VMware ESXi 6.5 with out patch ESXi650-201703410-SG and 5.5 with out patch ESXi550-201703401-SG; Workstation Pro / Player 12.x previous to 12.5.5; and Fusion Pro / Fusion 8.x prior to eight.5.6 have a Heap Buffer Overflow in SVGA. This concern might permit a visitor to execute code on the host.
VMware ESXi 6.5 with out patch ESXi650-201703410-SG, 6.0 U3 with out patch ESXi600-201703401-SG, 6.0 U2 with out patch ESXi600-201703403-SG, 6.0 U1 with out patch ESXi600-201703402-SG, and 5.5 with out patch ESXi550-201703401-SG; Workstation Pro / Player 12.x previous to 12.5.5; and Fusion Pro / Fusion 8.x prior to eight.5.6 have an uninitialized stack reminiscence utilization in SVGA. This concern might permit a visitor to execute code on the host.
The XHCI controller in VMware ESXi 6.5 with out patch ESXi650-201703410-SG, 6.0 U3 with out patch ESXi600-201703401-SG, 6.0 U2 with out patch ESXi600-201703403-SG, 6.0 U1 with out patch ESXi600-201703402-SG, and 5.5 with out patch ESXi550-201703401-SG; Workstation Pro / Player 12.x previous to 12.5.5; and Fusion Pro / Fusion 8.x prior to eight.5.6 has uninitialized reminiscence utilization. This concern might permit a visitor to execute code on the host. The concern is decreased to a Denial of Service of the visitor on ESXi 5.5.
VMware ESXi (ESXi 6.5 with out patch ESXi650-201707101-SG), Workstation (12.x earlier than 12.5.7) and Fusion (8.x earlier than 8.5.8) include an out-of-bounds write vulnerability in SVGA gadget. This concern might permit a visitor to execute code on the host.
In the add_match perform in libbb/lineedit.c in BusyBox by way of 1.27.2, the tab autocomplete function of the shell, used to get an inventory of filenames in a listing, doesn’t sanitize filenames and leads to executing any escape sequence within the terminal. This may probably lead to code execution, arbitrary file writes, or different assaults.
VMware ESXi (6.5 earlier than ESXi650-201710401-BG), Workstation (12.x earlier than 12.5.8), and Fusion (8.x earlier than 8.5.9) include a vulnerability that might permit an authenticated VNC session to trigger a heap overflow by way of a selected set of VNC packets leading to heap corruption. Successful exploitation of this concern may lead to distant code execution in a digital machine by way of the authenticated VNC session. Note: In order for exploitation to be doable in ESXi, VNC should be manually enabled in a digital machine’s .vmx configuration file. In addition, ESXi should be configured to permit VNC site visitors by way of the built-in firewall.
VMware ESXi (6.0 earlier than ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x earlier than 12.5.8), and Fusion (8.x earlier than 8.5.9) include a vulnerability that might permit an authenticated VNC session to trigger a stack overflow by way of a selected set of VNC packets. Successful exploitation of this concern may lead to distant code execution in a digital machine by way of the authenticated VNC session. Note: In order for exploitation to be doable in ESXi, VNC should be manually enabled in a digital machine’s .vmx configuration file. In addition, ESXi should be configured to permit VNC site visitors by way of the built-in firewall.
A XML exterior entity (XXE) vulnerability exists within the import.cgi of the online interface part of the Schneider Electric’s Pelco Sarix Professional in all firmware variations prior to three.29.67.
An exploitable use-after-free vulnerability exists within the JavaScript engine of Foxit Software’s Foxit PDF Reader model 8.3.2.25013. A specifically crafted PDF doc can set off a beforehand freed object in reminiscence to be reused, leading to arbitrary code execution. An attacker must trick the consumer to open the malicious file to set off this vulnerability. If the browser plugin extension is enabled, visiting a malicious website can even set off the vulnerability.
An exploitable use-after-free vulnerability exists within the JavaScript engine Foxit Software Foxit PDF Reader model 9.0.1.1049. A specifically crafted PDF doc can set off a beforehand freed object in reminiscence to be reused, leading to arbitrary code execution. An attacker must trick the consumer to open the malicious file to set off this vulnerability. If a browser plugin extension is enabled, visiting a malicious website can even set off the vulnerability.
VMware ESXi 6.7 with out ESXi670-201811401-BG and VMware ESXi 6.5 with out ESXi650-201811301-BG, VMware ESXi 6.0 with out ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or beneath, VMware Fusion 11, VMware Fusion 10.1.3 or beneath include uninitialized stack reminiscence utilization within the vmxnet3 digital community adapter which can permit a visitor to execute code on the host.
Out of bounds write in SQLite in Google Chrome previous to 79.0.3945.79 allowed a distant attacker to probably exploit heap corruption by way of a crafted HTML web page.
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x shouldn’t be affected by the difficulty. Fixed model is 1.4.0) there’s a script-cache privilege escalation vulnerability on account of kotlin-main-kts cached scripts within the system temp listing, which is shared by all customers by default.
XStream earlier than model 1.4.14 is susceptible to Remote Code Execution.The vulnerability might permit a distant attacker to run arbitrary shell instructions solely by manipulating the processed enter stream. Only customers who depend on blocklists are affected. Anyone utilizing XStream’s Security Framework allowlist shouldn’t be affected. The linked advisory gives code workarounds for customers who can not improve. The concern is mounted in model 1.4.14.
An attacker that is ready to modify Velocity templates might execute arbitrary Java code or run arbitrary system instructions with the identical privileges because the account working the Servlet container. This applies to purposes that permit untrusted customers to add/modify velocity templates working Apache Velocity Engine variations as much as 2.2.
XStream is software program for serializing Java objects to XML and again once more. A vulnerability in XStream variations previous to 1.4.17 might permit a distant attacker has enough rights to execute instructions of the host solely by manipulating the processed enter stream. No consumer who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties is affected. The vulnerability is patched in model 1.4.17.
Missing checks on Content-Type headers in geckodriver earlier than 0.27.0 may result in a CSRF vulnerability, which may, when paired with a particularly ready request, result in distant code execution.
A use-after-free vulnerability exists within the JavaScript engine of Foxit Software’s PDF Reader, model 10.1.3.37598. A specifically crafted PDF doc can set off the reuse of beforehand freed reminiscence, which might result in arbitrary code execution. An attacker must trick the consumer to open the malicious file to set off this vulnerability. Exploitation can be doable if a consumer visits a specifically crafted, malicious website if the browser plugin extension is enabled.
