SUSE SLED15: cluster-md-kmp-64kb / cluster-md-kmp-default / dlm-kmp-64kb / etc (SUSE-SU-2023:4071-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4071-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. Th...

SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2023:4030-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4030-1 advisory. The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...

Code injection

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

PT-2023-6166 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient input validation in the Windows TCP/IP protocol implementation. This can be exploited by a remote attacker to cause a denial of service. Recommendations...

The vulnerability of the SetWan2Settings() function in D-Link DIR-3040 wireless router software allows a hacker to execute arbitrary code.

The vulnerability of the SetWan2Settings function in D-Link DIR-3040 wireless router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted HNAP...

SUSE SLES15: cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc (SUSE-SU-2023:3988-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3988-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were...

USN-6417-1: Linux kernel vulnerabilities

It was discovered that the eBPF implementation in the Linux kernel contained a race condition around read-only maps. A privileged attacker could use this to modify read-only maps. CVE-2021-4001 It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash...

SUSE-SU-2023:3632-1 Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059127 fixes several issues. The following security issues were fixed: - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol bsc1211395. - CVE-2023-3567: Fixed a use-after-free in vcsread in...

CVE-2023-38149

Windows TCP/IP Denial of Service Vulnerability...

Oracle Linux 7 : mariadb (ELSA-2019-2327)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2327 advisory. - CVEs fixed: 1610986 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3081 - CVEs fixed: 1664043 CVE-2018-3282 CVE-2019-2503 Tenable has extracted t...

CVE-2023-20200

A vulnerability in the Simple Network Management Protocol SNMP service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service DoS condition...

Cisco 多款产品安全漏洞

Cisco FXOS Software and UCS 6300 Series Fabric Interconnects are both products of Cisco, Inc. Cisco FXOS Software is a suite of firewall software that runs in Cisco security appliances.UCS 6300 Series Fabric The UCS 6300 Series Fabric Interconnects is a 6300 Series switching matrix device. A...

SUSE-SU-2023:3313-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' bsc1206418. - CVE-2023-0459: Fixed information leak in uaccessbeginnospec...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2023-2584)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105remove in...

CVE-2023-36480

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them...

Design/Logic Flaw

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them...

CVE-2023-36480

CVE-2023-36480 affects the Aerospike Java Client. The vulnerability arises from unsafe deserialization of server-provided data: messages may contain Java objects that the client deserializes via JBLOB payloads using Java’s ObjectInputStream, without sufficient validation. This can lead to Remote ...

CVE-2023-36480 Aerospike Java Client vulnerable to unsafe deserialization of server responses

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them...

Deserialization of Untrusted Data

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them...

A flaw was found in the sctp_make_strreset_req function in net sctp sm_make_chunk.c

A flaw was found in the sctpmakestrresetreq function in net/sctp/smmakechunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUGON issue, leading to a denial of service DOS...