Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alsa vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2009-0035
alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts.
Alsa-project Alsa
8.1
CVSSv3
CVE-2019-13351
posix/JackSocket.cpp in libjack in JACK2 1.9.1 up to and including 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multith...
Jackaudio Jack2
Alsa-project Alsa
NA
CVE-2005-0087
The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for malicious users to execute arbitrary code if there are other vulnerabilities in the library.
Alsa-project Alsa-lib 1.0.6
Redhat Enterprise Linux 4.0
8.8
CVSSv3
CVE-2017-3576
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are before 5.0.38 and before 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructur...
Oracle Vm Virtualbox
1 EDB exploit
NA
CVE-2007-4571
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel prior to 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small coun...
Linux Linux Kernel
1 EDB exploit
7.8
CVSSv3
CVE-2017-4915
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.
Vmware Workstation Player 12.0.0
Vmware Workstation Pro 12.0.0
2 EDB exploits
NA
CVE-2021-47096
In the Linux kernel, the following vulnerability has been resolved: ALSA: rawmidi - fix the uninitalized user_pversion The user_pversion was uninitialized for the user space file structure in the open function, because the file private structure use kmalloc for the allocation. Th...
7.8
CVSSv3
CVE-2017-7369
In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.
Google Android
NA
CVE-2023-52689
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing mutex lock around get meter levels As scarlett2_meter_ctl_get() uses meter_level_map[], the data_mutex should be locked while accessing it.
NA
CVE-2023-52674
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 and SCARLETT2_MIXER_MAX_VALUE so we don't attempt to access outside scarlett2_mixer...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »