Main Vulnerability Database SB2024061808

SB2024061808 - Multiple vulnerabilities in Dell Secure Connect Gateway

Published: June 18, 2024 Updated: May 20, 2025

Security Bulletin ID SB2024061808

Severity

High

Patch available

YES

Number of vulnerabilities 106

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 106 secuirty vulnerabilities.

1) Off-by-one (CVE-ID: CVE-2024-23849)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the rds_recv_track_latency() function in net/rds/af_rds.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.

2) Improper input validation (CVE-ID: CVE-2024-20919)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

3) Improper input validation (CVE-ID: CVE-2024-20918)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

4) Input validation error (CVE-ID: CVE-2024-28182)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to reading the unbounded number of HTTP/2 CONTINUATION frames. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

5) Memory leak (CVE-ID: CVE-2024-26461)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in /krb5/src/lib/gssapi/krb5/k5sealv3.c. A remote attacker can force the application to leak memory and perform denial of service attack.

6) Memory leak (CVE-ID: CVE-2024-26458)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in /krb5/src/lib/rpc/pmap_rmt.c. A remote attacker can perform a denial of service attack.

7) Use-after-free (CVE-ID: CVE-2024-26622)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tomoyo_write_control() function. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

8) NULL pointer dereference (CVE-ID: CVE-2024-26600)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.

9) NULL pointer dereference (CVE-ID: CVE-2024-26595)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the spectrum_acl_tcam() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.

10) Race condition (CVE-ID: CVE-2024-26585)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the tls_encrypt_done() function in net/tls/tls_sw.c. A remote attacker user can send specially crafted requests to the system and perform a denial of service (DoS) attack.

11) Out-of-bounds read (CVE-ID: CVE-2024-23851)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the copy_params() function in drivers/md/dm-ioctl.c. A remote attacker can trigger an out-of-bounds read and perform a denial of service (DoS) attack.

12) Stack-based buffer overflow (CVE-ID: CVE-2024-1151)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the Open vSwitch sub-component in the Linux Kernel. A remote unauthenticated attacker can send specially crafted packets to the system. trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

13) NULL pointer dereference (CVE-ID: CVE-2024-0727)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing fields in the PKCS12 certificate. A remote attacker can pass specially crafted certificate to the server and perform a denial of service (DoS) attack.

14) Use-after-free (CVE-ID: CVE-2024-1086)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code on the system.

15) Resource management error (CVE-ID: CVE-2024-0607)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the nft_byteorder_eval() function in the Netfilter subsystem. A local user can perform a denial of service (DoS) attack.

16) Security features bypass (CVE-ID: CVE-2023-52597)

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.

17) NULL pointer dereference (CVE-ID: CVE-2023-52574)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.

18) Improper error handling (CVE-ID: CVE-2023-52532)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mana_poll_tx_cq() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.

19) Buffer overflow (CVE-ID: CVE-2023-52531)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can escalate privileges on the system.

20) Use-after-free (CVE-ID: CVE-2023-52530)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_key_link() function in net/mac80211/key.c, within the ieee80211_add_key() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.

21) Race condition (CVE-ID: CVE-2023-52502)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() functions in net/nfc/llcp_core.c. A local user can exploit the race and execute arbitrary code with elevated privileges.

22) Stack-based buffer overflow (CVE-ID: CVE-2023-52482)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the VULNBL_AMD() function in arch/x86/kernel/cpu/common.c. A local user can perform a denial of service (DoS) attack.

23) Use-after-free (CVE-ID: CVE-2023-52478)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hidpp_probe() function in drivers/hid/hid-logitech-hidpp.c. A local user can escalate privileges on the system.

24) Use-after-free (CVE-ID: CVE-2023-52475)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the powermate_disconnect() function in drivers/input/misc/powermate.c. A local user can escalate privileges on the system.

25) Improper input validation (CVE-ID: CVE-2024-20921)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

26) Resource exhaustion (CVE-ID: CVE-2024-2511)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to unbounded memory growth when processing TLSv1.3 sessions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that the non-default SSL_OP_NO_TICKET option is being used in TLSv1.3.

27) Out-of-bounds read (CVE-ID: CVE-2023-52451)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the dlpar_memory_remove_by_index() function in arch/powerpc/platforms/pseries/hotplug-memory.c. A local user can trigger an out-of-bounds read and perform a denial of service (DoS) attack.

28) Symlink attack (CVE-ID: CVE-2016-9566)

The vulnerability allows a local user obtain elevated privileges on vulnerable system.

The vulnerability exists due to the application handles log files in unsafe manner. A local user with access to Nagios application (nagios account or member of nagios group) can cerate a specially crafted symlink to nagios log file and execute arbitrary command on vulnerable system with root privileges.

Successful exploitation of this vulnerability may allow a local user to obtain full access to vulnerable system.

29) Stack-based buffer overflow (CVE-ID: CVE-2024-22667)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the did_set_langmap() function in map.c. A remote attacker can trick the victim to open a specially crafted file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

30) Use-after-free (CVE-ID: CVE-2023-48706)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the ex_substitute() function in src/charset.c when executing the ":s" command. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and crash the application.

31) Integer overflow (CVE-ID: CVE-2023-48237)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow when shifting lines in operator pending mode. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application.

32) Integer overflow (CVE-ID: CVE-2023-48236)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow when using the z= command. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application.

33) Integer overflow (CVE-ID: CVE-2023-48235)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow when parsing relative ex addresses. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application.

34) Integer overflow (CVE-ID: CVE-2023-48234)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

35) Integer overflow (CVE-ID: CVE-2023-48233)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow if the count after the :s command is larger than what fits into a (signed) long variable. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application.

36) Integer overflow (CVE-ID: CVE-2023-48232)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and crash the application.

37) Use-after-free (CVE-ID: CVE-2023-48231)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error when closing the window. A remote attacker can trick the victim to open a specially crafted file and crash the application.

38) Use-after-free (CVE-ID: CVE-2023-4750)

The vulnerability allows a remote attacker to crash the application.

The vulnerability exists due to a use-after-free error within the is_qf_win() function in quickfix.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.

39) UNIX symbolic link following (CVE-ID: CVE-2019-3698)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue in the cronjob shipped with nagios. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

40) Improper Authentication (CVE-ID: CVE-2023-42465)

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to insufficient resistance to rowhammer attacks. A local user can bypass authentication process and gain unauthorized access to the system.

41) OS Command Injection (CVE-ID: CVE-2023-51385)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when processing user names, if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. A remote attacker can execute arbitrary OS commands via an untrusted Git repository.

42) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-22259)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input when parsing URL with the UriComponentsBuilder component. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

43) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-22243)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

44) Out-of-bounds read (CVE-ID: CVE-2023-40551)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when parsing MZ binaries. A remote attacker can pass a specially crafted MZ binary to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

45) Out-of-bounds read (CVE-ID: CVE-2023-40550)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the verify_buffer_sbat() function. A remote attacker can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

46) Out-of-bounds read (CVE-ID: CVE-2023-40549)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the verify_buffer_authenticode() function when parsing PE binary. A remote attacker can pass a specially crafted PE binary to the loader, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

47) Integer overflow (CVE-ID: CVE-2023-40548)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the verify_sbat_section on 32-bits systems. A remote attacker can pass a specially crafted PE binary to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

48) Insufficient verification of data authenticity (CVE-ID: CVE-2023-40547)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing verification of data authenticity when parsing HTTP responses. A remote attacker can perform a man-in-the-middle (MitM) attack and use a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise.

This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.

49) NULL pointer dereference (CVE-ID: CVE-2023-40546)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the mirror_one_esl() function in mok.c while creating a new ESL variable. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

50) Out-of-bounds write (CVE-ID: CVE-2022-28737)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a boundary error in the handle_image() function when shim tries to load and execute crafted EFI executables. A local privileged user can trigger an out-of-bounds write error and bypass secure boot protection mechanism.

51) SQL injection (CVE-ID: CVE-2024-1597)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data when using the "PreferQueryMode=SIMPLE" option. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

52) Improper Authentication (CVE-ID: CVE-2023-51767)

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A local user can bypass authentication process and gain unauthorized access to the application by conducting a row hammer attack against the mm_answer_authpassword integer value to flip a single bit.

53) Out-of-bounds write (CVE-ID: CVE-2023-52464)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the thunderx_ocx_com_threaded_isr() function in drivers/edac/thunderx_edac.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.

54) NULL pointer dereference (CVE-ID: CVE-2023-52449)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in mtd. A local user can perform a denial of service (DoS) attack.

55) Race condition (CVE-ID: CVE-2024-23651)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a race condition. A remote attacker can exploit the race and cause the files from the host system being accessible to the build container.

56) OS Command Injection (CVE-ID: CVE-2023-6004)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in OpenSSH client. If an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or "match exec" predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive.

57) Improper Authentication (CVE-ID: CVE-2023-2283)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error within the pki_verify_data_signature() function in pki_crypto.c. The pki_key_check_hash_compatible() function can return SSH_OK value if memory allocation error happens later in the function. The A remote attacker can bypass authentication process and gain unauthorized access to the system.

58) Buffer overflow (CVE-ID: CVE-2021-3634)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling shared secrets. A remote attacker can supply a shared secret of a different size, trigger a memory corruption during the second key re-exchange and crash the application or potentially execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

59) Resource management error (CVE-ID: CVE-2020-1730)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource management while cleaning the AES-CTR ciphers when closing the connection. A remote attacker can initiate a connection to the client and server that supports AES-CTR ciphers and close the connection before ciphers are initialized, triggering a denial of service condition (service crash). The vulnerability affects both client and server implementations.

