APEX Cloud Platform for Microsoft Azure update for third-party components
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 254 |
| CVE-ID | CVE-2024-41050 CVE-2024-41078 CVE-2024-41076 CVE-2024-41075 CVE-2024-41074 CVE-2024-41070 CVE-2024-41069 CVE-2024-41068 CVE-2024-41066 CVE-2024-41064 CVE-2024-41062 CVE-2024-41058 CVE-2024-41057 CVE-2024-41051 CVE-2024-41048 CVE-2024-41081 CVE-2024-41044 CVE-2024-41041 CVE-2024-41040 CVE-2024-41036 CVE-2024-41032 CVE-2024-41020 CVE-2024-41015 CVE-2024-41012 CVE-2024-41010 CVE-2024-41009 CVE-2024-41007 CVE-2024-41000 CVE-2024-40995 CVE-2024-41080 CVE-2024-41084 CVE-2024-40989 CVE-2024-42139 CVE-2024-42245 CVE-2024-42241 CVE-2024-42224 CVE-2024-42162 CVE-2024-42161 CVE-2024-42159 CVE-2024-42158 CVE-2024-42157 CVE-2024-42156 CVE-2024-42155 CVE-2024-42148 CVE-2024-42145 CVE-2024-42142 CVE-2024-42138 CVE-2024-42070 CVE-2024-42124 CVE-2024-42122 CVE-2024-42113 CVE-2024-42110 CVE-2024-42109 CVE-2024-42107 CVE-2024-42106 CVE-2024-42096 CVE-2024-42095 CVE-2024-42093 CVE-2024-42082 CVE-2024-42079 CVE-2024-42073 CVE-2024-40994 CVE-2024-40978 CVE-2024-42247 CVE-2023-52859 CVE-2024-26851 CVE-2024-26837 CVE-2024-26835 CVE-2024-26812 CVE-2024-26809 CVE-2024-26808 CVE-2024-26735 CVE-2024-26677 CVE-2024-26669 CVE-2024-26668 CVE-2024-26631 CVE-2024-26590 CVE-2023-52889 CVE-2023-52581 CVE-2024-27011 CVE-2023-52489 CVE-2024-6923 CVE-2024-5642 CVE-2024-43398 CVE-2024-41123 CVE-2024-41946 CVE-2024-35176 CVE-2024-39908 CVE-2024-20697 CVE-2024-48958 CVE-2024-45817 CVE-2024-9681 CVE-2024-27010 CVE-2024-27024 CVE-2024-40959 CVE-2024-36979 CVE-2024-40958 CVE-2024-40957 CVE-2024-40956 CVE-2024-40954 CVE-2024-40939 CVE-2024-40938 CVE-2024-40921 CVE-2024-40920 CVE-2024-40909 CVE-2024-40905 CVE-2024-39506 CVE-2024-39489 CVE-2024-38662 CVE-2024-36933 CVE-2024-27079 CVE-2024-36929 CVE-2024-36911 CVE-2024-36910 CVE-2024-36909 CVE-2024-36881 CVE-2024-36489 CVE-2024-36286 CVE-2024-36270 CVE-2024-35949 CVE-2024-35939 CVE-2024-35897 CVE-2024-27437 CVE-2024-27433 CVE-2024-27403 CVE-2024-42246 CVE-2024-42268 CVE-2024-23984 CVE-2024-44987 CVE-2024-43845 CVE-2024-43890 CVE-2024-43898 CVE-2024-43914 CVE-2024-44935 CVE-2024-44944 CVE-2024-44946 CVE-2024-44950 CVE-2024-44951 CVE-2024-44970 CVE-2024-44971 CVE-2024-44984 CVE-2024-44985 CVE-2024-44988 CVE-2024-43828 CVE-2024-44989 CVE-2024-44990 CVE-2024-44991 CVE-2024-44998 CVE-2024-44999 CVE-2024-45002 CVE-2024-45003 CVE-2024-45013 CVE-2024-45017 CVE-2024-45018 CVE-2024-45019 CVE-2024-45021 CVE-2024-45022 CVE-2024-43832 CVE-2024-42306 CVE-2024-45029 CVE-2023-52752 CVE-2024-24968 CVE-2024-21829 CVE-2024-21781 CVE-2024-23599 CVE-2024-25565 CVE-2024-21853 CVE-2023-52340 CVE-2024-42154 CVE-2024-40725 CVE-2024-6232 CVE-2024-7592 CVE-2024-8088 CVE-2023-52610 CVE-2023-52916 CVE-2024-42305 CVE-2024-26640 CVE-2024-26759 CVE-2024-26804 CVE-2024-38538 CVE-2024-38596 CVE-2024-40965 CVE-2024-40973 CVE-2024-40983 CVE-2024-42243 CVE-2024-42252 CVE-2024-42265 CVE-2024-42294 CVE-2024-42304 CVE-2024-45023 CVE-2024-45030 CVE-2024-42269 CVE-2024-43821 CVE-2024-43911 CVE-2024-43899 CVE-2024-43882 CVE-2024-43880 CVE-2024-43866 CVE-2024-43864 CVE-2024-43855 CVE-2024-43854 CVE-2024-43850 CVE-2024-43839 CVE-2024-43837 CVE-2024-43834 CVE-2024-43831 CVE-2024-42322 CVE-2024-21235 CVE-2024-42318 CVE-2024-42316 CVE-2024-42312 CVE-2024-42308 CVE-2024-42301 CVE-2024-42295 CVE-2024-42291 CVE-2024-42290 CVE-2024-42284 CVE-2024-42283 CVE-2024-42281 CVE-2024-42277 CVE-2024-42270 CVE-2023-49582 CVE-2024-21217 CVE-2024-46673 CVE-2024-46752 CVE-2024-46677 CVE-2024-46679 CVE-2024-46686 CVE-2024-46687 CVE-2024-46691 CVE-2024-46692 CVE-2024-46693 CVE-2024-46710 CVE-2024-46717 CVE-2024-46729 CVE-2024-46735 CVE-2024-46743 CVE-2024-46751 CVE-2024-46753 CVE-2024-21210 CVE-2024-46772 CVE-2024-46783 CVE-2024-46787 CVE-2024-46794 CVE-2024-46822 CVE-2024-48957 CVE-2024-41996 CVE-2024-50602 CVE-2024-9287 CVE-2023-50782 CVE-2024-31227 CVE-2024-31228 CVE-2024-31449 CVE-2024-21208 |
| CWE-ID | CWE-667 CWE-401 CWE-20 CWE-416 CWE-399 CWE-476 CWE-119 CWE-190 CWE-388 CWE-682 CWE-908 CWE-125 CWE-843 CWE-404 CWE-825 CWE-366 CWE-362 CWE-77 CWE-400 CWE-776 CWE-787 CWE-833 CWE-1025 CWE-200 CWE-415 CWE-191 CWE-835 CWE-203 CWE-665 CWE-371 CWE-691 CWE-1245 CWE-185 CWE-276 CWE-78 CWE-121 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #87 is available. Public exploit code for vulnerability #136 is available. Public exploit code for vulnerability #170 is available. |
| Vulnerable software |
APEX Cloud Platform for Microsoft Azure Other software / Other software solutions |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 254 vulnerabilities.
1) Improper locking
EUVDB-ID: #VU94993
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41050
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cachefiles_ondemand_send_req() function in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU94929
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41078
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU94928
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs4_set_security_label() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU95004
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41075
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cachefiles_ondemand_fd_llseek(), cachefiles_ondemand_fd_ioctl() and cachefiles_ondemand_copen() functions in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU95087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41074
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cachefiles_ondemand_copen() function in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU94942
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41070
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_spapr_tce_attach_iommu_group() function in arch/powerpc/kvm/book3s_64_vio.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU94943
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41069
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the soc_tplg_dapm_graph_elems_load() function in sound/soc/soc-topology.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU95072
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41068
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU94927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41066
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper locking
EUVDB-ID: #VU94991
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41064
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU94977
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41062
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the l2cap_sock_kill(), l2cap_sock_new_connection_cb() and l2cap_sock_recv_cb() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU94944
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41058
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_withdraw_volumes() function in fs/cachefiles/cache.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU94945
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41057
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_free_volume() function in fs/cachefiles/volume.c, within the cachefiles_withdraw_objects() and cachefiles_withdraw_cache() functions in fs/cachefiles/cache.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU94946
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41051
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_ondemand_clean_object() function in fs/cachefiles/ondemand.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU94982
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41048
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sk_msg_recvmsg() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Resource management error
EUVDB-ID: #VU95051
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41081
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ila_output() function in net/ipv6/ila/ila_lwt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU95108
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41044
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource management error
EUVDB-ID: #VU95069
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41041
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sock_set_flag() and spin_unlock() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU94949
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41040
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the net/sched/act_ct.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper locking
EUVDB-ID: #VU94995
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41036
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ks8851_tx_work() function in drivers/net/ethernet/micrel/ks8851_spi.c, within the ks8851_irq() and ks8851_set_rx_mode() functions in drivers/net/ethernet/micrel/ks8851_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU95079
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41032
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the DEFINE_PER_CPU() function in mm/vmalloc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper locking
EUVDB-ID: #VU94996
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41020
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU94842
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU94672
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU94507
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41010
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ingress_init(), ingress_destroy(), clsact_init() and clsact_destroy() functions in net/sched/sch_ingress.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU94508
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41009
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __aligned(), bpf_ringbuf_alloc(), bpf_ringbuf_restore_from_rec() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Resource management error
EUVDB-ID: #VU94345
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41007
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_rtx_probe0_timed_out() function in net/ipv4/tcp_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Integer overflow
EUVDB-ID: #VU94295
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41000
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the blkpg_do_ioctl() function in block/ioctl.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper locking
EUVDB-ID: #VU94267
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU94990
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41080
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_register_iowq_max_workers() function in io_uring/register.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU94973
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41084
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __cxl_dpa_to_region() function in drivers/cxl/core/region.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Input validation error
EUVDB-ID: #VU94324
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40989
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vgic_v3_free_redist_region() and vgic_v3_set_redist_base() functions in arch/arm64/kvm/vgic/vgic-mmio-v3.c, within the kvm_vgic_dist_destroy() function in arch/arm64/kvm/vgic/vgic-init.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Input validation error
EUVDB-ID: #VU95082
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42139
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ice_ptp_extts_event(), ice_ptp_cfg_extts(), ice_ptp_gpio_enable_e810(), ice_ptp_gpio_enable_e823(), ice_ptp_rebuild_owner() and ice_ptp_release() functions in drivers/net/ethernet/intel/ice/ice_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper locking
EUVDB-ID: #VU95508
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42245
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the detach_tasks() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Resource management error
EUVDB-ID: #VU95517
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42241
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the shmem_confirm_swap() and shmem_is_huge() functions in mm/shmem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper error handling
EUVDB-ID: #VU95012
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42224
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Incorrect calculation
EUVDB-ID: #VU95074
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42162
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the gve_get_drvinfo() and gve_get_ethtool_stats() functions in drivers/net/ethernet/google/gve/gve_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Use of uninitialized resource
EUVDB-ID: #VU95027
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42161
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the tools/lib/bpf/bpf_core_read.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Input validation error
EUVDB-ID: #VU95089
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42159
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mpi3mr_sas_port_add() function in drivers/scsi/mpi3mr/mpi3mr_transport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Resource management error
EUVDB-ID: #VU95064
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42158
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Input validation error
EUVDB-ID: #VU95090
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42157
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Input validation error
EUVDB-ID: #VU95091
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42156
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Input validation error
EUVDB-ID: #VU95092
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42155
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds read
EUVDB-ID: #VU94952
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42148
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/broadcom/bnx2x/bnx2x.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Buffer overflow
EUVDB-ID: #VU95054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Input validation error
EUVDB-ID: #VU95083
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42142
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the acl_ingress_ofld_setup(), esw_acl_ingress_src_port_drop_create(), esw_acl_ingress_ofld_groups_destroy() and esw_acl_ingress_ofld_setup() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) NULL pointer dereference
EUVDB-ID: #VU94959
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42138
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vfree() function in drivers/net/ethernet/mellanox/mlxsw/core_linecards.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Type Confusion
EUVDB-ID: #VU94923
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42070
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a type confusion error within the nft_lookup_init() function in net/netfilter/nft_lookup.c,
within the nf_tables_fill_setelem() and nft_validate_register_store()
functions in net/netfilter/nf_tables_api.c. A local user can pass specially crafted data to the packet filtering to trigger a type confusion error and gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Input validation error
EUVDB-ID: #VU95097
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42124
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qedf_execute_tmf() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) NULL pointer dereference
EUVDB-ID: #VU94961
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42122
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c, within the dcn321_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c, within the dcn32_hpo_dp_link_encoder_create() and dml1_validate() functions in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn316/dcn316_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c, within the dcn31_hpo_dp_link_encoder_create() and dcn314_validate_bandwidth() functions in drivers/gpu/drm/amd/display/dc/resource/dcn314/dcn314_resource.c, within the dcn31_hpo_dp_link_encoder_create() and dcn31_validate_bandwidth() functions in drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c, within the dcn30_validate_bandwidth() function in drivers/gpu/drm/amd/display/dc/resource/dcn30/dcn30_resource.c, within the dcn32_clk_mgr_construct() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c, within the dcn3_clk_mgr_construct() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Use of uninitialized resource
EUVDB-ID: #VU95025
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42113
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the wx_set_interrupt_capability() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Resource management error
EUVDB-ID: #VU95050
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42110
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ntb_netdev_rx_handler() function in drivers/net/ntb_netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Use-after-free
EUVDB-ID: #VU94934
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42109
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nft_rcv_nl_event() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) NULL pointer dereference
EUVDB-ID: #VU94962
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42107
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_ptp_extts_event() function in drivers/net/ethernet/intel/ice/ice_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Use of uninitialized resource
EUVDB-ID: #VU95024
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42106
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_diag_dump_compat() and inet_diag_get_exact_compat() functions in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Improper locking
EUVDB-ID: #VU94987
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42096
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the profile_pc() function in arch/x86/kernel/time.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Input validation error
EUVDB-ID: #VU95101
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42095
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the uart_write() and omap8250_irq() functions in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Buffer overflow
EUVDB-ID: #VU95039
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42093
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dpaa2_eth_xdp_xmit() and update_xps() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Buffer overflow
EUVDB-ID: #VU95055
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42082
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __xdp_reg_mem_model() function in net/core/xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) NULL pointer dereference
EUVDB-ID: #VU94968
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42079
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gfs2_jindex_free() function in fs/gfs2/super.c, within the lops_before_commit() function in fs/gfs2/log.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Use-after-free
EUVDB-ID: #VU94940
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42073
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_sb_sr_occ_query_cb(), mlxsw_reg_sbsr_pack() and mlxsw_sp_sb_occ_max_clear() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_buffers.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Integer overflow
EUVDB-ID: #VU94294
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40994
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the max_vclocks_store() function in drivers/ptp/ptp_sysfs.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Resource management error
EUVDB-ID: #VU94299
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40978
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Resource management error
EUVDB-ID: #VU95518
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42247
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the swap_endian() function in drivers/net/wireguard/allowedips.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Use-after-free
EUVDB-ID: #VU90081
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52859
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hisi_sllc_pmu_probe() function in drivers/perf/hisilicon/hisi_uncore_sllc_pmu.c, within the hisi_pa_pmu_probe() function in drivers/perf/hisilicon/hisi_uncore_pa_pmu.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Out-of-bounds read
EUVDB-ID: #VU91096
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper locking
EUVDB-ID: #VU92039
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26837
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the switchdev_obj_eq() and switchdev_port_obj_del() functions in net/switchdev/switchdev.c, within the br_switchdev_mdb_replay_one() and br_switchdev_mdb_replay() functions in net/bridge/br_switchdev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Resource management error
EUVDB-ID: #VU93772
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26835
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Improper locking
EUVDB-ID: #VU91529
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26812
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_intx_handler() and vfio_pci_set_intx_trigger() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Improper resource shutdown or release
EUVDB-ID: #VU93747
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26809
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the nft_pipapo_destroy() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Expired pointer dereference
EUVDB-ID: #VU93809
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26808
CWE-ID:
CWE-825 - Expired pointer dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a stale reference within the nf_tables_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Use-after-free
EUVDB-ID: #VU90215
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Input validation error
EUVDB-ID: #VU94139
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26677
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rxrpc_propose_delay_ACK(), rxrpc_send_initial_ping() and rxrpc_input_call_event() functions in net/rxrpc/call_event.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Memory leak
EUVDB-ID: #VU90010
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26669
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fl_tmplt_destroy() function in net/sched/cls_flower.c, within the tcf_block_playback_offloads() and tc_chain_tmplt_add() functions in net/sched/cls_api.c, within the void() function in include/net/sch_generic.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Integer overflow
EUVDB-ID: #VU91180
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26668
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nft_limit_eval() and nft_limit_init() functions in net/netfilter/nft_limit.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Race condition within a thread
EUVDB-ID: #VU91436
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26631
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the ipv6_mc_down() function in net/ipv6/mcast.c. A local user can manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) NULL pointer dereference
EUVDB-ID: #VU90663
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26590
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the z_erofs_do_map_blocks() function in fs/erofs/zmap.c, within the z_erofs_parse_cfgs() function in fs/erofs/decompressor.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) NULL pointer dereference
EUVDB-ID: #VU96132
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52889
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apparmor_socket_sock_rcv_skb() function in security/apparmor/lsm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Memory leak
EUVDB-ID: #VU89385
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52581
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the nft_trans_gc_space() function in net/netfilter/nf_tables_api.c. A local user can force the system to leak memory and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Memory leak
EUVDB-ID: #VU90463
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27011
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_data_hold() and __nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Race condition
EUVDB-ID: #VU89388
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52489
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the section_deactivate() function in mm/sparse.c. A local user can exploit the race and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Command Injection
EUVDB-ID: #VU95571
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-6923
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient validation of newlines for email headers when
serializing an email message. A remote attacker can inject arbitrary headers into serialized email messages.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Out-of-bounds read
EUVDB-ID: #VU97633
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-5642
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API when NPN is used. A remote attacker can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Resource exhaustion
EUVDB-ID: #VU96970
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-43398
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing XML with multiple deep elements that have same local name attributes. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Input validation error
EUVDB-ID: #VU95149
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-41123
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing characters such as a whitespace character, >] and ]>. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) XML Entity Expansion
EUVDB-ID: #VU95148
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-41946
CWE-ID:
CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when parsing XML with SAX2 or pull parser API. A remote attacker can pass specially crafted XML data to the application and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Input validation error
EUVDB-ID: #VU94361
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-35176
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing XML that has multiple bracket character occurrences (e.g. "<") in an attribute value. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
88) Input validation error
EUVDB-ID: #VU94363
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-39908
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied XML input. A remote attacker can pass specially crafted characters, such as "<", "\0" and "%>" to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Out-of-bounds write
EUVDB-ID: #VU85184
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-20697
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the Windows Libarchive. A remote attacker can trick a victim to open a specially crafted website or open a file and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Out-of-bounds read
EUVDB-ID: #VU98512
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-48958
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the execute_filter_delta() function in archive_read_support_format_rar.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Deadlock
EUVDB-ID: #VU97680
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45817
CWE-ID:
CWE-833 - Deadlock
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to a deadlock within the vlapic_error() function. A buggy or malicious HVM or PVH guest can deadlock Xen and perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Comparison using wrong factors
EUVDB-ID: #VU99865
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-9681
CWE-ID:
CWE-1025 - Comparison using wrong factors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error in HSTS cache implementation. When curl is asked to use HSTS, the expiry time for a subdomain can overwrite a parent domain's cache entry, making it end sooner or later
than otherwise intended. This can lead to situations when the website becomes unavailable or force the client to switch to HTTP from HTTP connection earlier than intended.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Improper locking
EUVDB-ID: #VU90769
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27010
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qdisc_alloc() function in net/sched/sch_generic.c, within the qdisc_run_end() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Resource management error
EUVDB-ID: #VU93841
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27024
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rds_sendmsg() function in net/rds/send.c, within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) NULL pointer dereference
EUVDB-ID: #VU94246
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40959
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xfrm6_get_saddr() function in net/ipv6/xfrm6_policy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Use-after-free
EUVDB-ID: #VU92305
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36979
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_mst_vlan_set_state() and br_mst_set_state() functions in net/bridge/br_mst.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Use-after-free
EUVDB-ID: #VU94215
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in net/core/net_namespace.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) NULL pointer dereference
EUVDB-ID: #VU94247
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40957
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the input_action_end_dx6() and input_action_end_dx4() functions in net/ipv6/seg6_local.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Use-after-free
EUVDB-ID: #VU94216
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40956
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the irq_process_work_list() function in drivers/dma/idxd/irq.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Use-after-free
EUVDB-ID: #VU94217
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40954
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sk_common_release() function in net/core/sock.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Input validation error
EUVDB-ID: #VU94321
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40939
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ipc_devlink_create_region() function in drivers/net/wwan/iosm/iosm_ipc_devlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Input validation error
EUVDB-ID: #VU94320
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40938
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the current_check_refer_path() function in security/landlock/fs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) NULL pointer dereference
EUVDB-ID: #VU94253
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40921
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the br_mst_get_state(), br_mst_set_state() and br_mst_vlan_sync_state() functions in net/bridge/br_mst.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Use-after-free
EUVDB-ID: #VU94221
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40920
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_mst_set_state() function in net/bridge/br_mst.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Use-after-free
EUVDB-ID: #VU94224
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40909
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_obj_get(), bpf_link_defer_dealloc_mult_rcu_gp() and bpf_link_free() functions in kernel/bpf/syscall.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) NULL pointer dereference
EUVDB-ID: #VU94257
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_get_pcpu_route() function in net/ipv6/route.c, within the __fib6_drop_pcpu_from() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) NULL pointer dereference
EUVDB-ID: #VU94258
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39506
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Memory leak
EUVDB-ID: #VU94084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39489
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Improper locking
EUVDB-ID: #VU93033
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38662
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the may_update_sockmap() and check_map_func_compatibility() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Use of uninitialized resource
EUVDB-ID: #VU90862
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36933
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and nsh_gso_segment() functions in net/nsh/nsh.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) NULL pointer dereference
EUVDB-ID: #VU90518
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27079
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the intel_pasid_setup_nested() function in drivers/iommu/intel/pasid.c, within the domain_context_clear() and intel_iommu_release_device() functions in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Improper error handling
EUVDB-ID: #VU93449
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36929
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the skb_alloc_rx_flag() and skb_copy_expand() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Use-after-free
EUVDB-ID: #VU93346
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36911
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the free_netvsc_device() function in drivers/net/hyperv/netvsc.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Use-after-free
EUVDB-ID: #VU93345
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36910
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hv_uio_cleanup() and hv_uio_probe() functions in drivers/uio/uio_hv_generic.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Use-after-free
EUVDB-ID: #VU93085
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36909
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmbus_free_ring() function in drivers/hv/channel.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Input validation error
EUVDB-ID: #VU90847
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36881
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the userfaultfd_release() function in fs/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) NULL pointer dereference
EUVDB-ID: #VU93030
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36489
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tls_ctx_create() function in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Improper locking
EUVDB-ID: #VU93036
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36286
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) NULL pointer dereference
EUVDB-ID: #VU93028
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Out-of-bounds read
EUVDB-ID: #VU91391
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35949
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __btrfs_check_leaf() and __btrfs_check_node() functions in fs/btrfs/tree-checker.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Information disclosure
EUVDB-ID: #VU91344
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35939
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the dma_direct_alloc(), __dma_direct_free_pages() and dma_direct_alloc_pages() functions in kernel/dma/direct.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Resource management error
EUVDB-ID: #VU93269
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35897
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_tables_table_disable() and nf_tables_updtable() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Resource management error
EUVDB-ID: #VU93202
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27437
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Double free
EUVDB-ID: #VU90924
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27433
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the clk_mt7622_apmixed_remove() function in drivers/clk/mediatek/clk-mt7622-apmixedsys.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Integer underflow
EUVDB-ID: #VU91669
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27403
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the flow_offload_dst_cookie() and nft_flow_dst_release() functions in net/netfilter/nf_flow_table_core.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Infinite loop
EUVDB-ID: #VU95515
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42246
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Improper locking
EUVDB-ID: #VU96159
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42268
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_fw_reset_set_live_patch() and mlx5_fw_reset_complete_reload() functions in drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Observable discrepancy
EUVDB-ID: #VU97424
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23984
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to observable discrepancy in Running Average Power Limit (RAPL) interface. A local privileged user can gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Use-after-free
EUVDB-ID: #VU96839
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44987
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_send_skb() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Use of uninitialized resource
EUVDB-ID: #VU96170
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43845
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the udf_rename() function in fs/udf/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Buffer overflow
EUVDB-ID: #VU96544
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43890
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) NULL pointer dereference
EUVDB-ID: #VU96533
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43898
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_da_do_write_end() function in fs/ext4/inode.c, within the __block_commit_write() function in fs/buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Input validation error
EUVDB-ID: #VU96542
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43914
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) NULL pointer dereference
EUVDB-ID: #VU96522
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44935
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __sctp_hash_endpoint() and __sctp_unhash_endpoint() functions in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Type Confusion
EUVDB-ID: #VU96639
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44944
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Use-after-free
EUVDB-ID: #VU96658
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44946
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
137) Resource management error
EUVDB-ID: #VU96875
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44950
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sc16is7xx_set_baud() function in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Improper locking
EUVDB-ID: #VU96856
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44951
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sc16is7xx_set_baud(), sc16is7xx_handle_rx() and sc16is7xx_handle_tx() functions in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Buffer overflow
EUVDB-ID: #VU96876
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44970
