Scalance Xr328-4c Wg (24xfe, 4xge,dc24v) Firmware Security Vulnerabilities
CVE-2024-36942 Bluetooth: qca: fix firmware check error path
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to...
6.8AI Score
0.0004EPSS
CVE-2024-36942 Bluetooth: qca: fix firmware check error path
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to...
7.2AI Score
0.0004EPSS
CVE-2024-36939 nfs: Handle error of rpc_proc_register() in nfs_net_init().
In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning 0 triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been ignored since at least...
7.2AI Score
0.0004EPSS
CVE-2024-36939 nfs: Handle error of rpc_proc_register() in nfs_net_init().
In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning 0 triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been ignored since at least...
6.5AI Score
0.0004EPSS
CVE-2024-36926 powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE At the time of LPAR boot up, partition firmware provides Open Firmware property ibm,dma-window for the PE. This property is provided on the PCI bus the PE is...
6.8AI Score
0.0004EPSS
CVE-2024-36926 powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE At the time of LPAR boot up, partition firmware provides Open Firmware property ibm,dma-window for the PE. This property is provided on the PCI bus the PE is...
6.3AI Score
0.0004EPSS
CVE-2024-36915 nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies syzbot reported unsafe calls to copy_from_sockptr() [1] Use copy_safe_from_sockptr() instead. [1] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset...
6.4AI Score
0.0004EPSS
CVE-2024-36905 tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by.....
7.3AI Score
0.0004EPSS
CVE-2024-36905 tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by.....
6.7AI Score
0.0004EPSS
CVE-2024-36904 tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...
7.4AI Score
0.0004EPSS
CVE-2024-36904 tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...
6.8AI Score
0.0004EPSS
CVE-2024-36902 ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked. [1]....
6.8AI Score
0.0004EPSS
CVE-2024-36902 ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked. [1]....
7.4AI Score
0.0004EPSS
CVE-2024-36901 ipv6: prevent NULL dereference in ip6_output()
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here. syzbot reported:...
6.3AI Score
0.0004EPSS
CVE-2024-36901 ipv6: prevent NULL dereference in ip6_output()
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here. syzbot reported:...
6.8AI Score
0.0004EPSS
CVE-2024-36889 mptcp: ensure snd_nxt is properly initialized on connect
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_nxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snd_una: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 ...
7.2AI Score
0.0004EPSS
CVE-2024-36889 mptcp: ensure snd_nxt is properly initialized on connect
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_nxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snd_una: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 ...
6.5AI Score
0.0004EPSS
CVE-2024-36885 drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup: kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000 [#1]...
6.3AI Score
0.0004EPSS
CVE-2024-36885 drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup: kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000 [#1]...
6.7AI Score
0.0004EPSS
CVE-2024-36880 Bluetooth: qca: add missing firmware sanity checks
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced...
6.6AI Score
0.0004EPSS
CVE-2024-36880 Bluetooth: qca: add missing firmware sanity checks
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced...
7AI Score
0.0004EPSS
CVE-2024-36033 Bluetooth: qca: fix info leak when fetching board id
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching board id Add the missing sanity check when fetching the board id to avoid leaking slab data when later requesting the...
6.4AI Score
0.0004EPSS
CVE-2024-36033 Bluetooth: qca: fix info leak when fetching board id
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching board id Add the missing sanity check when fetching the board id to avoid leaking slab data when later requesting the...
6.8AI Score
0.0004EPSS
Checkpoint POC Exploit for testing purposes to retrieve...
8.6CVSS
6.2AI Score
0.945EPSS
(RHSA-2024:3497) Important: edk2 security update
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234) edk2: Buffer...
7.4AI Score
0.001EPSS
Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update C)
EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, iQ-L Series and MELIPC Series Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could...
7.5CVSS
7.7AI Score
0.002EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: EDW-100 Vulnerabilities: Use of Hard-coded Password, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
9.8CVSS
7.7AI Score
EPSS
Baxter Welch Allyn Connex Spot Monitor
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely Vendor: Baxter Equipment: Welch Allyn Connex Spot Monitor (CSM) Vulnerability: Use of Default Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify device...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies syzbot reported unsafe calls to copy_from_sockptr() [1] Use copy_safe_from_sockptr() instead. [1] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by.....
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE At the time of LPAR boot up, partition firmware provides Open Firmware property ibm,dma-window for the PE. This property is provided on the PCI bus the PE is...
5.5CVSS
7AI Score
0.0004EPSS
7.4AI Score
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1734)
The remote host is missing an update for the Huawei...
8CVSS
7AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_nxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snd_una: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 ...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked. [1]....
5.5CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning 0 triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been ignored since at least...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching board id Add the missing sanity check when fetching the board id to avoid leaking slab data when later requesting the...
7.2AI Score
0.0004EPSS
RHEL 8 : edk2 (RHSA-2024:3497)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3497 advisory. EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI...
8.8CVSS
9.1AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here. syzbot reported:...
5.5CVSS
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1735)
The remote host is missing an update for the Huawei...
8CVSS
7AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup: kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000...
7.1AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
Aquatronica Control System 5.1.6 Passwords Leak Vulnerability
Title: Aquatronica Control System 5.1.6 Passwords Leak Vulnerability Advisory ID: ZSL-2024-5824 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data Risk: (5/5) Release Date:...
7.5AI Score
EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2024-1735)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...
8CVSS
7.2AI Score
EPSS
EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2024-1734)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...
8CVSS
7.2AI Score
EPSS
Security Bulletin: Triton Inference Server - May 2024
NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...
9CVSS
8AI Score
0.0004EPSS
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is...