Notselwyn

#10079de 53,630
27.4CVSS total
Vulnerabilidades · 3
Alta
1
Crítica
2
PT-2024-1597
7.8
2024-01-24
Linux · Linux Kernel · CVE-2024-1086
**Nome do software vulnerável e versões afetadas:** versões do kernel anteriores à 6.1.77-alt1 versões do kernel-uek, kernel-uek-debug, kernel-uek-debug-devel, kernel-uek-devel, kernel-uek-doc e kernel-uek-tools anteriores à 6.1.77-alt1 versões do kernel 5.10.206 a 5.10.209 (Debian 10 buster) versão do kernel 4.12.14-122 186 **Descrição:** Várias vulnerabilidades foram descobertas em diversos pacotes do kernel Linux, incluindo bpftool, kernel, kernel-abi-whitelists, kernel-debug, kernel-debug-devel, kernel-devel, kernel-doc, kernel-headers, kernel-tools, kernel-tools-libs, kernel-tools-libs-devel, perf e python-perf. Essas vulnerabilidades podem levar à escalada de privilégios, negação de serviço ou vazamento de informações. Especificamente, existe uma vulnerabilidade do tipo “use-after-free” no componente nf tables do kernel versão 4.12.14-122 186, que poderia ser explorada para obter escalada de privilégios local. **Recomendações:** Atualize para a versão 6.1.77-alt1 do kernel ou posterior. Atualize o kernel-uek, kernel-uek-debug, kernel-uek-debug-devel, kernel-uek-devel, kernel-uek-doc e kernel-uek-tools para a versão 6.1.77-alt1 ou posterior. Para o Debian 10 buster, atualize para a versão 5.10.209-2~deb10u1 do kernel ou posterior. Para a versão 4.12.14-122 186 do kernel, aplique a atualização disponível para corrigir a vulnerabilidade de uso após liberação de memória.
PT-2023-15476
9.8
2023-04-27
Nanoleaf · Nanoleaf · CVE-2022-47758
**Name of the Vulnerable Software and Affected Versions** Nanoleaf firmware versions prior to 7.1.1 **Description** The issue is related to missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. This affects IoT smart lights, enabling unauthenticated remote code execution. **Recommendations** For versions prior to 7.1.1, update to a version that includes TLS verification to prevent arbitrary code execution via DNS hijacking attacks. As a temporary workaround, consider restricting access to the device until a patch is available. Avoid using the device in untrusted networks to minimize the risk of exploitation.
PT-2023-14976
9.8
2023-04-18
Nanoleaf · Nanoleaf Desktop App · CVE-2022-46640
**Name of the Vulnerable Software and Affected Versions** Nanoleaf Desktop App versions prior to 1.3.1 **Description** A command injection issue was discovered, which can be exploited through a crafted HTTP request. **Recommendations** For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue.