kernel: net/ulp: use-after-free in listening ULP sockets

A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context struct tlscontext on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system...

DEBIAN-CVE-2023-21400

In multiple functions of iouring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-28061

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

CVE-2023-28056

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

CVE-2023-28034

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

CVE-2023-20752

In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826586; Issue ID: ALPS07826586...

CVE-2023-20727

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588531; Issue ID: ALPS07588531...

CVE-2023-3099

A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function deletefile in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch...

Improper access control

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the...

PT-2023-23088 · Unknown · Kylin-Software-Properties

Name of the Vulnerable Software and Affected Versions: kylin-software-properties versions prior to 0.0.1-130 Description: A critical issue has been found in the changedSource function, leading to improper access controls. This can be exploited locally. It is reported that the exploit has been...

AZL-27062 CVE-2023-2985 affecting package kernel for versions less than 5.15.116.1-1

A use after free flaw was found in hfsplusputsuper in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem...

PUB-A-265149414

In the Google BMS kernel module, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-2875

A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on...

Null pointer dereference

A vulnerability classified as problematic has been found in FlexiHub 5.5.14691.0. This affects the function 0x220088 in the library fusbhub.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been...

CVE-2023-2871 FabulaTech USB for Remote Desktop IoControlCode 0x220408 null pointer dereference

A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be...

PT-2023-9015 · Totolink · Totolink N200Re

Name of the Vulnerable Software and Affected Versions: TOTOLINK N200RE version 9.3.5u.6255 B20211224 Description: A problematic vulnerability has been found in the Telnet Service component of the TOTOLINK N200RE, affecting an unknown function of the file /squashfs-root/etc ro/custom.conf. The...

CVE-2023-20707

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628556; Issue ID: ALPS07628556...

CVE-2023-2644 DigitalPersona FPSensor DpHost.exe unquoted search path

A vulnerability, which was classified as problematic, has been found in DigitalPersona FPSensor 1.0.0.1. This issue affects some unknown processing of the file C:\Program Files x86\FPSensor\bin\DpHost.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The...

USN-6056-1 linux-oem-6.1 vulnerability

It was discovered that a race condition existed in the Xen transport layer implementation for the 9P file system protocol in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service guest crash or expose sensitive information guest...

SUSE CVE-2023-2241

A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to th...