It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform data buffer size validation in some
situations. A physically proximate attacker could use this to craft a
malicious USB device that when inserted, could cause a denial of service
(system crash) or possibly expose sensitive information.(CVE-2023-1380)
Reima Ishii discovered that the nested KVM implementation for Intel x86
processors in the Linux kernel did not properly validate control registers
in certain situations. An attacker in a guest VM could use this to cause a
denial of service (guest crash).(CVE-2023-30456)
Mingi Cho discovered that the netfilter subsystem in the Linux kernel did
not properly validate the status of a nft chain while performing a lookup
by id, leading to a use-after-free vulnerability. An attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code.(CVE-2023-31248)
Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2023-31436)
Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel
did not properly handle certain pointer data type, leading to an out-of-
bounds write vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-35001)
More Stories
xen-4.19.0-4.fc41
FEDORA-2024-60809cb44e Packages in this update: xen-4.19.0-4.fc41 Update description: x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817] Read More
USN-7031-1: Puma vulnerability
It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite...
USN-7030-1: py7zr vulnerability
It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into...
CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204
Posted by Thomas Weber via Fulldisclosure on Sep 23 CyberDanube Security Research 20240919-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Netman 204...
Submit Exploit CVE-2024-42831
Posted by arfaoui haythem on Sep 23 # Exploit Title: Reflected XSS in Elaine's Realtime CRM Automation v6.18.17 # Date:...