Peplink Smart Reader /bin/login privilege escalation vulnerability

Talos Vulnerability Report TALOS-2023-1868 Peplink Smart Reader /bin/login privilege escalation vulnerability April 17, 2024 CVE Number CVE-2023-40146 SUMMARY A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted...

The vulnerability of the USB HID analyzer used by Wireshark, which is used to analyze computer network traffic, allows a hacker to perform a service denial.

The vulnerability of the USB HID analyzer used by Wireshark for analyzing computer network traffic is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

SUSE CVE-2021-47195

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the addlock mutex Commit 6098475d4cb4 "spi: Fix deadlock when adding SPI controllers on SPI buses" introduced a per-controller mutex. But mutexunlock of said lock is called after the controller is alrea...

SUSE CVE-2024-2397

Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLTPPPSERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21...

Silex Technology DS-600 安全漏洞

The Silex Technology DS-600 is a hardware device from Silex Technology, Inc. designed to easily connect and share USB 3.0 and 2.0 devices over a network. A security vulnerability exists in the Silex Technology DS-600 version v.1.4.1. A remote attacker could exploit the vulnerability to edit devic...

DEBIAN-CVE-2021-47210

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tipd: Remove WARNON in tps6598xblockread Calling tps6598xblockread with a higher than allowed len can be handled by just returning an error. There's no need to crash systems with panic-on-warn enabled...

CVE-2021-47195

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the addlock mutex Commit 6098475d4cb4 "spi: Fix deadlock when adding SPI controllers on SPI buses" introduced a per-controller mutex. But mutexunlock of said lock is called after the controller is alrea...

kernel security, bug fix, and enhancement update

4.18.0-513.24.19.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

UBUNTU-CVE-2024-3446

A double free vulnerability was found in QEMU virtio devices virtio-gpu, virtio-serial-bus, virtio-crypto, where the memreentrancyguard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host,...

PT-2024-7852

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The vulnerability is related to the serial component of the Linux kernel and involves a NULL pointer dereference in the uart tty port shutdown function. This can lead to a denial of...

Unbreakable Enterprise kernel security update

4.14.35-2047.535.2.1 - netfilter: nftables: reject QUEUE/DROP verdict parameters Florian Westphal Orabug: 36467681 CVE-2024-1086 4.14.35-2047.535.2 - Fix null ptr in rdstcprecvpath Allison Henderson Orabug: 33499812 - LTS version: v4.14.338 Saeed Mirzamohammadi - crypto: scompress - initialize...

SUSE CVE-2024-26677

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference...

CVE-2023-48426

u-boot bug that allows for u-boot shell and interrupt over UART...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a security issue in spi cadence-qspi...

UBUNTU-CVE-2024-26748

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlock&privdev-lock; 831 usbgadgetgivebackrequest&privep-endpoint, 832 request; 833 spinlock&privdev-lock; 834 835 836 if request-buf ==...

DEBIAN-CVE-2024-26715

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix NULL pointer dereference in dwc3gadgetsuspend In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc-gadgetdriver in dwc3gadgetsuspend, a NULL...

CVE-2024-26677

A vulnerability in the Linux kernel affects the Remote Procedure Call over the Rx protocol rxrpc subsystem. The flaw involves an issue with delayed acknowledgments ACKs in which the system mistakenly sets the reference serial number. This reference serial number is not valid in this context and...

CVE-2024-26677

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference...

AZL-58701 CVE-2024-26677 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference...

DEBIAN-CVE-2024-26677

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference...