Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS 17 and iPadOS 17, which stems from an application that may be able to leak...

PT-2023-27431 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: tvOS versions prior to 17 iOS versions prior to 17 iPadOS versions prior to 17 watchOS versions prior to 10 macOS versions prior to Sonoma 14 Description: The issue was addressed with improved memory handling. An app may be able to disclose...

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS 17 and iPadOS 17, which stems from an application that may be able to leak...

PT-2023-27453 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14 Description: The issue was addressed with improved bounds checks. An attacker may be able to cause unexpected system termination or read kernel memory. Recommendations: For versions prior to 14, update to macOS Sono...

CVE-2020-36766

A flaw was found in cecadapglogaddrs in drivers/media/cec/core/cec-api.c in the Linux Kernel. This issue may allow a local attacker to leak one byte of kernel memory on specific hardware to unprivileged users, directly assigning logaddrs with a hole in the structure, causing a kernel information...

PT-2023-27442 · Apple · Ipados +7

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.6 macOS Monterey versions prior to 12.7 tvOS versions prior to 17 watchOS versions prior to 10 iOS versions prior to 17 iPadOS versions prior to 17 macOS Sonoma versions prior to 14 Description: An out-of-bounds rea...

PT-2023-28202 · Apple · Macos Sonoma +6

Name of the Vulnerable Software and Affected Versions: macOS Ventura versions prior to 13.6 tvOS versions prior to 17 iOS versions prior to 16.7 iPadOS versions prior to 16.7 watchOS versions prior to 10 iOS versions prior to 17 iPadOS versions prior to 17 macOS Sonoma versions prior to 14...

CVE-2023-2163

Incorrect verifier pruning in BPF in Linux Kernel =5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape...

CVE-2023-2163

The CVE-2023-2163 entry affects the Linux Kernel (versions >= 5.4) with an incorrect verifier pruning in the BPF subsystem. The root cause is a flaw in BPF verifier pruning that can mark unsafe code paths as safe, enabling arbitrary reads/writes in kernel memory, lateral privilege escalation, ...

CVE-2023-25527

NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information...

CVE-2023-25527

NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information...

Design/Logic Flaw

NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information...

CVE-2023-25527

CVE-2023-25527 affects NVIDIA DGX H100 BMC’s host KVM daemon. A authenticated local attacker can corrupt kernel memory, enabling arbitrary kernel code execution, DoS, privilege escalation, information disclosure, and data tampering. Affected product/component: DGX H100 BMC KVM daemon. Root cause:...

CVE-2023-25527

NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information...

CVE-2023-25527

NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3684-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3684-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security...

Ubuntu: Security Advisory (USN-6388-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6384-1: Linux kernel (OEM) vulnerabilities

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 Lonial Con discover...

kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests

A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash or potentially...

kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests

A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash or potentially...