60) OS Command Injection (CVE-ID: CVE-2019-14889)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to incorrect handling of the SCP command parameters when initiating the connection within the ssh_scp_new() function. A remote attacker can trick victim into using a specially crafted SCP command to connect to a remote SCP server and execute arbitrary commands on the target server with privileges of the current user.

61) NULL pointer dereference (CVE-ID: CVE-2023-45918)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in tgetstr in tinfo/lib_termcap.c. A remote attacker can trick the victim to open a specially crafted file with the affected application and perform a denial of service (DoS) attack.

62) OS Command Injection (CVE-ID: CVE-2024-32487)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when handling newline characters in the filename in filename.c. A remote attacker can trick the victim to pass a specially crafted filename to the affected command and execute arbitrary OS commands on the system.

63) OS Command Injection (CVE-ID: CVE-2022-48624)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the close_altfile() function in filename.c. A remote attacker can trick the victim into using a specially crafted argument for the less command and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

64) Buffer overflow (CVE-ID: CVE-2024-2961)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the iconv() function when converting string to the ISO-2022-CN-EXT character set. A remote attacker can pass specially crafted input to the application, trigger a 4 byte buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

65) Incorrect authorization (CVE-ID: CVE-2024-23653)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to interactive containers API does not validate entitlements check. A remote attacker can use these APIs to ask BuildKit to run a container with elevated privileges.

66) Path traversal (CVE-ID: CVE-2024-23652)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within BuildKit frontend or Dockerfile using RUN --mount. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

67) Missing Release of Resource after Effective Lifetime (CVE-ID: CVE-2024-2398)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when sending HTTP/2 server push responses with an overly large number of headers. A remote attacker can send PUSH_PROMISE frames with an excessive amount of headers to the application, trigger memory leak and perform a denial of service (DoS) attack.

68) Use-after-free (CVE-ID: CVE-2024-25062)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in xmlValidatePopElement when using the XML Reader interface with DTD validation and XInclude expansion enabled. A remote attacker can pass a specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

69) Input validation error (CVE-ID: CVE-2024-2004)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to an error when a protocol selection parameter option disables all protocols without adding any. As a result, the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols.

70) Overly permissive cross-domain whitelist (CVE-ID: CVE-2022-1996)

The vulnerability allows a remote attacker to bypass the CORS protection mechanism.

The vulnerability exists due to incorrect processing of the "Origin" HTTP header that is supplied within HTTP request. A remote attacker can supply arbitrary value via the "Origin" HTTP header, bypass implemented CORS protection mechanism and perform cross-site scripting attacks against the vulnerable application.

71) Infinite loop (CVE-ID: CVE-2024-25710)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing a corrupt DUMP file. A remote attacker can consume all available system resources and cause denial of service conditions.

72) Path traversal (CVE-ID: CVE-2023-7207)

The vulnerability allows a remote attacker to overwrite arbitrary files on the system.

The vulnerability exists due to input validation error when processing filenames inside cpio archives. A remote attacker can trick the victim to open a specially crafted cpio archive and overwrite arbitrary files on the system.

73) Infinite loop (CVE-ID: CVE-2024-30172)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the Ed25519 verification code. A remote attacker can pass a specially signature and public key to the application, consume all available system resources and cause denial of service conditions.

74) Input validation error (CVE-ID: CVE-2024-24549)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when handling HTTP/2 requests. A remote attacker can send specially crafted HTTP/2 requests to the server and perform a denial of service (DoS) attack.

75) Resource exhaustion (CVE-ID: CVE-2024-23672)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can keep WebSocket connections open for a long time to trigger resource exhaustion and perform a denial of service (DoS) attack.

76) Resource exhaustion (CVE-ID: CVE-2024-27316)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling HTTP/2 requests. A remote attacker can send specially crafted HTTP/2 requests to the server and perform a denial of service (DoS) attack.

77) HTTP response splitting (CVE-ID: CVE-2024-24795)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correctly process CRLF character sequences in multiple modules. A remote attacker can inject malicious response headers into backend applications and perform an HTTP desynchronization attack.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

78) HTTP response splitting (CVE-ID: CVE-2023-38709)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correctly process CRLF character sequences. A malicious or exploitable backend/content generators can send specially crafted response containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

79) Unchecked Return Value (CVE-ID: CVE-2023-6918)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to libssh does not check for returned values of message digest (MD) operations in low memory conditions. A remote attacker can terminate the connection or force the library to use weak keys.

80) Input validation error (CVE-ID: CVE-2024-28085)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied arguments along with setgid tty permissions within the wall command. A local user can execute arbitrary commands with escalated privileges on the system.

