CVE-2023-24582

Two OS command injection vulnerabilities exist in the urvpnclient cmdnameaction functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injectio...

The vulnerability of the TCP/IP communication protocol implementation in the development environment for programmable logic controllers ISaGRAF Workbench allows a attacker to upload, read, and delete files.

The vulnerability of the TCP/IP communication protocol implementation in the development environment for programmable logic controllers ISaGRAF Workbench relates to the transmission of data in an unencrypted form. Exploiting this vulnerability allows a malicious actor to upload, read, and delete...

The vulnerability of the ISN Handler TCP connection processing component in Siemens’ software and hardware products allows attackers to intercept existing sessions.

The vulnerability of the ISN Handler TCP connection processing component in Siemens’ software and hardware products is related to the predictability of random session numbers. Exploiting this vulnerability allows a malicious actor to intercept existing sessions remotely...

kernel: net/ulp: use-after-free in listening ULP sockets

A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context struct tlscontext on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: tcp: tcp_rtx_synack() can be called from process context

In the Linux kernel, the following vulnerability has been resolved: tcp: tcprtxsynack can be called from process context Laurent reported the enclosed report 1 This bug triggers with following coditions: 0 Kernel built with CONFIGDEBUGPREEMPT=y 1 A new passive FastOpen TCP socket is created. This...

kernel: tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpfastopenblackholetimeout. While reading sysctltcpfastopenblackholetimeout, it can be changed concurrently. Thus, we need to add READONCE to its readers...

kernel: tcp: Fix data-races around sysctl_tcp_l3mdev_accept.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpl3mdevaccept. While reading sysctltcpl3mdevaccept, it can be changed concurrently. Thus, we need to add READONCE to its readers...

kernel: NFSD: Protect against send buffer overflow in NFSv2 READ

In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ Since before the git era, NFSD has conserved the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array of pages. This...

kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c

A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...

A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.

...

SUSE CVE-2023-2177

A null pointer dereference issue was found in the sctp network protocol in net/sctp/streamsched.c in Linux Kernel. If streamin allocation is failed, streamout is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service...

The vulnerability of the CAPWAP control protocol implementation in the Cisco IOS XE operating system allows a attacker to trigger a service failure.

The vulnerability of the CAPWAP control protocol implementation in the Cisco IOS XE operating system is related to the use of resources with similar identifiers. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

Siemens SIMATIC CP443-1 OPC UA9 安全漏洞

Siemens SIMATIC IPC DiagMonitor is a suite of system monitoring and troubleshooting software from Siemens, Germany.The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect SIMATIC S7-1200 controllers to a wide area network WAN. They provide integrated security features such as...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel, which arises from the failure to free, or the inability to free, dynamically allocated heap memory in the Stream...

Schneider Electric IGSS Data Server 数据伪造问题漏洞

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which can be exploited by an attacker to cause a denial of service by sending a specific craft...

The vulnerability in the implementation of the SCTP (Stream Control Transmission Protocol) kernel of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the SCTP Stream Control Transmission Protocol implementation in the Linux operating system relates to the situation where a user launches a malicious network service, and someone else connects to that service. This can lead to a shortage of resources for local users. Exploiti...

[SECURITY] Fedora 38 Update: libindi-2.0.0-3.fc38

INDI is a distributed control protocol designed to operate astronomical instrumentation. INDI is small, flexible, easy to parse, and scalable. It supports common DCS functions such as remote control, data acquisition, monitoring, and a lot more...

SUSE CVE-2023-1074

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service...

UBUNTU-CVE-2023-1074

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service...

kernel: nfsd buffer overflow by RPC message over TCP with garbage data

A buffer overflow flaw was found in the Linux kernel nfsd network file system subsystem. The way a user sends RPC over TCP with excess data added at the end of the message could allow a remote user to starve the resources, causing a denial of service...