SUSE SLES15 Security Update : kernel (SUSE-SU-2023:4030-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4030-1 advisory. The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...

The vulnerability of the Neural Engine component in operating systems such as iPadOS, tvOS, iOS, watchOS, and macOS allows attackers to execute arbitrary code.

The vulnerability of the Neural Engine component in iPadOS, tvOS, iOS, watchOS, and macOS relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of SiPass integrated software for security and access control systems arises from operations that go beyond the buffer in memory, allowing attackers to cause system failures.

The vulnerability of SiPass integrated software for security and access control systems is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability of the XNU kernel in iPadOS and iOS systems, which allows attackers to gain increased privileges

The vulnerability of the XNU kernel in iPadOS and iOS systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of MediaTek’s WLAN micro-programming software chip allows attackers to gain access to confidential information.

The vulnerability of the WLAN microprogramming software of MediaTek relates to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to access confidential information...

The vulnerability of MediaTek’s WLAN driver microprogramming software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the WLAN driver software developed by MediaTek relates to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of WLAN micro-programming software from MediaTek allows attackers to enhance their privileges.

The vulnerability of the WLAN microprogramming software system from MediaTek relates to reading data outside the buffer in memory. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Sandbox component in operating systems such as iPadOS, tvOS, iOS, watchOS, and macOS allows a hacker to re-record any files they desire.

The vulnerability of the Sandbox component in operating systems such as iPadOS, tvOS, iOS, watchOS, and macOS arises from the execution of operations outside the buffer in memory. Exploiting this vulnerability allows an attacker to overwrite arbitrary files...

The vulnerability of the hcp component in MediaTek’s microprogramming software chips allows attackers to enhance their privileges.

The vulnerability of the hcp component in MediaTek’s microprogramming software chips relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of Parasolid’s 3D geometric modeling tool and Teamcenter Visualization’s product lifecycle management system lies in the ability to read data beyond the buffer in memory, allowing attackers to execute arbitrary code.

The vulnerability of Parasolid’s 3D geometric modeling tool and the Teamcenter Visualization product lifecycle management system lies in the reading of data beyond the buffer in memory. Exploiting this vulnerability can allow attackers to execute arbitrary code using a specially created XT file...

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software, related to the occurrence of operations outside the buffer in memory, allows attackers to disclose protected information.

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose protected information using a specially created EMF file...

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server, related to the execution of operations outside the buffer in memory, allows an attacker to execute arbitrary code.

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2023-20251

A vulnerability in the memory buffer of Cisco Wireless LAN Controller WLC AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under...

CVE-2023-20251

A vulnerability in the memory buffer of Cisco Wireless LAN Controller WLC AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under...

CVE-2023-20251

CVE-2023-20251 affects Cisco Wireless LAN Controller (WLC) AireOS Software. The issue is described as a vulnerability in the memory buffer that allows an unauthenticated, adjacent attacker to trigger memory leaks by orchestrating multiple wireless clients to connect to an access point, which can ...

Siemens InsydeH2O Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-41837)

An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to...

Siemens InsydeH2O Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-41839)

An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges...

Siemens InsydeH2O Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-33627)

An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServiceSmm. Software SMI services that use the Communicate function of the EFISMMCOMMUNICATIONPROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses Insyde BIOS is...

CVE-2023-42753

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...

Buffer overflow

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...