XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX Security Vulnerabilities

linux-azure-5.4, linux-gcp-5.4, linux-gkeop, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) Zi Fan Tan discovered that the binder.....

Exploit for Uncontrolled Search Path Element in Cisco Anyconnect Secure Mobility Client

CVE-2021-1366 Cisco AnyConnect Posture (HostScan) Local...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux-azure-5.4 - Linux kernel for Microsoft Azure cloud systems linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems linux-gkeop - Linux kernel for Google Container Engine (GKE) systems linux-raspi - Linux kernel for Raspberry...

Linux kernel vulnerabilities

Releases Ubuntu 23.04 Ubuntu 22.04 LTS Packages linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-gcp-6.2 - Linux kernel for Google Cloud Platform (GCP) systems linux-ibm - Linux kernel for IBM cloud systems linux-oracle - Linux kernel for Oracle Cloud systems...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Packages linux-gcp-5.15 - Linux kernel for Google Cloud Platform (GCP) systems linux-gkeop-5.15 - Linux kernel for Google Container Engine (GKE) systems Details It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate...

(RHSA-2023:5019) Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC...

Ubuntu: Security Advisory (USN-6349-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6350-1)

The remote host is missing an update for...

Oracle Linux 8 : firefox (ELSA-2023-4952)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4952 advisory. Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. ...

RHEL 7 : firefox (RHSA-2023:5019)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5019 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

Oracle Linux 5 : Oracle / Linux / 5.6 / kernel (ELSA-2011-0017)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0017 advisory. The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain...

Oracle Linux 7 : firefox (ELSA-2023-5019)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-5019 advisory. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and...

Oracle Linux 7 : pacemaker (ELSA-2020-5453)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5453 advisory. An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with...

Ubuntu: Security Advisory (USN-6344-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6351-1)

The remote host is missing an update for...

Oracle Linux 9 : firefox (ELSA-2023-4958)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4958 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a...

Oracle Linux 6 : perl (ELSA-2011-0558)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0558 advisory. The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME...

Oracle Linux 5 : ELSA-2014-0285-1: / kernel (ELSA-2014-02851)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-02851 advisory. Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls,...

linux-gke, linux-gkeop vulnerabilities

It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service (system crash)....

linux-aws, linux-aws-5.15, linux-ibm-5.15, linux-oracle, linux-oracle-5.15 vulnerabilities

It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service (system crash)....

linux-azure vulnerabilities

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) Zi Fan Tan discovered that the binder.....

Debian DSA-5488-1 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5488 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a...

AlmaLinux 9 : firefox (ALSA-2023:4958)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4958 advisory. A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...

Ubuntu: Security Advisory (USN-6339-1)

The remote host is missing an update for...

AlmaLinux 8 : firefox (ALSA-2023:4952)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:4952 advisory. A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...

Ubuntu: Security Advisory (USN-6338-1)

The remote host is missing an update for...

Debian DLA-3554-1 : thunderbird - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3554 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially...

Linux kernel (Azure) vulnerabilities

Releases Ubuntu 20.04 LTS Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems Details Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2023:3519-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3519-1 advisory. A website could have obscured the full screen notification by using the file open dialog....

Linux kernel (Azure) vulnerabilities

Releases Ubuntu 23.04 Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems Details Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system...

Ubuntu: Security Advisory (USN-6340-1)

The remote host is missing an update for...

AlmaLinux 9 : thunderbird (ALSA-2023:4955)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:4955 advisory. A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...

AlmaLinux 8 : thunderbird (ALSA-2023:4954)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:4954 advisory. A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems linux-ibm-5.15 - Linux kernel for IBM cloud systems linux-oracle - Linux kernel for Oracle Cloud systems...

Debian DLA-3553-1 : firefox-esr - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3553 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially...

Linux kernel (GKE) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-gke - Linux kernel for Google Container Engine (GKE) systems linux-gkeop - Linux kernel for Google Container Engine (GKE) systems Details It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags...

Debian DSA-5485-1 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5485 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a...

linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) Zi Fan Tan discovered that the binder.....

linux, linux-gcp, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia vulnerabilities

It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service (system crash)....

linux, linux-aws, linux-aws-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-raspi vulnerabilities

Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-21255) It was discovered that a race condition existed in....

Linux kernel vulnerabilities

Releases Ubuntu 23.04 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-6.2 - Linux kernel for Amazon Web Services (AWS) systems linux-hwe-6.2 - Linux hardware enablement (HWE) kernel linux-kvm - Linux kernel for cloud...

Mozilla Firefox Code Problem Vulnerability (CNVD-2023-75344)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code issue vulnerability that stems from a potentially exploitable crash that can be exploited by an attacker to cause a use-after-release when receiving rendered data via....

Oracle Linux 7 : thunderbird (ELSA-2023-4945)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4945 advisory. A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible...

SUSE: Security Advisory (SUSE-SU-2023:3519-1)

The remote host is missing an update for...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-hwe-5.4 - Linux...

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-hwe-5.15 - Linux hardware enablement (HWE) kernel linux-ibm - Linux kernel for IBM cloud systems linux-kvm - Linux kernel for cloud environments...

(RHSA-2023:4959) Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC...

(RHSA-2023:4958) Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC...

(RHSA-2023:4957) Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC...

(RHSA-2023:4956) Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) Mozilla: Memory...