Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway, Configuration Utility, VPN, Certificate and Base Module affected by multiple vulnerabilities

Summary Vulnerabilities contained within libcurl a 3rd party component and Open SSL were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility, Certificate, VPN and Base Modules. Vulnerabilities contained within Netty a 3rd party component were addressed in the IBM MaaS360 Mobi...

Low: libtiff

Issue Overview: It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose at tifclose.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. CVE-2022-2521 Affected Packages: libtiff Note: This adviso...

CVE-2023-0779

At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible...

CVE-2023-0779

At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible...

Design/Logic Flaw

At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible...

PT-2023-16521 · Zephyrproject +1 · Zephyr

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows for the input of an invalid pointer, which can cause the device to crash. With more knowledge of the device's memory layout, further exploitation is possible...

CVE-2023-0779

Technical details for CVE-2023-0779 are not publicly available in the provided documents; monitor for updates.

CVE-2023-1195

A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request...

AZL-26798 CVE-2023-1195 affecting package kernel for versions less than 5.15.112.1-2

A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request...

Design/Logic Flaw

A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request...

CVE-2023-1195

A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request...

CVE-2023-1195

A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request...

CVE-2023-1195

A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request...

kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c

A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request...

kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c

A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request...

PT-2025-26058 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the cdns3 gadget ep dequeue and cdns3 gadget ep enable functions, where the assignment of priv ep is...

PT-2023-2818 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2 LOGOFF commands. The issue results from the...

Out-of-Bounds Read

libdwarf.so is vulnerable to Out-of-Bounds Read. The vulnerability exists because of an invalid pointer dereference via an invalid line table which allows an attacker to cause an application crash...

CVE-2020-27545

libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object...

CVE-2020-27545

libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object...