A use-after-free vulnerability exists within the JavaScript engine of Foxit Software’s PDF Reader, model 10.1.4.37651. A specifically crafted PDF doc can set off the reuse of beforehand free reminiscence, which might result in arbitrary code execution. An attacker must trick the consumer into opening a malicious file or website to set off this vulnerability if the browser plugin extension is enabled.
A use-after-free vulnerability exists within the JavaScript engine of Foxit Software’s PDF Reader, model 11.0.0.49893. A specifically crafted PDF doc can set off the reuse of beforehand freed reminiscence, which might result in arbitrary code execution. An attacker must trick the consumer to open the malicious file to set off this vulnerability. Exploitation can be doable if a consumer visits a specifically crafted, malicious website if the browser plugin extension is enabled.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. A consumer is simply affected if utilizing the model out of the field with JDK 1.7u21 or beneath. However, this state of affairs could be adjusted simply to an exterior Xalan that works whatever the model of the Java runtime. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
A buffer overflow concern was addressed with improved reminiscence dealing with. This concern is mounted in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted internet content material might result in arbitrary code execution.
A use after free concern was addressed with improved reminiscence administration. This concern is mounted in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted internet content material might result in arbitrary code execution.
A use after free concern was addressed with improved reminiscence administration. This concern is mounted in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted internet content material might result in arbitrary code execution.
An out-of-bounds learn was addressed with improved bounds checking. This concern is mounted in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted internet content material might result in arbitrary code execution.
SAP NetWeaver Knowledge Management XML Forms variations – 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, accommodates an XSLT vulnerability which permits a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level instructions, copy it right into a location to be accessed by the system after which create a file which is able to set off the XSLT engine to execute the script contained inside the malicious XSL file. This may end up in a full compromise of the confidentiality, integrity, and availability of the system.
Use after free in media in Google Chrome previous to 96.0.4664.45 allowed a distant attacker to probably exploit heap corruption by way of a crafted HTML web page.
On BIG-IP DNS & GTM model 16.x earlier than 16.1.0, 15.1.x earlier than 15.1.4, 14.1.x earlier than 14.1.4.4, and all variations of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed web page of the BIG-IP Configuration utility that permits an attacker to execute JavaScript within the context of the presently logged-in consumer. Note: Software variations which have reached End of Technical Support (EoTS) usually are not evaluated.
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a customer should go to a malicious web site which redirects to the SPIP web site. It can be doable to mix XSS vulnerabilities in SPIP 4.0.0 to take advantage of it. The vulnerability permits an authenticated attacker to execute malicious code with out the data of the consumer on the web site (CSRF).
SPIP 4.0.0 is affected by a distant command execution vulnerability. To exploit the vulnerability, an attacker should craft a malicious image with a double extension, add it after which click on on it to execute it.
IBM Security Guardium Insights 3.0 may permit an authenticated consumer to carry out unauthorized actions on account of improper enter validation. IBM X-Force ID: 205255.
jpress v 4.2.0 is susceptible to RCE by way of io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel gives a perform by way of which attackers can edit the e-mail templates and inject some malicious code.
Gerapy is a distributed crawler administration framework. Prior to model 0.9.9, an authenticated consumer may execute arbitrary instructions. This concern is mounted in model 0.9.9. There are not any recognized workarounds.
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that might permit an attacker to impersonate the consumer or perform actions on their behalf when crafted malicious parameters are submitted in POST requests despatched to the charging station internet server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All variations previous to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All variations previous to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All variations previous to R8 V3.4.0.2)
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that might permit an attacker to impersonate the consumer or perform actions on their behalf when crafted malicious parameters are submitted in POST requests despatched to the charging station internet server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All variations previous to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All variations previous to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All variations previous to R8 V3.4.0.2)
A CWE-20: Improper Input Validation vulnerability exists that might trigger arbitrary code execution when the consumer visits a web page containing the injected payload. This CVE is exclusive from CVE-2021-22827. Affected Product: EcoStruxure? Power Monitoring Expert 9.0 and prior variations
A CWE-20: Improper Input Validation vulnerability exists that might trigger arbitrary code execution when the consumer visits a web page containing the injected payload. This CVE is exclusive from CVE-2021-22826. Affected Product: EcoStruxure? Power Monitoring Expert 9.0 and prior variations
An incorrect default permission vulnerability exists within the cgiserver.cgi cgi_check_ability performance of reolink RLC-410W v3.0.0.136_20121102. The UpgradePut together is the API that checks if a offered filename identifies a brand new model of the RLC-410W firmware. If the model is new, it might be doable, allegedly, to afterward carry out the Upgrade. An attacker can ship an HTTP request to set off this vulnerability.
An incorrect default permission vulnerability exists within the cgiserver.cgi cgi_check_ability performance of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API units the motion detection parameters, giving the power to set the sensitivity of the digicam per a spread of hours, and which of the digicam areas to disregard when contemplating motion detection. Because in cgi_check_ability the SetMdAlarm API doesn’t have a selected case, the consumer permission will default to 7. This will give non-administrative customers the chance to alter the motion detection parameters.
An incorrect default permission vulnerability exists within the cgiserver.cgi cgi_check_ability performance of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that aren’t included in cgi_check_ability are already executable by any logged-in customers. An attacker can ship an HTTP request to set off this vulnerability.
Element Desktop is a Matrix shopper for desktop platforms with Element Web at its core. Element Desktop earlier than 1.9.7 is susceptible to a distant program execution bug with consumer interplay. The exploit is non-trivial and requires clicking on a malicious hyperlink, adopted by one other button click on. To the very best of our data, the vulnerability has by no means been exploited within the wild. If you might be utilizing Element Desktop < 1.9.7, we advocate upgrading at your earliest comfort. If efficiently exploited, the vulnerability permits an attacker to specify a file path of a binary on the sufferer's laptop which then will get executed. Notably, the attacker does *not* have the power to specify program arguments. However, in sure unspecified configurations, the attacker might be able to specify an URI as an alternative of a file path which then will get dealt with utilizing commonplace platform mechanisms. These might permit exploiting additional vulnerabilities in these mechanisms, probably resulting in arbitrary code execution.