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Memory leak
EUVDB-ID: #VU96832
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44971
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Resource management error
EUVDB-ID: #VU96873
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44984
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnxt_rx_xdp() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Use-after-free
EUVDB-ID: #VU96837
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44985
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_xmit() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Out-of-bounds read
EUVDB-ID: #VU96845
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44988
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mv88e6xxx_g1_atu_prob_irq_thread_fn() function in drivers/net/dsa/mv88e6xxx/global1_atu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Use of uninitialized resource
EUVDB-ID: #VU96169
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43828
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ext4_es_find_extent_range() function in fs/ext4/extents_status.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) NULL pointer dereference
EUVDB-ID: #VU96847
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44989
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) NULL pointer dereference
EUVDB-ID: #VU96848
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44990
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_offload_ok() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Use-after-free
EUVDB-ID: #VU96840
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44991
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() and tcp_sk_exit_batch() functions in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Use-after-free
EUVDB-ID: #VU96842
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44998
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Use of uninitialized resource
EUVDB-ID: #VU96870
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44999
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) NULL pointer dereference
EUVDB-ID: #VU96851
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45002
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the osnoise_init_top() function in tools/tracing/rtla/src/osnoise_top.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Use-after-free
EUVDB-ID: #VU96843
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45003
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Use-after-free
EUVDB-ID: #VU97168
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45013
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_stop_ctrl() and EXPORT_SYMBOL_GPL() functions in drivers/nvme/host/core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Improper locking
EUVDB-ID: #VU97177
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45017
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipsec_fs_roce_tx_mpv_create() and ipsec_fs_roce_rx_mpv_create() functions in drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Use of uninitialized resource
EUVDB-ID: #VU97182
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45018
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Improper locking
EUVDB-ID: #VU97178
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45019
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_tx_reporter_timeout_recover() function in drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Improper Initialization
EUVDB-ID: #VU97184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45021
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Buffer overflow
EUVDB-ID: #VU97183
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45022
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the vm_area_alloc_pages() function in mm/vmalloc.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Improper locking
EUVDB-ID: #VU96149
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43832
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the make_folio_secure() and folio_wait_writeback() functions in arch/s390/kernel/uv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Buffer overflow
EUVDB-ID: #VU96184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42306
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udf_sb_free_bitmap() function in fs/udf/super.c, within the read_block_bitmap() and __load_block_bitmap() functions in fs/udf/balloc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Improper locking
EUVDB-ID: #VU97180
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45029
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tegra_i2c_probe() function in drivers/i2c/busses/i2c-tegra.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Use-after-free
EUVDB-ID: #VU90068
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52752
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) State Issues
EUVDB-ID: #VU97423
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-24968
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to improper finite state machines (FSMs) in hardware logic. A local privileged user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Input validation error
EUVDB-ID: #VU97437
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21829
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient input validation in UEFI firmware error handler. A local privileged user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Input validation error
EUVDB-ID: #VU97438
Risk: Low
CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21781
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in UEFI firmware. A local privileged user can gain access to sensitive information or perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Race condition
EUVDB-ID: #VU97445
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23599
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in Seamless Firmware Updates for some Intel reference platforms. A local user can exploit the race and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Insufficient Control Flow Management
EUVDB-ID: #VU100417
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-25565
CWE-ID:
CWE-691 - Insufficient Control Flow Management
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient control flow management. A local attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Improper finite state machines in hardware logic
EUVDB-ID: #VU101936
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21853
CWE-ID:
CWE-1245 - Improper Finite State Machines (FSMs) in Hardware Logic
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in hardware logic. A local unprivileged user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Resource exhaustion
EUVDB-ID: #VU88378
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-52340
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing very large ICMPv6 packets. A remote attacker can send a flood of IPv6 ICMP6 PTB messages, cause the high lock contention and increased CPU usage, leading to a denial of service.
Successful vulnerability exploitation requires a attacker to be on the local network or have a high bandwidth connection.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Input validation error
EUVDB-ID: #VU95093
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Information disclosure
EUVDB-ID: #VU94504
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-40725
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when processing legacy content-type based configuration of handlers, such as "AddType" and similar configuration when files are requested indirectly. A remote attacker can send a specially crafted HTTP request and view contents of files, for example the source code of a PHP script can be served instead of interpreted.
Note, the vulnerability exists due to incomplete fix for #VU93729 (CVE-2024-39884).
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
171) Incorrect Regular Expression
EUVDB-ID: #VU96745
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-6232
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of .tar archives when processing it with regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Resource exhaustion
EUVDB-ID: #VU96945
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-7592
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the 'http.cookies' standard library module when parsing cookies that contained backslashes for quoted characters in the cookie value. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Infinite loop
EUVDB-ID: #VU96596
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-8088
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the the CPython "zipfile" module affecting "zipfile.Path". A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Memory leak
EUVDB-ID: #VU89382
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52610
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in net/sched/act_ct.c. A local user can force the kernel to leak memory and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Resource management error
EUVDB-ID: #VU96935
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52916
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the aspeed_video_get_resolution() and aspeed_video_set_resolution() functions in drivers/media/platform/aspeed/aspeed-video.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Resource management error
EUVDB-ID: #VU96182
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42305
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Resource management error
EUVDB-ID: #VU89397
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26640
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Race condition
EUVDB-ID: #VU91479
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26759
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the swapcache_prepare() function in mm/swapfile.c, within the do_swap_page() and folio_unlock() functions in mm/memory.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Use-after-free
EUVDB-ID: #VU90212
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26804
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tnl_update_pmtu(), ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Use of uninitialized resource
EUVDB-ID: #VU92373
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38538
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and br_dev_xmit() functions in net/bridge/br_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Race condition within a thread
EUVDB-ID: #VU92380
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38596
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Improper locking
EUVDB-ID: #VU94276
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40965
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpi2c_imx_config() and lpi2c_imx_probe() functions in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) NULL pointer dereference
EUVDB-ID: #VU94241
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40973
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_vcodec_fw_scp_init() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Resource management error
EUVDB-ID: #VU94304
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40983
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Improper error handling
EUVDB-ID: #VU95511
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42243
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the include/linux/pagemap.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Improper locking
EUVDB-ID: #VU95561
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42252
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the closure_put_after_sub() function in lib/closure.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) Input validation error
EUVDB-ID: #VU96203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Improper locking
EUVDB-ID: #VU96151
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42294
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the del_gendisk() function in block/genhd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Improper error handling
EUVDB-ID: #VU96164
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42304
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __ext4_read_dirblock(), ext4_empty_dir() and ext4_get_first_dir_block() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Resource management error
EUVDB-ID: #VU97194
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45023
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to improper management of internal resources within the choose_first_rdev(), choose_bb_rdev(), choose_slow_rdev() and rdev_readable() functions in drivers/md/raid1.c. A local user can corrupt data.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Buffer overflow
EUVDB-ID: #VU97189
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45030
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the igb_set_rx_buffer_len() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) NULL pointer dereference
EUVDB-ID: #VU96146
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42269
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip6table_nat_init() function in net/ipv6/netfilter/ip6table_nat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) NULL pointer dereference
EUVDB-ID: #VU96129
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43821
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_xcvr_data_show() function in drivers/scsi/lpfc/lpfc_attr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) NULL pointer dereference
EUVDB-ID: #VU96523
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43911
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ieee80211_start_tx_ba_session() function in net/mac80211/agg-tx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) NULL pointer dereference
EUVDB-ID: #VU96532
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43899
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_get_dcc_compression_cap() function in drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Improper locking
EUVDB-ID: #VU96295
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43882
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) Resource management error
EUVDB-ID: #VU96305
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43880
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the objagg_hints_obj_cmp() and objagg_hints_get() functions in lib/objagg.c, within the mlxsw_sp_acl_erp_delta_check() and mlxsw_sp_acl_erp_root_destroy() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) NULL pointer dereference
EUVDB-ID: #VU96293
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43866
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_sf_dev_shutdown() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_try_fast_unload() and shutdown() functions in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Memory leak
EUVDB-ID: #VU96289
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43864
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5_tc_ct_entry_destroy_mod_hdr() function in drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) Improper locking
EUVDB-ID: #VU96147
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43855
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the md_end_flush(), submit_flushes() and md_submit_flush_data() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) Memory leak
EUVDB-ID: #VU96099
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Resource management error
EUVDB-ID: #VU96185
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43850
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bwmon_start() and bwmon_probe() functions in drivers/soc/qcom/icc-bwmon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) Input validation error
EUVDB-ID: #VU96197
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43839
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) NULL pointer dereference
EUVDB-ID: #VU96121
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43837
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/bpf_verifier.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) Use-after-free
EUVDB-ID: #VU96103
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43834
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xdp_unreg_mem_model() function in net/core/xdp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Input validation error
EUVDB-ID: #VU96196
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43831
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vpu_dec_init() function in drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Resource management error
EUVDB-ID: #VU96189
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42322
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ip_vs_add_service() function in net/netfilter/ipvs/ip_vs_ctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Improper input validation
EUVDB-ID: #VU98644
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21235
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) Input validation error
EUVDB-ID: #VU96210
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42318
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hook_cred_prepare() and hook_cred_free() functions in security/landlock/cred.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Integer underflow
EUVDB-ID: #VU96174
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42316
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the folio_rotate_reclaimable() function in mm/vmscan.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) Input validation error
EUVDB-ID: #VU96209
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42312
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) NULL pointer dereference
EUVDB-ID: #VU96136
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42308
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_plane_get_status() function in drivers/gpu/drm/amd/display/dc/core/dc_surface.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) Out-of-bounds read
EUVDB-ID: #VU96116
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) Improper error handling
EUVDB-ID: #VU96166
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42295
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_btree_get_new_block() function in fs/nilfs2/btree.c, within the nilfs_btnode_create_block() function in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Input validation error
