kernel: Linux kernel: Denial of Service in ice driver via ethtool reload

A flaw was found in the Linux kernel's ice driver. A local attacker with low privileges could trigger a null pointer dereference by calling the ethtool utility during a driver reload operation when the Virtual Station Interface VSI is not properly configured. This can lead to a system crash,...

PT-2023-9646 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: The issue is related to improper handling of frames with VLAN tag information, which could allow an unauthenticated, adjacent attacker to cause a denial of service DoS conditi...

PT-2023-9499 · Cisco · Cisco Ios Xe +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS Software and Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Resource Reservation Protocol RSVP feature could allow an unauthenticated, remote attacker to cause an affected device to reload...

PT-2023-9504 · Cisco · Cisco Small Business Rv042G +3

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV042, RV042G, RV320, and RV325 Routers affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, Administrator-level, remote attacker to cause an...

PT-2023-9644 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a...

PT-2023-9502 · Cisco · Cisco Ios Xe +2

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software versions 17.12.1 through 17.12.1a Description: The issue is related to improper management of resources during fragment reassembly in the IPv4 fragmentation reassembly code, which could allow an unauthenticated, remote...

PT-2023-9616 · Cisco · Rv320 +3

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV042, RV042G, RV320, and RV325 Routers affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, Administrator-level, remote attacker to cause an...

kernel: Linux kernel: Denial of Service in ice driver via ethtool reload

A flaw was found in the Linux kernel's ice driver. A local attacker with low privileges could trigger a null pointer dereference by calling the ethtool utility during a driver reload operation when the Virtual Station Interface VSI is not properly configured. This can lead to a system crash,...

kernel: devlink: hold region lock when flushing snapshots

In the Linux kernel, the following vulnerability has been resolved: devlink: hold region lock when flushing snapshots Netdevsim triggers a splat on reload, when it destroys regions with snapshots pending: WARNING: CPU: 1 PID: 787 at net/core/devlink.c:6291 devlinkregionsnapshotdel+0x12e/0x140 CPU...

This Week in Spring - November 7th, 2023

Hi, Spring fans! Can you believe we've already turned the calendar page to November? Time sure is a swift developer, deploying months as if they were minor versions in an ever-evolving application. As we adjust our clocks to fall back, waving a reluctant goodbye to daylight savings time, the...

SSL hot reload in Spring Boot 3.2.0

In Spring Boot 3.2.0, we're adding the ability for embedded web servers to hot-reload SSL certificates and keys. That means you can rotate your SSL trust material without restarting your application. Hot reloading is supported for Tomcat and Netty embedded web servers. Let's see that in action!...

CVE-2023-20086

A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper processing of ICMPv6 messages. A...

PT-2023-7129 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to a lack of rate-limiting of requests sent to a specific API related to an FMC log, which could allow an unauthenticated, remote...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: bom, terraform, dynamic-localpv-provisioner, metrics-server, nri-prometheus, k8sgpt-operator, flux-source-controller, spark-operator, prometheus-elasticsearch-exporter, prometheus-mongodb-exporter-fips, falcoctl, wavefront-collector-for-kubernetes, external-dns-fips,...

CVE-2023-39323 vulnerabilities

Vulnerabilities for packages: falco, configmap-reload-fips, metrics-server, kind, smarter-device-manager-fips...

Minor update (5) for Vivaldi Desktop Browser 6.2

Download Vivaldi The following improvements were made since the fourth 6.2 minor update: Address bar Can be blank/empty VB-99745 Chromium Upgraded to 116.0.5845.230: CVE-2023-5217 CrashSpatial Navigation Crash while reloading a page VB-100012 CrashWorkspaces Closing window with an open workspace...

CVE-2023-20187

A vulnerability in the Multicast Leaf Recycle Elimination mLRE feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service DoS condition. This...

Design/Logic Flaw

A vulnerability in the Layer 2 Tunneling Protocol L2TP feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could explo...

CVE-2023-20226

A vulnerability in Application Quality of Experience AppQoE and Unified Threat Defense UTD on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to the...

Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability

A vulnerability in Application Quality of Experience AppQoE and Unified Threat Defense UTD on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to the...