The Perfect Survey WordPress plugin earlier than 1.5.2 doesn’t have correct authorisation nor CSRF checks within the save_global_setting AJAX motion, permitting unauthenticated customers to edit surveys and modify settings. Given the shortage of sanitisation and escaping within the settings, this might additionally result in a Stored Cross-Site Scripting concern which will likely be executed within the context of a consumer viewing any survey
The Wicked Folders WordPress plugin earlier than 2.8.10 doesn’t sanitise and escape the folder_id parameter earlier than utilizing it in a SQL assertion within the wicked_folders_save_sort_order AJAX motion, obtainable to any authenticated consumer. resulting in an SQL injection
Symfony is a PHP framework for internet and console purposes and a set of reusable PHP elements. The Symfony type part gives a CSRF safety mechanism by utilizing a random token injected within the type and utilizing the session to retailer and management the token submitted by the consumer. When utilizing the FrameworkBundle, this safety could be enabled or disabled with the configuration. If the configuration shouldn’t be specified, by default, the mechanism is enabled so long as the session is enabled. In a latest change in the best way the configuration is loaded, the default conduct has been dropped and, consequently, the CSRF safety shouldn’t be enabled in type when not explicitly enabled, which makes the applying smart to CSRF assaults. This concern has been resolved within the patch variations listed and customers are suggested to replace. There are not any recognized workarounds for this concern.
A improper neutralization of particular parts utilized in a command (‘command injection’) in Fortinet FortiExtender model 7.0.1 and beneath, 4.2.3 and beneath, 4.1.7 and beneath permits an authenticated attacker to execute privileged shell instructions by way of CLI instructions together with particular characters
A improper neutralization of particular parts utilized in an os command (‘os command injection’) in Fortinet FortiWeb model 6.4.1 and 6.4.0, model 6.3.15 and beneath, model 6.2.6 and beneath permits attacker to execute unauthorized code or instructions by way of crafted HTTP requests.
IBM Financial Transaction Manager 3.2.4 is susceptible to cross-site request forgery which may permit an attacker to execute malicious and unauthorized actions transmitted from a consumer that the web site trusts. IBM X-Force ID: 214210.
IBM Financial Transaction Manager 3.2.4 doesn’t invalidate session any present session identifier provides an attacker the chance to steal authenticated periods. IBM X-Force ID: 215040.
A improper neutralization of particular parts utilized in an os command (‘os command injection’) in Fortinet FortiWeb model 6.4.1 and beneath, 6.3.15 and beneath permits attacker to execute unauthorized code or instructions by way of crafted HTTP requests.
An authenticated and licensed agent consumer may probably acquire administrative entry by way of an SQLi vulnerability to Capsule8 Console between variations 4.6.0 and 4.9.1.
In Phoenix Contact FL SWITCH Series 2xxx in model 3.00 an incorrect privilege task permits an low privileged consumer to allow full entry to the gadget configuration.
Victor CMS v1.0 was found to include a SQL injection vulnerability that permits attackers to inject arbitrary instructions by way of ‘user_firstname’ parameter.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` doesn’t absolutely validate the worth of `axis` and may end up in heap OOB accesses. The `axis` argument could be `-1` (the default worth for the elective argument) or every other optimistic worth at most the variety of dimensions of the enter. Unfortunately, the higher certain shouldn’t be checked and this leads to studying previous the tip of the array containing the scale of the enter tensor. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of form inference for `Dequantize` is susceptible to an integer overflow weak spot. The `axis` argument could be `-1` (the default worth for the elective argument) or every other optimistic worth at most the variety of dimensions of the enter. Unfortunately, the higher certain shouldn’t be checked, and, because the code computes `axis + 1`, an attacker can set off an integer overflow. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Perl earlier than 5.30.3 has an integer overflow associated to mishandling of a “PL_regkind[OP(n)] == NOTHING” scenario. A crafted common expression may result in malformed bytecode with a chance of instruction injection.
XStream is a Java library to serialize objects to XML and again once more. In XStream earlier than model 1.4.16, there’s a vulnerability which can permit a distant attacker to request information from inside sources that aren’t publicly obtainable solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. If you depend on XStream’s default blacklist of the Security Framework, you’ll have to use not less than model 1.4.16.
There is a flaw within the xml entity encoding performance of libxml2 in variations earlier than 2.9.11. An attacker who is ready to provide a crafted file to be processed by an software linked with the affected performance of libxml2 may set off an out-of-bounds learn. The probably influence of this flaw is to software availability, with some potential influence to confidentiality and integrity if an attacker is ready to use reminiscence info to additional exploit the applying.
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that might trigger the station internet server to ahead requests to unintended community targets when crafted malicious parameters are submitted to the charging station internet server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All variations previous to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All variations previous to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All variations previous to R8 V3.4.0.2)
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker has enough rights to execute instructions of the host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream, if utilizing the model out of the field with Java runtime model 14 to eight or with JavaFX put in. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to request information from inside sources that aren’t publicly obtainable solely by manipulating the processed enter stream with a Java runtime model 14 to eight. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. If you depend on XStream’s default blacklist of the [Security Framework](https://x-stream.github.io/safety.html#framework), you’ll have to use not less than model 1.4.18.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to request information from inside sources that aren’t publicly obtainable solely by manipulating the processed enter stream with a Java runtime model 14 to eight. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. If you depend on XStream’s default blacklist of the [Security Framework](https://x-stream.github.io/safety.html#framework), you’ll have to use not less than model 1.4.18.
A CWE-306: Missing Authentication for Critical Function vulnerability exists which may trigger a modification of gadget IP configuration (IP handle, community masks and gateway IP handle) when a selected Ethernet body is obtained in all variations of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2
Perl earlier than 5.30.3 on 32-bit platforms permits a heap-based buffer overflow as a result of nested common expression quantifiers have an integer overflow.
Apache Batik 1.13 is susceptible to server-side request forgery, attributable to improper enter validation by the NodePickerPanel. By utilizing a specially-crafted argument, an attacker may exploit this vulnerability to trigger the underlying server to make arbitrary GET requests.
NVIDIA GPU and Tegra {hardware} include a vulnerability in an inside microcontroller, which can permit a consumer with elevated privileges to generate legitimate microcode by figuring out, exploiting, and loading susceptible microcode. Such an assault may result in info disclosure, information corruption, or denial of service of the gadget. The scope might lengthen to different elements.
A crafted URI despatched to httpd configured as a ahead proxy (ProxyRequests on) could cause a crash (NULL pointer dereference) or, for configurations mixing ahead and reverse proxy declarations, can permit for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This concern impacts Apache HTTP Server 2.4.7 as much as 2.4.51 (included).
An concern was found in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 earlier than 05.16.25, 5.2 earlier than 05.26.25, 5.3 earlier than 05.35.25, 5.4 earlier than 05.43.25, and 5.5 earlier than 05.51.25. A vulnerability exists within the SMM (System Management Mode) department that registers a SWSMI handler that doesn’t sufficiently test or validate the allotted buffer pointer (the CommBuffer+8 location).
An concern was found in SdHostDriver in Insyde InsydeH2O with kernel 5.1 earlier than 05.16.25, 5.2 earlier than 05.26.25, 5.3 earlier than 05.35.25, 5.4 earlier than 05.43.25, and 5.5 earlier than 05.51.25. A vulnerability exists within the SMM (System Management Mode) department that registers a SWSMI handler that doesn’t sufficiently test or validate the allotted buffer pointer (CommBufferData).
A reminiscence corruption vulnerability exists within the netserver parse_command_list performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in an out-of-bounds write. An attacker can ship an HTTP request to set off this vulnerability.
A vulnerability exists in Schneider Electric’s Pelco Sarix Professional in all firmware variations prior to three.29.67 which may allow SSH service on account of lack of authentication for /login/bin/set_param may allow SSH service.
VMware ESXi (6.7 earlier than ESXi670-201806401-BG), Workstation (14.x earlier than 14.1.2), and Fusion (10.x earlier than 10.1.2) include an out-of-bounds learn vulnerability within the shader translator. Successful exploitation of this concern might result in info disclosure or might permit attackers with regular consumer privileges to crash their VMs, a special vulnerability than CVE-2018-6966 and CVE-2018-6967.
VMware ESXi (6.7 earlier than ESXi670-201806401-BG), Workstation (14.x earlier than 14.1.2), and Fusion (10.x earlier than 10.1.2) include an out-of-bounds learn vulnerability within the shader translator. Successful exploitation of this concern might result in info disclosure or might permit attackers with regular consumer privileges to crash their VMs, a special vulnerability than CVE-2018-6965 and CVE-2018-6967.
VMware ESXi (6.7 earlier than ESXi670-201806401-BG), Workstation (14.x earlier than 14.1.2), and Fusion (10.x earlier than 10.1.2) include an out-of-bounds learn vulnerability within the shader translator. Successful exploitation of this concern might result in info disclosure or might permit attackers with regular consumer privileges to crash their VMs, a special vulnerability than CVE-2018-6965 and CVE-2018-6966.
The Apache Xerces-C 3.0.0 to three.2.3 XML parser accommodates a use-after-free error triggered throughout the scanning of exterior DTDs. This flaw has not been addressed within the maintained model of the library and has no present mitigation aside from to disable DTD processing. This could be completed by way of the DOM utilizing a normal parser function, or by way of SAX utilizing the XERCES_DISABLE_DTD surroundings variable.
FasterXML jackson-databind 2.x earlier than 2.9.10.6 mishandles the interplay between serialization devices and typing, associated to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
FasterXML jackson-databind 2.x earlier than 2.9.10.6 mishandles the interplay between serialization devices and typing, associated to com.pastdev.httpcomponents.configuration.JndiConfiguration.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
An concern was found in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility methodology in contrast incorrect information when checking the password, permitting incorrect passwords to point they have been matching with beforehand hashed ones that have been completely different.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.internet/javax.servlet.jsp.jstl).
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
curl 7.75.0 by way of 7.76.1 suffers from a use-after-free vulnerability leading to already freed reminiscence getting used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in uncommon unlucky circumstances to probably attain distant code execution within the shopper. When libcurl at run-time units up help for TLS 1.3 session tickets on a connection utilizing OpenSSL, it shops tips to the switch in-memory object for later retrieval when a session ticket arrives. If the connection is utilized by a number of transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first switch object is perhaps freed earlier than the brand new session is established on that connection after which the perform will entry a reminiscence buffer that is perhaps freed. When utilizing that reminiscence, libcurl would possibly even name a perform pointer within the object, making it doable for a distant code execution if the server may one way or the other handle to get crafted reminiscence content material into the proper place in reminiscence.
The SAP NetWeaver Portal, variations – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, part Iviews Editor accommodates a Server-Side Request Forgery (SSRF) vulnerability which permits an unauthenticated attacker to craft a malicious URL which when clicked by a consumer could make any sort of request (e.g. POST, GET) to any inside or exterior server. This may end up in the accessing or modification of information accessible from the Portal however won’t have an effect on its availability.
Simple College Website 1.0 is susceptible to unauthenticated file add & distant code execution by way of UNION-based SQL injection within the username parameter on /admin/login.php.
Apache Karaf permits monitoring of purposes and the Java runtime by utilizing the Java Management Extensions (JMX). JMX is a Java RMI based mostly know-how that depends on Java serialized objects for shopper server communication. Whereas the default JMX implementation is hardened towards unauthenticated deserialization assaults, the implementation utilized by Apache Karaf shouldn’t be protected towards this type of assault. The influence of Java deserialization vulnerabilities strongly is dependent upon the courses which can be obtainable inside the targets class path. Generally talking, deserialization of untrusted information does all the time characterize a excessive safety threat and ought to be prevented. The threat is low as, by default, Karaf makes use of a restricted set of courses within the JMX server class path. It relies upon of system scoped courses (e.g. jar within the lib folder).
Piwigo is picture gallery software program written in PHP. When a standards shouldn’t be met on a number, piwigo defaults to usingmt_rand with a purpose to generate password reset tokens. mt_rand output could be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account offering they know an directors e mail handle so as to have the ability to request password reset.
Nimforum is a light-weight different to Discourse written in Nim. In variations previous to 2.2.0 any discussion board consumer can create a brand new thread/put up with an embody referencing a file native to the host working system. Nimforum will render the file if ready. This may also be finished silently by utilizing NimForum’s put up “preview” endpoint. Even if NimForum is working as a non-critical consumer, the discussion board.json secrets and techniques could be stolen. Version 2.2.0 of NimForum contains patches for this vulnerability. Users are suggested to improve as quickly as is feasible. There are not any recognized workarounds for this concern.
An improper limitation of a pathname to a restricted listing (‘Path Traversal’) vulnerability [CWE-22] in FortiWeb administration interface 6.4.1 and beneath, 6.3.15 and beneath, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x might permit an authenticated attacker to carry out an arbitrary file and listing deletion within the gadget filesystem.
Tensorflow is an Open Source Machine Learning Framework. The implementation of form inference for `ReverseSequence` doesn’t absolutely validate the worth of `batch_dim` and may end up in a heap OOB learn. There is a test to ensure the worth of `batch_dim` doesn’t go over the rank of the enter, however there isn’t any test for unfavourable values. Negative dimensions are allowed in some instances to imitate Python’s unfavourable indexing (i.e., indexing from the tip of the array), nonetheless if the worth is just too unfavourable then the implementation of `Dim` would entry parts earlier than the beginning of an array. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` doesn’t contemplate instances the place the enter tensors are invalid permitting an attacker to learn from exterior of bounds of heap. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
A heap-based buffer overflow vulnerability exists within the OTA Update u-download performance of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A collection of specially-crafted MQTT payloads can result in distant code execution. An attacker should carry out a man-in-the-middle assault with a purpose to set off this vulnerability.
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that might permit an attacker to entry the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the safety token. Affected Products: AP7xxxx and AP8xxx with NMC2 (V6.9.6 or earlier), AP7xxx and AP8xxx with NMC3 (V1.1.0.3 or earlier), and APDU9xxx with NMC3 (V1.0.0.28 or earlier)
Use-after-free vulnerability within the xcf_load_image perform in app/xcf/xcf-load.c in GIMP permits distant attackers to trigger a denial of service (program crash) or presumably execute arbitrary code by way of a crafted XCF file.
A vulnerability within the OpenOffice Writer DOC file parser earlier than 4.1.4, and particularly within the WW8Fonts Constructor, permits attackers to craft malicious paperwork that trigger denial of service (reminiscence corruption and software crash) probably leading to arbitrary code execution.
A vulnerability in OpenOffice’s PPT file parser earlier than 4.1.4, and particularly in PPTStyleSheet, permits attackers to craft malicious paperwork that trigger denial of service (reminiscence corruption and software crash) probably leading to arbitrary code execution.
A vulnerability in Apache OpenOffice Writer DOC file parser earlier than 4.1.4, and particularly in ImportOutdatedFormatStyles, permits attackers to craft malicious paperwork that trigger denial of service (reminiscence corruption and software crash) probably leading to arbitrary code execution.
In GIMP 2.8.22, there’s a heap-based buffer over-read in load_image in plug-ins/widespread/file-gbr.c within the gbr import parser, associated to mishandling of UTF-8 information.
In GIMP 2.8.22, there’s a heap-based buffer over-read in ReadImage in plug-ins/widespread/file-tga.c (associated to bgr2rgb.half.1) by way of an surprising bits-per-pixel worth for an RGBA picture.
A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier variations, which may trigger arbitrary code execution on the system working SoMachine HVAC when a malicious DLL library is loaded by the product.
meshsystem.dll in Valve Dota 2 by way of 2020-02-17 permits distant attackers to attain code execution or denial of service by making a gaming server with a crafted map, and welcoming a sufferer to this server. A GetValue name is mishandled.
In Spring Framework, variations 5.2.x prior to five.2.15 and variations 5.3.x prior to five.3.7, a WebFlux software is susceptible to a privilege escalation: by (re)creating the momentary storage listing, a domestically authenticated malicious consumer can learn or modify information which have been uploaded to the WebFlux software, or overwrite arbitrary information with multipart request information.
There’s a flaw in libxml2’s xmllint in variations earlier than 2.9.11. An attacker who is ready to submit a crafted file to be processed by xmllint may set off a use-after-free. The best influence of this flaw is to confidentiality, integrity, and availability.
fs/seq_file.c within the Linux kernel 3.16 by way of 5.13.x earlier than 5.13.4 doesn’t correctly prohibit seq buffer allocations, resulting in an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged consumer, aka CID-8cae8cd89f05.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.4.37651. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Document objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-13741.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of the delay property. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-13928.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14023.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14014.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14015.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14017.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14018.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14019.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14020.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14021.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14022.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14024.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14025.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14033.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14034.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14120.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14270.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14532.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14531.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14529.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14016.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-13929.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14013.
An integer overflow was addressed with improved enter validation. This concern is mounted in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted internet content material might result in arbitrary code execution.
A kind confusion concern was addressed with improved reminiscence dealing with. This concern is mounted in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted internet content material might result in arbitrary code execution.
A vulnerability exists in SMM (System Management Mode) department that registers a SWSMI handler that doesn’t sufficiently test or validate the allotted buffer pointer(QWORD values for CommBuffer). This can be utilized by an attacker to deprave information in SMRAM reminiscence and even result in arbitrary code execution.
An Out-of-Bounds Write vulnerability exists when studying a DXF file utilizing Open Design Alliance Drawings SDK earlier than 2022.11. The particular concern exists inside the parsing of DXF information. Crafted information in a DXF file (an invalid variety of properties) can set off a write operation previous the tip of an allotted buffer. An attacker can leverage this vulnerability to execute code within the context of the present course of.
Adobe Prelude model 10.1 (and earlier) is affected by a reminiscence corruption vulnerability on account of insecure dealing with of a malicious M4A file, probably leading to arbitrary code execution within the context of the present consumer. User interplay is required in that the sufferer should open a specifically crafted file to take advantage of this vulnerability.
Adobe Premiere Rush model 1.5.16 (and earlier) is affected by a reminiscence corruption vulnerability on account of insecure dealing with of a malicious WAV file, probably leading to arbitrary code execution within the context of the present consumer. User interplay is required to take advantage of this vulnerability.
load_cache in GEGL earlier than 0.4.34 permits shell growth when a pathname in a constructed command line shouldn’t be escaped or filtered. This is attributable to use of the system library perform for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases earlier than 0.4.34 are utilized in GIMP releases earlier than 2.10.30; nonetheless, this doesn’t suggest that GIMP builds allow the susceptible function.
A UNIX Symbolic Link (Symlink) Following vulnerability within the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory permits native attackers to escalate to root. This concern impacts: openSUSE Backports SLE-15-SP3 watchman variations previous to 4.9.0. openSUSE Factory watchman variations previous to 4.9.0-9.1.
A double free bug in packet_set_ring() in internet/packet/af_packet.c could be exploited by an area consumer by way of crafted syscalls to escalate privileges or deny service. We advocate upgrading kernel previous the effected variations or rebuilding previous ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
In RecordCheck.exe in Acer Care Center 4.x earlier than 4.00.3038, a vulnerability within the loading mechanism of Windows DLLs may permit an area attacker to carry out a DLL hijacking assault. This vulnerability is because of incorrect dealing with of listing search paths at run time. An attacker may exploit this vulnerability by putting a malicious DLL file on the focused system. This file will execute when the susceptible software launches. A profitable exploit may permit the attacker to execute arbitrary code on the focused system with native administrator privileges.
A CWE-787: Out-of-bounds Write vulnerability exists that might trigger arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon instrument. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior
A CWE-416: Use After Free vulnerability exists that might trigger arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon instrument. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior
A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file could be changed within the system to escalate privileges to NT SYSTEM authority. An attacker can present a malicious file to set off this vulnerability.
A privilege escalation vulnerability exists within the set up of Advantech GadgetOn/iEdge Server 1.0.2. A specially-crafted file could be changed within the system to escalate privileges to NT SYSTEM authority. An attacker can present a malicious file to set off this vulnerability.
A privilege escalation vulnerability exists within the set up of Advantech GadgetOn/iService 1.1.7. A specially-crafted file could be changed within the system to escalate privileges to NT SYSTEM authority. An attacker can present a malicious file to set off this vulnerability.
A privilege escalation vulnerability exists within the set up of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file could be changed within the system to escalate privileges to NT SYSTEM authority. An attacker can present a malicious file to set off this vulnerability.
There is a privilege escalation vulnerability in some webOS TVs. Due to incorrect setting environments, native attacker is ready to carry out particular operation to take advantage of this vulnerability. Exploitation might trigger the attacker to acquire the next privilege
kernel/ucount.c within the Linux kernel 5.14 by way of 5.16.4, when unprivileged consumer namespaces are enabled, permits a use-after-free and privilege escalation as a result of a ucounts object can outlive its namespace.
This impacts the bundle juce-framework/JUCE earlier than 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic hyperlink. When extracted, the symbolic hyperlink is adopted exterior of the goal dir permitting writing arbitrary information on the goal host. In some instances, this may permit an attacker to execute arbitrary code. The susceptible code is within the ZipFile::uncompressEntry perform in juce_ZipFile.cpp and is executed when the archive is extracted upon calling uncompressTo() on a ZipFile object.
Micro-Star International (MSI) Center <= 1.0.31.0 is susceptible to a number of Privilege Escalation vulnerabilities within the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers elements. All the vulnerabilities are triggered by sending particular IOCTL requests.
Micro-Star International (MSI) App Player <= 4.280.1.6309 is susceptible to a number of Privilege Escalation (LPE/EoP) vulnerabilities within the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers elements. All the vulnerabilities are triggered by sending particular IOCTL requests.
Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is susceptible to a number of Privilege Escalation (LPE/EoP) vulnerabilities within the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers elements. All the vulnerabilities are triggered by sending particular IOCTL requests.
Micro-Star International (MSI) Center Pro <= 2.0.16.0 is susceptible to a number of Privilege Escalation (LPE/EoP) vulnerabilities within the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers elements. All the vulnerabilities are triggered by sending particular IOCTL requests.
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php within the Simple Board Job plugin 2.9.3 and earlier for WordPress permits distant attackers to learn arbitrary information by way of the sjb_file parameter to wp-admin/put up.php.
The jv_dump_term perform in jq 1.5 permits distant attackers to trigger a denial of service (stack consumption and software crash) by way of a crafted JSON file. This concern has been mounted in jq 1.6_rc1-r0.
An concern was found in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all variations, Magelis GTU Universal Panel, all variations, Magelis STO5xx and STU Small panels, all variations, Magelis XBT GH Advanced Hand-held Panels, all variations, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all variations, Magelis XBT GT Advanced Touchscreen Panels, all variations, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker might be able to disrupt a focused internet server, leading to a denial of service due to UNCONTROLLED RESOURCE CONSUMPTION.
A vulnerability exists in Schneider Electric’s Pelco Sarix Professional in all firmware variations prior to three.29.67 which may permit arbitrary system file obtain on account of lack of validation of SSL certificates.
A vulnerability exists in Schneider Electric’s Pelco Sarix Professional in all firmware variations prior to three.29.67 which may permit arbitrary system file obtain on account of lack of validation of the shell meta characters with the worth of ‘system.obtain.sd_file’
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric’s Modicon M221 product (all references, all variations previous to firmware V1.6.2.0). The vulnerability permits unauthorized customers to remotely reboot Modicon M221 utilizing crafted programing protocol frames.
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric’s Modicon M221 product (all references, all variations previous to firmware V1.6.2.0). The vulnerability permits unauthorized customers to decode the password utilizing rainbow desk.
A CWE-248: Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger denial of service when studying reminiscence blocks with an invalid information measurement or with an invalid information offset within the controller over Modbus.
A CWE-125: Out-of-bounds Read vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger the disclosure of surprising information from the controller when studying particular reminiscence blocks within the controller over Modbus.
A CWE-200: Information Exposure vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger the disclosure of SNMP info when studying information from the controller over Modbus
A CWE-248: Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which may trigger a doable Denial of Service on account of improper information integrity test when sending information the controller over Modbus.
A CWE-248: Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger denial of service when an invalid personal command parameter is distributed to the controller over Modbus.
A CWE-200: Information Exposure vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger the disclosure of SNMP info when studying reminiscence blocks from the controller over Modbus.
A CWE-248: Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger denial of service when studying invalid bodily reminiscence blocks within the controller over Modbus
A CWE-248 Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger a denial of Service when sending invalid debug parameters to the controller over Modbus.
A CWE-248 Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus
A CWE-248: Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger a doable denial of Service when writing invalid reminiscence blocks to the controller over Modbus.
A CWE-248: Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger a doable Denial of Service when writing out of bounds variables to the controller over Modbus.
A CWE-200: Information Exposure vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger the disclosure of SNMP info when studying variables within the controller utilizing Modbus.
A CWE-248: Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger a doable denial of service when writing delicate software variables to the controller over Modbus.
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware variations previous to V2.90), Modicon M340 (firmware variations previous to V3.10), Modicon Premium (all variations), Modicon Quantum (all variations), which may trigger a doable denial of service when studying invalid information from the controller.
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware variations) and Modicon M340 controller (all firmware variations), which may trigger denial of service when truncated SNMP packets on port 161/UDP are obtained by the gadget.
A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware model previous to V2.90), Modicon M340 (firmware model previous to V3.10), Modicon Premium (all variations), and Modicon Quantum (all variations), which may trigger a doable denial of service when studying particular coils and registers within the controller over Modbus.
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware model previous to V2.90) and Modicon M340 (firmware model previous to V3.10), which may trigger a doable denial of service when writing to particular reminiscence addresses within the controller over Modbus.
RSA BSAFE Crypto-C Micro Edition variations previous to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite variations previous to 4.0.13 (in 4.0.x) and previous to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are susceptible to a Buffer Over-read vulnerability when processing DSA signature. A malicious distant consumer may probably exploit this vulnerability to trigger a crash within the library of the affected system.
RSA BSAFE Micro Edition Suite variations previous to 4.1.6.3 (in 4.1.x) and previous to 4.4 (in 4.2.x and 4.3.x), are susceptible to an Information Exposure Through an Error Message vulnerability, also referred to as a “padding oracle assault vulnerability”. A malicious distant consumer may probably exploit this vulnerability to extract info leaving information vulnerable to publicity.
RSA BSAFE Crypto-C Micro Edition variations previous to 4.1.4 and RSA Micro Edition Suite variations previous to 4.4 are susceptible to an Information Exposure Through Timing Discrepancy. A malicious distant consumer may probably exploit this vulnerability to extract info leaving information vulnerable to publicity.
RSA BSAFE Crypto-C Micro Edition, variations previous to 4.0.5.3 (in 4.0.x) and variations previous to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, variations previous to 4.0.11 (in 4.0.x) variations previous to 4.1.6.1 (in 4.1.x) and variations previous to 4.3.3 (4.2.x and 4.3.x) are susceptible to an Information Exposure Through Timing Discrepancy. A malicious distant consumer may probably exploit this vulnerability to extract info leaving information vulnerable to publicity.
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware variations), which may trigger the disclosure of data when transferring purposes to the controller utilizing Modbus TCP protocol.
A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware variations), which may trigger the disclosure of data from the controller when utilizing TFTP protocol.
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see safety notification for particular variations) which may trigger a Denial of Service when studying information with invalid index utilizing Modbus TCP.
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see safety notification for particular variations) which may trigger a Denial of Service when writing particular bodily reminiscence blocks utilizing Modbus TCP.
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see safety notification for particular variations) which may trigger a Denial of Service of the controller when studying particular reminiscence blocks utilizing Modbus TCP.
In affected variations of dojo (NPM bundle), the deepCopy methodology is susceptible to Prototype Pollution. Prototype Pollution refers back to the means to inject properties into present JavaScript language assemble prototypes, corresponding to objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript software object prototype of the bottom object by injecting different values. This has been patched in variations 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All variations of the next CPUs and Communication Module product references listed within the Security Notifications), which may trigger the disclosure of FTP hardcoded credentials when utilizing the Web server of the controller on an unsecure community.
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which may leak delicate info transmitted between the software program and the Modicon M218, M241, M251, and M258 controllers.
A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware model 1.5.2 and older) which may permit attacker to acquire personal keys.
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware model 1.5.2 and older) which may permit an attacker to amass a password by brute drive.
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and eight.5.1 to eight.5.56 didn’t launch the HTTP/1.1 processor after the improve to HTTP/2. If a enough variety of such requests have been made, an OutOfMemoryException may happen resulting in a denial of service.
The payload size in a WebSocket body was not appropriately validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to eight.5.56 and seven.0.27 to 7.0.104. Invalid payload lengths may set off an infinite loop. Multiple requests with invalid payload lengths may result in a denial of service.
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 modified the permissions of momentary information it created in order that solely the present consumer was allowed to entry them. Unfortunately the fixcrlf job deleted the momentary file and created a brand new one with out mentioned safety, successfully nullifying the hassle. This would nonetheless permit an attacker to inject modified supply information into the construct course of.
Shibboleth Identify Provider 3.x earlier than 3.4.6 has a denial of service flaw. A distant unauthenticated attacker could cause a login circulation to set off Java heap exhaustion because of the creation of objects within the Java Servlet container session.
Apache Batik is susceptible to server-side request forgery, attributable to improper enter validation by the “xlink:href” attributes. By utilizing a specially-crafted argument, an attacker may exploit this vulnerability to trigger the underlying server to make arbitrary GET requests.
A CWE-120: Buffer Copy with out Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all variations) that might trigger a crash of the PLC simulator current in EcoStruxureª Control Expert software program when receiving a specifically crafted request over Modbus.
A flaw was present in FasterXML Jackson Databind, the place it didn’t have entity growth secured correctly. This flaw permits vulnerability to XML exterior entity (XXE) assaults. The highest menace from this vulnerability is information integrity.
While investigating bug 64830 it was found that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and eight.5.0 to eight.5.59 may re-use an HTTP request header worth from the earlier stream obtained on an HTTP/2 connection for the request related to the next stream. While this might probably result in an error and the closure of the HTTP/2 connection, it’s doable that info may leak between requests.
The iconv perform within the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid enter sequences within the ISO-2022-JP-3 encoding, fails an assertion within the code path and aborts this system, probably leading to a denial of service.
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC shoppers may ship quick messages which might lead to a big reminiscence allocation, probably resulting in denial of service.
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate might overflow the output size argument in some instances the place the enter size is near the utmost permissable size for an integer on the platform. In such instances the return worth from the perform name will likely be 1 (indicating success), however the output size worth will likely be unfavourable. This may trigger purposes to behave incorrectly or crash. OpenSSL variations 1.1.1i and beneath are affected by this concern. Users of those variations ought to improve to OpenSSL 1.1.1j. OpenSSL variations 1.0.2x and beneath are affected by this concern. However OpenSSL 1.0.2 is out of help and not receiving public updates. Premium help prospects of OpenSSL 1.0.2 ought to improve to 1.0.2y. Other customers ought to improve to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
This impacts the bundle com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and earlier than 2.11.4, from 2.12.0-rc1 and earlier than 2.12.1. Unchecked allocation of byte buffer could cause a java.lang.OutOfMemoryError exception.
A CWE-319: Cleartext transmission of delicate info vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected variations), that might trigger disclosure of consumer credentials when a malicious actor intercepts Telnet community site visitors between a consumer and the gadget.
A CWE-319: Cleartext transmission of delicate info vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected variations), that might trigger disclosure of consumer credentials when a malicious actor intercepts HTTP community site visitors between a consumer and the gadget.
When responding to new h2c connection requests, Apache Tomcat variations 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and eight.5.0 to eight.5.61 may duplicate request headers and a restricted quantity of request physique from one request to a different which means consumer A and consumer B may each see the outcomes of consumer A’s request.
A CWE-119:Improper restriction of operations inside the bounds of a reminiscence buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see safety notifcation for affected variations), which may trigger the meter to reboot.
XStream is a Java library to serialize objects to XML and again once more. In XStream earlier than model 1.4.16, there’s vulnerability which can permit a distant attacker to allocate 100% CPU time on the goal system relying on CPU sort or parallel execution of such a payload leading to a denial of service solely by manipulating the processed enter stream. No consumer is affected who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. If you depend on XStream’s default blacklist of the Security Framework, you’ll have to use not less than model 1.4.16.
XStream is a Java library to serialize objects to XML and again once more. In XStream earlier than model 1.4.16, there’s a vulnerability the place the processed stream at unmarshalling time accommodates sort info to recreate the previously written objects. XStream creates subsequently new cases based mostly on these sort info. An attacker can manipulate the processed enter stream and substitute or inject objects, that consequence within the deletion of a file on the native host. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. If you depend on XStream’s default blacklist of the Security Framework, you’ll have to use not less than model 1.4.16.
XStream is a Java library to serialize objects to XML and again once more. In XStream earlier than model 1.4.16, there’s a vulnerability which can permit a distant attacker to occupy a thread that consumes most CPU time and can by no means return. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. If you depend on XStream’s default blacklist of the Security Framework, you’ll have to use not less than model 1.4.16.
