: #VU21780
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2019-11324
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: Yes
DescriptionInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
464) CRLF injection
EUVDB-ID: #VU26412
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2019-11236
CWE-ID:
CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient filtration of user-supplied data passed via HTTP request parameters to urllib3 library. A remote attacker can pass specially crafted data that contains CRLF sequences and perform a spoofing attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
465) Resource exhaustion
EUVDB-ID: #VU29544
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-14422
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application improperly computes hash values in the IPv4Interface and IPv6Interface classes within the Lib/ipaddress.py in Python. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
466) Resource exhaustion
EUVDB-ID: #VU88828
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-3651
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the idna.encode() function. A remote attacker can pass an overly long domain name to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
467) Error Handling
EUVDB-ID: #VU72036
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-23931
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows an attacker to misuse Python API.
The vulnerability exists due to a soundness bug within the Cipher.update_into function, which can allow immutable objects (such as bytes) to be mutated. A malicious programmer can misuse Python API to introduce unexpected behavior into the application.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
468) Cryptographic issues
EUVDB-ID: #VU80188
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-20900
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper verification of SAML token signature. A remote attacker can bypass SAML token signature verification and perform man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
469) Improper Authorization
EUVDB-ID: #VU82520
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-34058
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error when handling SAML token signature. A remote attacker that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
470) Out-of-bounds write
EUVDB-ID: #VU65671
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-24805
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when handling INDEX of NET-SNMP-VACM-MIB. A remote attacker can trick the victim into loading a specially crafted MIB collection, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
471) Out-of-bounds write
EUVDB-ID: #VU82358
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-19189
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the postprocess_terminfo() function in tinfo/parse_entry. A local user can run a specially crafted command to trigger an out-of-bounds write and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
472) Buffer overflow
EUVDB-ID: #VU75141
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-29491
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malformed data in a terminfo database file. A local user can trigger memory corruption and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
473) Out-of-bounds write
EUVDB-ID: #VU57577
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-39537
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
474) UNIX symbolic link following
EUVDB-ID: #VU93285
Risk: Low
CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-5742
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
475) Buffer overflow
EUVDB-ID: #VU65821
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-32091
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. A local user can create a specially crafted file and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
476) Buffer overflow
EUVDB-ID: #VU65896
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-32088
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack
The vulnerability exists due to a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. A local user can send a specially crafted data to perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
477) Buffer overflow
EUVDB-ID: #VU65757
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-32087
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a segmentation fault via the component Item_args::walk_args. A local user can send a specially crafted file, trigger memory corruption and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
478) Buffer overflow
EUVDB-ID: #VU65764
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-32085
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. A local user can send a specially crafted file, trigger memory corruption and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
479) Buffer overflow
EUVDB-ID: #VU66024
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-32084
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a segmentation fault via the component sub_select. A local user can send a specially crafted file and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
480) Buffer overflow
EUVDB-ID: #VU65910
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-32083
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a segmentation fault via the component Item_subselect::init_expr_cache_tracker. A local user can send a specially crafted data to perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
481) Use-after-free
EUVDB-ID: #VU63540
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27456
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the VDec::VDec() function at /sql/sql_type.cc. A remote user can pass specially crafted data and cause a denial of service.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
482) Buffer overflow
EUVDB-ID: #VU63536
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27452
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/item_cmpfunc.cc component. A remote user can send specially crafted data and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
483) Buffer overflow
EUVDB-ID: #VU63532
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27449
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to segmentation fault via the sql/item_func.cc:148 component. A remote user can send specially crafted data and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
484) Buffer overflow
EUVDB-ID: #VU63531
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27448
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a buffer overflow in the BTR_PCUR_ON() function in the /row/row0mysql.cc component. A remote user can send a specially crafted data and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
485) NULL pointer dereference
EUVDB-ID: #VU70879
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2022-44793
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the handle_ipv6IpForwarding() function in agent/mibgroup/ip-mib/ip_scalars.c. A remote attacker can send specially crafted UDP packets to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
486) Input validation error
EUVDB-ID: #VU65673
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-24806
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when SETing malformed OIDs in master agent and subagent simultaneously. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
487) Resource management error
EUVDB-ID: #VU96182
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42305
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
488) Input validation error
EUVDB-ID: #VU93077
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-38428
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper input validation of URL when parsing strings with semicolons within the scheme_leading_string() function in url.c. A remote attacker can pass a specially crafted URL to the application and influence its behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
489) Input validation error
EUVDB-ID: #VU96203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
490) Input validation error
EUVDB-ID: #VU95093
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
491) Resource management error
EUVDB-ID: #VU95073
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41082
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nvmf_reg_read32(), nvmf_reg_read64() and nvmf_reg_write32() functions in drivers/nvme/host/fabrics.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
492) Memory leak
EUVDB-ID: #VU94930
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41079
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_execute_admin_connect() and nvmet_execute_io_connect() functions in drivers/nvme/target/fabrics-cmd.c, within the pr_debug() and nvmet_execute_auth_receive() functions in drivers/nvme/target/fabrics-cmd-auth.c, within the nvmet_req_init() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
493) Double free
EUVDB-ID: #VU95011
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41073
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
494) NULL pointer dereference
EUVDB-ID: #VU96934
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52915
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the af9035_i2c_master_xfer() function in drivers/media/usb/dvb-usb-v2/af9035.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
495) Buffer overflow
EUVDB-ID: #VU97681
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48945
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the vivid_vid_cap_s_selection() function in drivers/media/platform/vivid/vivid-vid-cap.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
496) Improper locking
EUVDB-ID: #VU96433
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shadow_page_table_clear_flood() function in arch/x86/kvm/mmu/mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
497) Use-after-free
EUVDB-ID: #VU96410
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48911
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_queue_entry_dup() function in net/netfilter/nfnetlink_queue.c, within the nf_queue_entry_release_refs(), nf_queue_entry_get_refs() and __nf_queue() functions in net/netfilter/nf_queue.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
498) Memory leak
EUVDB-ID: #VU94400
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48844
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hci_release_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
499) Buffer overflow
EUVDB-ID: #VU94478
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48799
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the DEFINE_PER_CPU() and perf_cgroup_switch() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
500) Use-after-free
EUVDB-ID: #VU94424
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48788
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_rdma_error_recovery_work() function in drivers/nvme/host/rdma.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
501) Resource management error
EUVDB-ID: #VU93189
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47387
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sugov_tunables_free(), sugov_tunables_alloc(), sugov_init() and sugov_exit() functions in kernel/sched/cpufreq_schedutil.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
502) Heap-based buffer overflow
EUVDB-ID: #VU86201
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-24577
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in git_index_add. A remote attacker can pass specially crafted filename that starts with a "/" character to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
503) Out-of-bounds write
EUVDB-ID: #VU65674
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-24807
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a boundary error in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable. A remote user can pass a malformed OID in a SET request, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
504) Resource exhaustion
EUVDB-ID: #VU86377
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-50387
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing DNSSEC related records. A remote attacker can trigger resource exhaustion by forcing the DNS server to query a specially crafted DNSSEC zone and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
505) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU32937
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-14145
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists in openssh client during algorithm negotiation due to observable discrepancy. A remote attacker can perform a Man-in-the-Middle (MitM) attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
506) Integer overflow
EUVDB-ID: #VU55451
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-37600
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in ipcutils.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
507) Input validation error
EUVDB-ID: #VU87906
Risk: Low
CVSSv4.0: 5.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-28085
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied arguments along with setgid tty permissions within the wall command. A local user can execute arbitrary commands with escalated privileges on the system.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
508) Heap-based buffer overflow
EUVDB-ID: #VU63289
Risk: High
CVSSv4.0: 7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2022-0530
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
509) Out-of-bounds write
EUVDB-ID: #VU66220
Risk: High
CVSSv4.0: 7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2022-0529
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing zip archives during the conversion of a UTF-8 string to a local string. A remote attacker can create a specially crafted zip file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
510) Stack-based buffer overflow
EUVDB-ID: #VU84035
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-39804
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the xattr_decoder() function in xheader.c. A remote attacker can trick the victim to open a specially crafted tar/pax archive with an overly long xattr key, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
511) Off-by-one
EUVDB-ID: #VU69807
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3821
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the format_timespan() function in time-util.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
512) Link following
EUVDB-ID: #VU49883
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-23239
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
513) Improper privilege management
EUVDB-ID: #VU85765
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-7090
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management when handling ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. A local user can escalate privileges in applications, where client hosts retain privileges even after retracting them.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
514) OS Command Injection
EUVDB-ID: #VU74197
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28487
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing control characters in the sudoreplay output. A local user can inject specially crafted characters to the log messages and execute arbitrary OS commands on the system. MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
515) OS Command Injection
EUVDB-ID: #VU74196
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28486
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing control characters in the log messages. A local user can inject specially crafted characters to the log messages and execute arbtirary OS commands on the system when the command is executed from the log (e.g. via the "sudoreplay -l").
Install update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
516) NULL pointer dereference
EUVDB-ID: #VU65672
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-24809
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in nsVacmAccessTable when handling malformed OID in GET-NEXT. A remote user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
517) NULL pointer dereference
EUVDB-ID: #VU65675
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-24808
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in NET-SNMP-AGENT-MIB::nsLogTable when handling malformed OID in a SET request. A remote user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRecoverPoint for Virtual Machines: 6.0 SP1 - 6.0 SP2
CPE2.3- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P1:*:*:*:*:*:*
- cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:SP1 P2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