EUVDB-ID: #VU96207
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42291
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ice_vc_fdir_reset_cnt_all(), ice_vc_add_fdir_fltr_post(), ice_vc_del_fdir_fltr_post() and ice_vc_add_fdir_fltr() functions in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c, within the ice_parse_rx_flow_user_data() function in drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) Resource management error
EUVDB-ID: #VU96181
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42290
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the imx_irqsteer_get_reg_index(), imx_irqsteer_irq_mask() and imx_irqsteer_probe() functions in drivers/irqchip/irq-imx-irqsteer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) Buffer overflow
EUVDB-ID: #VU96176
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42284
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) Memory leak
EUVDB-ID: #VU96195
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42283
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nla_put_nh_group() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) Input validation error
EUVDB-ID: #VU96206
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42281
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bpf_skb_net_grow() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
220) NULL pointer dereference
EUVDB-ID: #VU96144
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42277
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sprd_iommu_cleanup() function in drivers/iommu/sprd-iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
221) NULL pointer dereference
EUVDB-ID: #VU96145
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iptable_nat_init() function in net/ipv4/netfilter/iptable_nat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
222) Incorrect default permissions
EUVDB-ID: #VU96554
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-49582
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to lax permissions set by the Apache Portable Runtime library on Unix platforms. A local user can read the named shared memory segments.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
223) Improper input validation
EUVDB-ID: #VU98648
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21217
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
224) Use-after-free
EUVDB-ID: #VU97251
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46673
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
225) Improper error handling
EUVDB-ID: #VU97543
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46752
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the update_ref_for_cow() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
226) NULL pointer dereference
EUVDB-ID: #VU97257
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46677
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
227) Input validation error
EUVDB-ID: #VU97269
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46679
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
228) NULL pointer dereference
EUVDB-ID: #VU97260
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46686
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_new_read_req() function in fs/smb/client/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
229) Use-after-free
EUVDB-ID: #VU97254
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46687
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_submit_chunk() function in fs/btrfs/bio.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
230) NULL pointer dereference
EUVDB-ID: #VU97261
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46691
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pmic_glink_ucsi_notify(), pmic_glink_ucsi_callback() and pmic_glink_ucsi_probe() functions in drivers/usb/typec/ucsi/ucsi_glink.c, within the EXPORT_SYMBOL_GPL() function in drivers/soc/qcom/pmic_glink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
231) Improper locking
EUVDB-ID: #VU97267
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46692
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the scm_get_wq_ctx() function in drivers/firmware/qcom_scm-smc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
232) NULL pointer dereference
EUVDB-ID: #VU97262
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46693
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pmic_glink_ucsi_probe() function in drivers/usb/typec/ucsi/ucsi_glink.c, within the pmic_glink_altmode_probe() function in drivers/soc/qcom/pmic_glink_altmode.c, within the _devm_pmic_glink_release_client() and devm_pmic_glink_register_client() functions in drivers/soc/qcom/pmic_glink.c, within the qcom_battmgr_probe() function in drivers/power/supply/qcom_battmgr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
233) Incorrect calculation
EUVDB-ID: #VU97283
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46710
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the vmw_bo_map_and_cache_size() and vmw_bo_init() functions in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
234) Input validation error
EUVDB-ID: #VU97571
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46717
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_handle_rx_cqe_mpwrq_shampo() function in drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
235) Infinite loop
EUVDB-ID: #VU97556
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46729
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the dccg35_get_other_enabled_symclk_fe() function in drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dccg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
236) NULL pointer dereference
EUVDB-ID: #VU97530
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46735
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ublk_ctrl_start_recovery() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
237) Out-of-bounds read
EUVDB-ID: #VU97503
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
238) Incorrect calculation
EUVDB-ID: #VU97561
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46751
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
239) Improper error handling
EUVDB-ID: #VU97544
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46753
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the walk_up_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
240) Improper input validation
EUVDB-ID: #VU98645
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21210
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle Java SE. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
241) Input validation error
EUVDB-ID: #VU97567
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46772
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dcn315_populate_dml_pipes_from_context() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
242) Improper error handling
EUVDB-ID: #VU97546
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46783
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sk_stream_error() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
243) Improper locking
EUVDB-ID: #VU97536
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46787
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
244) Memory leak
EUVDB-ID: #VU97489
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46794
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mmio_read() function in arch/x86/coco/tdx/tdx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
245) NULL pointer dereference
EUVDB-ID: #VU97798
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46822
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
246) Out-of-bounds read
EUVDB-ID: #VU98511
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-48957
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the execute_filter_audio() function in archive_read_support_format_rar.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
247) Resource exhaustion
EUVDB-ID: #VU98050
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-41996
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to unnecessary validation of the public keys in the Diffie-Hellman Key Agreement Protocol when an approved safe prime is used. A remote attacker from the client side can trigger unnecessarily expensive server-side DHE modular-exponentiation calculations and cause asymmetric resource consumption, resulting in a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
248) Input validation error
EUVDB-ID: #VU99614
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-50602
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the XML_ResumeParser function. A remote attacker can pass specially crafted XML input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
249) OS Command Injection
EUVDB-ID: #VU99357
Risk: Low
CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-9287
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper input validation in the venv module when creating a virtual environment. A local user can pass specially crafted strings to the application and execute arbitrary OS commands on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
250) Observable discrepancy
EUVDB-ID: #VU88199
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-50782
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
251) Input validation error
EUVDB-ID: #VU97971
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-31227
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to malformed ACL selectors. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
252) Input validation error
EUVDB-ID: #VU97972
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-31228
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to due to unbounded pattern matching. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
253) Stack-based buffer overflow
EUVDB-ID: #VU97970
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-31449
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote user with ability to influence data input can pass a specially crafted Lua script to the database, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
254) Improper input validation
EUVDB-ID: #VU98647
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21208
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsAPEX Cloud Platform for Microsoft Azure: 01.00.00.00 - 01.03.00.00
CPE2.3- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:apex_cloud_platform_for_microsoft_azure:01.03.00.00:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
