Ricoh Company, Ltd. Security Vulnerabilities

CVE-2023-21653 Reachable Assertion in Modem

Transient DOS in Modem while processing RRC reconfiguration...

CVE-2023-21635 Buffer Copy without Checking Size of Input in Data Network Stack & Connectivity

Memory Corruption in Data Network Stack & Connectivity when sim gets detected on...

CVE-2023-21661

Transient DOS while parsing WLAN beacon or probe-response...

CVE-2023-21661 Buffer Over-read in WLAN Firmware

Transient DOS while parsing WLAN beacon or probe-response...

CVE-2023-21646

Transient DOS in Modem while processing invalid System Information Block...

CVE-2022-33304 NULL pointers dereference in Modem

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP...

CVE-2022-33244 Reachable assertion in Modem

Transient DOS due to reachable assertion in modem during MIB reception and SIB...

CVE-2022-34146

Transient DOS due to improper input validation in WLAN Host while parsing frame during...

CVE-2022-34146 Improper input validation in WLAN Host

Transient DOS due to improper input validation in WLAN Host while parsing frame during...

CVE-2022-34146 Improper input validation in WLAN Host

Transient DOS due to improper input validation in WLAN Host while parsing frame during...

CVE-2022-40535

Transient DOS due to buffer over-read in WLAN while sending a packet to...

CVE-2022-40502 Improper input validation in WLAN Host

Transient DOS due to improper input validation in WLAN...

CVE-2022-40533

Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI...

CVE-2022-40533 Untrusted Pointer Dereference in Core

Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI...

CVE-2022-40527 Reachable Assertion in WLAN Embedded SW

Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by...

CVE-2022-25730

Information disclosure in modem due to improper check of IP type while processing DNS server...

CVE-2022-25730 Buffer Over-read in MODEM

Information disclosure in modem due to improper check of IP type while processing DNS server...

CVE-2022-25729 Improper Input Validation in MODEM

Memory corruption in modem due to improper length check while copying into...

Ivanti Policy Secure Detection

The web interface for Ivanti Policy Secure (formerly known as Pulse Policy Secure), a network access control (NAC) server, was detected on the remote host. Note that Nessus attempts to retrieve the version information without credentials. If HTTP credentials are specified then an attempt to...

Inside the Biggest FBI Sting Operation in History

When a drug kingpin named Microsoft tried to seize control of an encrypted phone company for criminals, he was playing right into its real owners’...

CVE-2024-1662 Information Disclosure in Porty's PowerBank

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before...

CVE-2023-28555

Transient DOS in Audio while remapping channel buffer in media codec...

CVE-2023-21653

Transient DOS in Modem while processing RRC reconfiguration...

CVE-2023-21658 Buffer Over-Read in WLAN Firmware

Transient DOS in WLAN Firmware while processing the received beacon or probe response...

CVE-2022-33246 Use of out-of-range pointer offset in Audio

Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session...

CVE-2022-34145 Buffer over-read in WLAN Host

Transient DOS due to buffer over-read in WLAN Host while parsing frame...

CVE-2022-40538 Reachable assertion in Modem

Transient DOS due to reachable assertion in modem while processing sib with incorrect values from...

CVE-2022-40536 Improper authentication in Modem

Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from...

CVE-2022-25730 Buffer Over-read in MODEM

Information disclosure in modem due to improper check of IP type while processing DNS server...

CVE-2022-25729

Memory corruption in modem due to improper length check while copying into...

CVE-2023-21658

Transient DOS in WLAN Firmware while processing the received beacon or probe response...

CVE-2022-33250 Reachable assertion in Modem

Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE...

CVE-2022-33246

Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session...

CVE-2022-33246 Use of out-of-range pointer offset in Audio

Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session...

CVE-2022-33244

Transient DOS due to reachable assertion in modem during MIB reception and SIB...

CVE-2022-33254 Reachable assertion in Modem

Transient DOS due to reachable assertion in Modem while processing SIB1...

CVE-2022-40535 Buffer Over-read in WLAN

Transient DOS due to buffer over-read in WLAN while sending a packet to...

CVE-2022-40538

Transient DOS due to reachable assertion in modem while processing sib with incorrect values from...

CVE-2022-40538 Reachable assertion in Modem

Transient DOS due to reachable assertion in modem while processing sib with incorrect values from...

CVE-2022-40536

Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from...

CVE-2022-25729 Improper Input Validation in MODEM

Memory corruption in modem due to improper length check while copying into...

CVE-2022-0555

Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all...

CVE-2024-35634 Woocommerce – Recent Purchases plugin <= 1.0.1 - File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce – Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerce – Recent Purchases: from n/a through...

One Phish, Two Phish, Red Phish, Blue Phish

One of the interesting things about working for a cybersecurity company is that you get to talk...

CVE-2023-4039

DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...

Adobe clarifies Terms of Service change, says it doesn&#8217;t train AI on customer content

Following days of user pushback that included allegations of forcing a "spyware-like" Terms of Service (ToS) update into its products, design software giant Adobe explained itself with several clarifications. Apparently, the concerns raised by the community, especially among Photoshop and...

CVE-2022-1242

Apport can be tricked into connecting to arbitrary sockets as the root...

The Ticketmaster Data Breach May Be Just the Beginning

Data breaches at Ticketmaster and financial services company Santander have been linked to attacks against cloud provider Snowflake. Researchers fear more breaches will soon be...

CVE-2024-35629 WordPress Easy Digital Downloads – Recent Purchases plugin <= 1.0.2 - Remote File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through...

CVE-2024-36006 mlxsw: spectrum_acl_tcam: Fix incorrect list API usage

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...