Ricoh Company, Ltd. Security Vulnerabilities

CVE-2023-36456

authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy...

CVE-2023-28574

Memory corruption in core services when Diag handler receives a command to configure event...

CVE-2023-28574 Improper Input Validation in Core

Memory corruption in core services when Diag handler receives a command to configure event...

CVE-2023-33045 Buffer Copy Without Checking Size of Input in WLAN Firmware

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3...

CVE-2023-33078 Buffer Over-read in DSP Services

Information Disclosure while processing IOCTL request in...

CVE-2023-33027 Buffer Over-read in WLAN Firmware

Transient DOS in WLAN Firmware while parsing rsn...

CVE-2023-24847 NULL pointer Dereference in Modem

Transient DOS in Modem while allocating DSM...

CVE-2023-33026

Transient DOS in WLAN Firmware while parsing a NAN management...

CVE-2023-33026 Buffer over-read in WLAN Firmware

Transient DOS in WLAN Firmware while parsing a NAN management...

CVE-2023-33107

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL...

CVE-2023-33106 Use of Out-of-range Pointer Offset in Graphics

Memory corruption while submitting a large list of sync points in an AUX command to the...

CVE-2024-36006

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

CVE-2023-33107

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL...

Check Point VPN-1 PAT Information Disclosure Vulnerability - Active Check

Check Point VPN-1 PAT is prone to an information disclosure ...

CVE-2023-33063

Memory corruption in DSP Services during a remote call from HLOS to...

CVE-2022-40512

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or...

CVE-2022-40512 Buffer over-read in WLAN Firmware.

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or...

CVE-2023-24847 NULL pointer Dereference in Modem

Transient DOS in Modem while allocating DSM...

CVE-2023-43512 Buffer Over-read in Qualcomm ESL

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services...

CVE-2023-43512 Buffer Over-read in Qualcomm ESL

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services...

CVE-2024-36006

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

Liferay Portal 6.1.0 'addUser()' Security Bypass

The version of Liferay Portal hosted on the remote web server contains a flaw in the 'UserServiceUtil' class's 'addUser' method that allows a remote, unauthenticated attacker to create new administrative users. Since administrative users can install new plugins and extensions, this may lead to...

CVE-2024-23910

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B.....

CVE-2024-25579

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit...

CVE-2024-36007

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...

CVE-2024-26258

OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the...

CVE-2024-36007

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...

CVE-2023-33106

Memory corruption while submitting a large list of sync points in an AUX command to the...

CVE-2020-27352

When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading...

Ivanti Policy Secure Detection

The web interface for Ivanti Policy Secure (formerly known as Pulse Policy Secure), a network access control (NAC) server, was detected on the remote host. Note that Nessus attempts to retrieve the version information without credentials. If HTTP credentials are specified then an attempt to...

CVE-2024-36103

OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the...

Polyfill.io Supply Chain Attack

The polyfill.js is a popular open-source library that supports older browsers. Thousands of sites embed it using the cdn[.]polyfill[.]io domain. In February 2024, a Chinese company (Funnull) bought the domain and the GitHub account. The company has modified Polyfill.js so malicious code would be...

CVE-2024-35855

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...

CVE-2022-33230 Buffer copy without checking the size of input in FM Host

Memory corruption in FM Host due to buffer copy without checking the size of input in FM...

CVE-2022-33230 Buffer copy without checking the size of input in FM Host

Memory corruption in FM Host due to buffer copy without checking the size of input in FM...

CVE-2022-25745 Always Incorrect Control Flow Implementation in MODEM

Memory corruption in modem due to improper input validation while handling the incoming CoAP...

CVE-2022-25745 Always Incorrect Control Flow Implementation in MODEM

Memory corruption in modem due to improper input validation while handling the incoming CoAP...

CVE-2022-33288

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection...

CVE-2022-33278

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer...

CVE-2022-25728 Buffer Over-read in MODEM

Information disclosure in modem due to buffer over-read while processing response from DNS...

CVE-2022-33279 Stack based buffer overflow in WLAN

Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame...

CVE-2022-25732

Information disclosure in modem due to buffer over read in dns client due to missing length...

apko Exposure of HTTP basic auth credentials in log output

Summary Exposure of HTTP basic auth credentials from repository and keyring URLs in log output Details There was a handful of instances where the apko tool was outputting error messages and log entries where HTTP basic authentication credentials were exposed for one of two reasons: The%s verb was.....

CVE-2024-34947

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...

CVE-2024-34947

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...

CVE-2022-25739 Null Point Dereference in MODEM

Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM...

CVE-2022-25739 Null Point Dereference in MODEM

Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM...

CVE-2022-25740

Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the...

CVE-2022-25740 Buffer Copy Without Checking Size of Input in MODEM

Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the...

CVE-2022-33291

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed...