Lin

**Nome do software vulnerável e versões afetadas** Kernel do Linux (versões afetadas não especificadas) **Descrição** O problema está relacionado ao recurso de redzoning do SLUB no kernel do Linux, que verifica se há corrupção a partir de `s->object size` em vez de `s->inuse`. Isso pode fazer com que o ponteiro da lista livre seja gravado além de `s->object size` quando o tamanho do objeto é menor que 24, corrompendo a redzone. O problema é visível ao usar “slub debug=ZF”. O kernel ajusta o deslocamento para permanecer dentro de `s->object size` a fim de resolver o problema. Não se tem conhecimento da existência de caches nesse intervalo de tamanho no kernel atualmente. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices (affected versions not specified) **Description** The issue is related to insecure key transport in ZigBee communication, allowing attackers to obtain sensitive information, cause denial of service attacks, take over smart home devices, and tamper with messages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices (affected versions not specified) **Description** An issue was discovered that allows attackers to perform multiple denial of service attacks using the ZigBee trust center rejoin procedure on devices using ZigBee PRO. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xiaomi DGNWG03LM version Xiaomi ZNCZ03LM version Xiaomi MCCGQ01LM version Xiaomi WSDCGQ01LM version Xiaomi RTCGQ01LM version **Description** The issue is related to insecure key transport in ZigBee communication. This allows attackers to gain sensitive information, launch denial of service attacks, take over smart home devices, and tamper with messages. **Recommendations** For Xiaomi DGNWG03LM, update the device to a version that addresses the insecure key transport issue. For Xiaomi ZNCZ03LM, update the device to a version that addresses the insecure key transport issue. For Xiaomi MCCGQ01LM, update the device to a version that addresses the insecure key transport issue. For Xiaomi WSDCGQ01LM, update the device to a version that addresses the insecure key transport issue. For Xiaomi RTCGQ01LM, update the device to a version that addresses the insecure key transport issue.

**Name of the Vulnerable Software and Affected Versions** ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices (affected versions not specified) **Description** An issue was discovered that allows attackers to perform a denial of service attack by utilizing the "discover ZigBee network procedure". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices (affected versions not specified) **Description** An issue allows attackers to perform a denial of service attack by utilizing the "discover ZigBee network procedure". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices (affected versions not specified) **Description** An issue allows attackers to perform multiple denial of service attacks using the ZigBee trust center rejoin procedure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** An information disclosure issue exists due to the scripting engine's improper handling of objects in memory. This could allow a remote attacker to disclose protected information using a specially crafted web page. The attacker could obtain information to further compromise the user's system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.