XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX Security Vulnerabilities

Debian: Security Advisory (DLA-366-1)

The remote host is missing an update for the...

linux-raspi vulnerabilities

It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly...

CVE-2022-33242 Improper authentication in Qualcomm IPC

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio...

linux-azure-4.15 vulnerabilities

It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly...

Ubuntu: Security Advisory (USN-5924-1)

The remote host is missing an update for...

Linux kernel (Raspberry Pi) vulnerabilities

Releases Ubuntu 20.04 LTS Packages linux-raspi - Linux kernel for Raspberry Pi systems Details It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free...

Ubuntu: Security Advisory (USN-5927-1)

The remote host is missing an update for...

Linux kernel (Azure) vulnerabilities

Releases Ubuntu 18.04 ESM Packages linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems Details It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a...

linux-azure, linux-azure, linux-azure vulnerabilities

It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly...

Linux kernel (Azure) vulnerabilities

Releases Ubuntu 14.04 ESM Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems Details It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a...

Ubuntu: Security Advisory (USN-5918-1)

The remote host is missing an update for...

linux-bluefield vulnerabilities

It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that....

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities

It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly...

Ubuntu: Security Advisory (USN-5909-1)

The remote host is missing an update for...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

Linux kernel (BlueField) vulnerabilities

Releases Ubuntu 20.04 LTS Packages linux-bluefield - Linux kernel for NVIDIA BlueField platforms Details It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a...

linux-azure-fde vulnerabilities

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly....

Linux kernel (Azure CVM) vulnerabilities

Releases Ubuntu 20.04 LTS Packages linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems Details It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use...

CVE-2023-20938

In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android.....

CVE-2023-23080

Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda...

CVE-2023-23080

Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda...

Command injection

Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda...

CVE-2023-23080

Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda...

Amazon Linux 2 : thunderbird (ALAS-2023-1951)

The version of thunderbird installed on the remote host is prior to 102.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1951 advisory. An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited....

Important: thunderbird

Issue Overview: An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9. (CVE-2021-4127) Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele.....

Important: thunderbird

Issue Overview: 2024-05-23: CVE-2023-0430 was added to this advisory. An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9. (CVE-2021-4127) Mozilla developers and comm...

Siemens SIMATIC Industrial Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Ubuntu: Security Advisory (USN-5877-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-5874-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-5875-1)

The remote host is missing an update for...

linux-gke-5.15 vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-4378) Tamás Koczka discovered that the Bluetooth L2CAP handshake...

linux-gke vulnerabilities

It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that....

linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-oracle-5.4 vulnerabilities

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly....

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.6ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16

Summary Synthetic Playback Agent 8.1.4.0-8.1.4 IF17 has addressed the following vulnerabilities: CVE-2022-46881, CVE-2022-46872, CVE-2022-46880, CVE-2022-46882, CVE-2022-46874, CVE-2022-46875, CVE-2022-46878 Vulnerability Details ** CVEID: CVE-2022-46881 DESCRIPTION: **Mozilla Firefox could allow.....

Linux kernel (GKE) vulnerabilities

Releases Ubuntu 20.04 LTS Packages linux-gke - Linux kernel for Google Container Engine (GKE) systems Details It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a...

Linux kernel (GKE) vulnerabilities

Releases Ubuntu 20.04 LTS Packages linux-gke-5.15 - Linux kernel for Google Container Engine (GKE) systems Details Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems linux-hwe-5.4 - Linux hardware enablement...

ipc-computer.de Cross Site Scripting vulnerability OBB-3193895

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.522.3] - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Sasha Levin) [Orabug: 34653896] {CVE-2022-3303} - net/rds: Fill in rds_exthdr_size gaps (Gerd Rausch) [Orabug: 34979172] - net/rds: Trigger rds_send_hs_ping() more than once (Gerd Rausch) [Orabug: 34607787] - Revert 'RDS:...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.316.7] - runtime revert of virtio_net: Stripe queue affinities across cores. (Konrad Rzeszutek Wilk) [Orabug: 35001045] [5.4.17-2136.316.6] - block: Change the granularity of io ticks from ms to ns (Gulam Mohamed) [Orabug: 34780807] - powercap: intel_rapl: support new layout of...

Unbreakable Enterprise kernel security update

[5.4.17-2136.316.7] - runtime revert of virtio_net: Stripe queue affinities across cores. (Konrad Rzeszutek Wilk) [Orabug: 35001045] [5.4.17-2136.316.6] - block: Change the granularity of io ticks from ms to ns (Gulam Mohamed) [Orabug: 34780807] - powercap: intel_rapl: support new layout of...

Unbreakable Enterprise kernel security update

[4.14.35-2047.522.3] - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Sasha Levin) [Orabug: 34653896] {CVE-2022-3303} - net/rds: Fill in rds_exthdr_size gaps (Gerd Rausch) [Orabug: 34979172] - net/rds: Trigger rds_send_hs_ping() more than once (Gerd Rausch) [Orabug: 34607787] - Revert 'RDS:...

CVE-2022-33243

Memory corruption due to improper access control in Qualcomm...

CVE-2022-33243

Memory corruption due to improper access control in Qualcomm...

Improper access control

Memory corruption due to improper access control in Qualcomm...

Ubuntu: Security Advisory (USN-5853-1)

The remote host is missing an update for...

linux, linux-aws, linux-azure, linux-azure-5.4, linux-gkeop, linux-kvm, linux-oracle, linux-raspi, linux-raspi-5.4 vulnerabilities

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly....

CVE-2022-30564

Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system...

Code injection

Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system...

CVE-2022-33243 Improper access control in Qualcomm IPC

Memory corruption due to improper access control in Qualcomm...