what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

CVE-2023-4586

Status Candidate

Overview

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.

Related Files

Ubuntu Security Notice USN-6625-3
Posted Feb 20, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6625-3 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2023-34324, CVE-2023-35827, CVE-2023-45863, CVE-2023-46343
SHA-256 | 52bdeffe5f0a9bcabf5888bdf230cc21b6b378f00b6361fdcb2347a717f725ef
Ubuntu Security Notice USN-6625-2
Posted Feb 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6625-2 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2023-34324, CVE-2023-35827, CVE-2023-45863, CVE-2023-46343
SHA-256 | b66fd333f93de3d51bd80224f8e2d3a19cbfc05e73e64ee252cbdbc53d94990c
Ubuntu Security Notice USN-6625-1
Posted Feb 8, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6625-1 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2023-34324, CVE-2023-35827, CVE-2023-45863, CVE-2023-46343
SHA-256 | f216969201e4323ce6545b98d9b1f08db39bd8c3f06097ee0d2bd0d95e8ad152
Ubuntu Security Notice USN-6604-2
Posted Jan 30, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6604-2 - It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service. Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1079, CVE-2023-20588, CVE-2023-45863, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932
SHA-256 | 87adb9a0dd630857bb46668b561ed587d03265f1d69126841b1f12420169e7bc
Ubuntu Security Notice USN-6604-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6604-1 - It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service. Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1079, CVE-2023-20588, CVE-2023-45863, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932
SHA-256 | d17c6353365258970841d80fc94ccc64beed6a1122b15a1bc1be29121160ed39
Ubuntu Security Notice USN-6602-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6602-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-20588, CVE-2023-45863, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932
SHA-256 | e4ea46e063ed7320c58795d9803e3ac6d7fa5f331537b1801175adb5167bb09e
Ubuntu Security Notice USN-6577-1
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6577-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-20588, CVE-2023-45863
SHA-256 | f5c75748cbd05864595b53a3d62429463f197d9429e3dc98c4eef18615631d48
Gentoo Linux Security Advisory 202401-03
Posted Jan 5, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-3 - Multiple vulnerabilities have been discovered in Bluez, the worst of which can lead to privilege escalation. Versions greater than or equal to 5.70-r1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2023-45866
SHA-256 | 00bcf7d7f39e7957ade6ec3d65eccb58e969676ea0a1c77b50884d272960344f
Debian Security Advisory 5594-1
Posted Jan 3, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5594-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2021-44879, CVE-2023-25775, CVE-2023-34324, CVE-2023-35827, CVE-2023-45863, CVE-2023-46813, CVE-2023-46862, CVE-2023-5178, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782, CVE-2023-5197, CVE-2023-5717, CVE-2023-6121
SHA-256 | 14c6c74cd19f5de7ddf98f535462c89656d00f4606e765c1a9e334df63a6e08f
Debian Security Advisory 5584-1
Posted Dec 22, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5584-1 - It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile configuration option ClassicBondedOnly now defaults to "true" to make sure that input connections only come from bonded device connections.

tags | advisory
systems | linux, debian
advisories | CVE-2023-45866
SHA-256 | c60c03d128a6806b3f8d0e7cf027c5d53155058c8e252594daf8af61d204802d
Apple Security Advisory 12-11-2023-2
Posted Dec 13, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 12-11-2023-2 - iOS 17.2 and iPadOS 17.2 addresses code execution and spoofing vulnerabilities.

tags | advisory, spoof, vulnerability, code execution
systems | apple, ios
advisories | CVE-2023-42883, CVE-2023-42884, CVE-2023-42890, CVE-2023-42897, CVE-2023-42898, CVE-2023-42899, CVE-2023-42914, CVE-2023-42919, CVE-2023-42922, CVE-2023-42923, CVE-2023-42927, CVE-2023-45866
SHA-256 | 0438f0a9537e5a05a2fce86952d5d7e45b1197dfffe609685a02eb3c1566aa69
Ubuntu Security Notice USN-6540-1
Posted Dec 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6540-1 - It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-45866
SHA-256 | 8a870ceb8e8b80fecb7bdf6531423f8e70b239e9839c50be042ab87d8f8c36d4
Red Hat Security Advisory 2023-7676-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7676-03 - An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-4586
SHA-256 | 7309ba6c927129d683e74a7e01c0064fa834be170846be389601a6a7590466ea
Ubuntu Security Notice USN-6532-1
Posted Dec 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6532-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-20593, CVE-2023-31085, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-45862, CVE-2023-45871, CVE-2023-5717
SHA-256 | 0cdb4aa760fab31533df80e24faf46d100f20dc5ee5242cc463797b7fe3e75e1
Ubuntu Security Notice USN-6494-2
Posted Dec 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6494-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-31085, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-45862, CVE-2023-45871, CVE-2023-5717
SHA-256 | f60fcecace1faaeb9fc2bd6e186bb143ebb3802e541e9c577ab37e5ad12177f5
Ubuntu Security Notice USN-6494-1
Posted Nov 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6494-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-31085, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-45862, CVE-2023-45871, CVE-2023-5717
SHA-256 | b8155c22b0aee7834c05ed29a1774d0847591054fd409c28e4a01741d747e025
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close