81) Use-after-free (CVE-ID: CVE-2023-52445)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in pvrusb2. A local user can execute arbitrary code with elevated privileges.

82) Use-after-free (CVE-ID: CVE-2021-47013)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the emac_mac_tx_buf_send() function in drivers/net/ethernet/qualcomm/emac/emac-mac.c. A local user can escalate privileges on the system.

83) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2023-52429)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dm_table_create() function in drivers/md/dm-table.c. A local user can pass specially crafted data to the kernel and perform a denial of service (DoS) attack.

84) Resource exhaustion (CVE-ID: CVE-2023-52340)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when processing very large ICMPv6 packets. A remote attacker can send a flood of IPv6 ICMP6 PTB messages, cause the high lock contention and increased CPU usage, leading to a denial of service.

Successful vulnerability exploitation requires a attacker to be on the local network or have a high bandwidth connection.

85) NULL pointer dereference (CVE-ID: CVE-2023-46343)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

86) Use-after-free (CVE-ID: CVE-2023-35827)

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

87) Information disclosure (CVE-ID: CVE-2023-28746)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors. A local user can gain access to sensitive information.

88) Resource exhaustion (CVE-ID: CVE-2022-48627)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

89) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20154)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to unspecified error in the Linux Kernel. A local user can bypass security restrictions and escalate privileges on the system.

90) Use-after-free (CVE-ID: CVE-2021-47078)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rxe_qp_init_req(), rxe_qp_init_resp() and rxe_qp_from_init() functions in drivers/infiniband/sw/rxe/rxe_qp.c. A local user can escalate privileges on the system.

91) NULL pointer dereference (CVE-ID: CVE-2021-47077)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qedf_update_link_speed() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.

92) Resource exhaustion (CVE-ID: CVE-2021-47076)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

93) Memory leak (CVE-ID: CVE-2021-47054)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qcom_ebi2_probe() function in drivers/bus/qcom-ebi2.c. A local user can perform a denial of service (DoS) attack.

94) Out-of-bounds read (CVE-ID: CVE-2021-46992)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nft_rhash_destroy() function in net/netfilter/nft_set_hash.c. A local user can perform a denial of service (DoS) attack.

95) Use-after-free (CVE-ID: CVE-2019-25162)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the i2c_put_adapter() function in drivers/i2c/i2c-core-base.c. A local user can trigger a use-after-free error and crash the kernel.

96) Use-after-free (CVE-ID: CVE-2021-46991)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the i40e_client_subtask() function in drivers/net/ethernet/intel/i40e/i40e_client.c. A local user can escalate privileges on the system.

97) Out-of-bounds write (CVE-ID: CVE-2021-46974)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to improper handling of masking negation logic upon a negative destination register. A local user can cause a denial of service by exploiting this flaw.

98) Improper Resource Shutdown or Release (CVE-ID: CVE-2021-46953)

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged user can trigger resource exhaustion and perform a denial of service (DoS) attack.

99) Improper Initialization (CVE-ID: CVE-2021-46932)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to improper initialization. A local user can run a specially crafted application to perform a denial of service attack.

100) Use-after-free (CVE-ID: CVE-2021-46929)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sctp_transport_lookup_process() and sctp_transport_get_idx() functions in net/sctp/socket.c, within the sctp_sock_dump() and sctp_sock_filter() functions in net/sctp/sctp_diag.c, within the sctp_endpoint_free() and sctp_endpoint_destroy() functions in net/sctp/endpointola.c. A local user can escalate privileges on the system.

101) Memory leak (CVE-ID: CVE-2021-46924)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in drivers/nfc/st21nfca/i2c.c. A local user can perform a denial of service attack.

102) Improper locking (CVE-ID: CVE-2021-46921)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to improper locking within the queued_write_lock_slowpath() function in kernel/locking/qrwlock.c. A local user can crash the kernel.

103) Incorrect calculation (CVE-ID: CVE-2021-46915)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the nft_limit_init() function in net/netfilter/nft_limit.c. A local user can perform a denial of service (DoS) attack.

104) Memory leak (CVE-ID: CVE-2021-46906)

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the hid_submit_ctrl() function in drivers/hid/usbhid/hid-core.c. A local user can force the driver to leak memory and perform denial of service attack.

105) Memory leak (CVE-ID: CVE-2020-36784)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due a reference leak in drivers/i2c/busses/i2c-cadence.c. A local user can perform a denial of service attack.

106) Memory leak (CVE-ID: CVE-2020-36777)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dvb_media_device_free() function in drivers/media/dvb-core/dvbdev.c. A local user can crash the system.

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/nl-nl/000225991/dsa-2024-253-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities

SB2024061808 - Multiple vulnerabilities in Dell Secure Connect Gateway

Breakdown by Severity

Description

Remediation

References

Please verify you're human