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU utilization can attain 100% upon receiving a big invalid TLS body.
Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware previous to V5.1.9.1 that might trigger denial of service when particular crafted requests are despatched to the controller over HTTP.
A vulnerability was found within the indexOf perform of JSONParserByteArray in JSON Smart variations 1.3 and a pair of.4 which causes a denial of service (DOS) by way of a crafted internet request.
Libgcrypt earlier than 1.8.8 and 1.9.x earlier than 1.9.3 mishandles ElGamal encryption as a result of it lacks exponent blinding to handle a side-channel assault towards mpi_powm, and the window measurement shouldn’t be chosen appropriately. This, for instance, impacts use of ElGamal in OpenPGP.
Spring Security variations 5.5.x prior to five.5.1, 5.4.x prior to five.4.7, 5.3.x prior to five.3.10 and 5.2.x prior to five.2.11 are prone to a Denial-of-Service (DoS) assault by way of the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux software. A malicious consumer or attacker can ship a number of requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system sources utilizing a single session or a number of periods.
A vulnerability in Apache Tomcat permits an attacker to remotely set off a denial of service. An error launched as a part of a change to enhance error dealing with throughout non-blocking I/O meant that the error flag related to the Request object was not reset between requests. This meant that after a non-blocking I/O error occurred, all future requests dealt with by that request object would fail. Users have been in a position to set off non-blocking I/O errors, e.g. by dropping a connection, thereby creating the potential for triggering a DoS. Applications that don’t use non-blocking I/O usually are not uncovered to this vulnerability. This concern impacts Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.
When studying a specifically crafted 7Z archive, the development of the checklist of codecs that decompress an entry may end up in an infinite loop. This could possibly be used to mount a denial of service assault towards companies that use Compress’ sevenz bundle.
When studying a specifically crafted 7Z archive, Compress could be made to allocate massive quantities of reminiscence that lastly results in an out of reminiscence error even for very small inputs. This could possibly be used to mount a denial of service assault towards companies that use Compress’ sevenz bundle.
When studying a specifically crafted TAR archive, Compress could be made to allocate massive quantities of reminiscence that lastly results in an out of reminiscence error even for very small inputs. This could possibly be used to mount a denial of service assault towards companies that use Compress’ tar bundle.
When studying a specifically crafted ZIP archive, Compress could be made to allocate massive quantities of reminiscence that lastly results in an out of reminiscence error even for very small inputs. This could possibly be used to mount a denial of service assault towards companies that use Compress’ zip bundle.
libcurl-using purposes can ask for a selected shopper certificates for use in a switch. This is completed with the `CURLOPT_SSLCERT` choice (`–cert` with the command line instrument).When libcurl is constructed to make use of the macOS native TLS library Secure Transport, an software can ask for the shopper certificates by title or with a file title – utilizing the identical choice. If the title exists as a file, it is going to be used as an alternative of by title.If the appliction runs with a present working listing that’s writable by different customers (like `/tmp`), a malicious consumer can create a file title with the identical title because the app desires to make use of by title, and thereby trick the applying to make use of the file based mostly cert as an alternative of the one referred to by title making libcurl ship the incorrect shopper certificates within the TLS connection handshake.
Go earlier than 1.17 doesn’t correctly contemplate extraneous zero characters in the beginning of an IP handle octet, which (in some conditions) permits attackers to bypass entry management that’s based mostly on IP addresses, due to surprising octal interpretation. This impacts internet.ParseIP and internet.ParseCIDR.
An concern was found in Foxit PDF Editor earlier than 11.0.1 and PDF Reader earlier than 11.0.1 on macOS. It mishandles lacking dictionary entries, resulting in a NULL pointer dereference, aka CNVD-C-2021-95204.
A crafted methodology despatched by way of HTTP/2 will bypass validation and be forwarded by mod_proxy, which might result in request splitting or cache poisoning. This concern impacts Apache HTTP Server 2.4.17 to 2.4.48.
Node.js earlier than 16.6.1, 14.17.5, and 12.22.5 is susceptible to a use after free assault the place an attacker would possibly be capable to exploit the reminiscence corruption, to alter course of conduct.
jsoup is a Java library for working with HTML. Those utilizing jsoup variations previous to 1.14.2 to parse untrusted HTML or XML could also be susceptible to DOS assaults. If the parser is run on consumer provided enter, an attacker could provide content material that causes the parser to get caught (loop indefinitely till cancelled), to finish extra slowly than common, or to throw an surprising exception. This impact might help a denial of service assault. The concern is patched in model 1.14.2. There are just a few obtainable workarounds. Users might fee restrict enter parsing, restrict the dimensions of inputs based mostly on system sources, and/or implement thread watchdogs to cap and timeout parse runtimes.
A race situation was addressed with improved state dealing with. This concern is mounted in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted internet content material might result in arbitrary code execution.
An concern was found in SaltStack Salt earlier than 3003.3. A consumer who has management of the supply, and source_hash URLs can acquire full file system entry as root on a salt minion.
A fastidiously crafted request uri-path could cause mod_proxy_uwsgi to learn above the allotted reminiscence and crash (DoS). This concern impacts Apache HTTP Server variations 2.4.30 to 2.4.48 (inclusive).
While fuzzing the two.4.49 httpd, a brand new null pointer dereference was detected throughout HTTP/2 request processing, permitting an exterior supply to DoS the server. This requires a specifically crafted request. The vulnerability was lately launched in model 2.4.49. No exploit is thought to the venture.
A flaw was present in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker may use a path traversal assault to map URLs to information exterior the directories configured by Alias-like directives. If information exterior of those directories usually are not protected by the same old default configuration “require all denied”, these requests can succeed. If CGI scripts are additionally enabled for these aliased pathes, this might permit for distant code execution. This concern is thought to be exploited within the wild. This concern solely impacts Apache 2.4.49 and never earlier variations. The repair in Apache HTTP Server 2.4.50 was discovered to be incomplete, see CVE-2021-42013.
The repair for bug 63362 current in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and eight.5.60 to eight.5.71 launched a reminiscence leak. The object launched to gather metrics for HTTP improve connections was not launched for WebSocket connections as soon as the connection was closed. This created a reminiscence leak that, over time, may result in a denial of service by way of an OutOfMemoryError.
The gmp plugin in strongSwan earlier than 5.9.4 has a distant integer overflow by way of a crafted certificates with an RSASSA-PSS signature. For instance, this may be triggered by an unrelated self-signed CA certificates despatched by an initiator. Remote code execution can not happen.
The in-memory certificates cache in strongSwan earlier than 5.9.4 has a distant integer overflow upon receiving many requests with completely different certificates to fill the cache and later set off the alternative of cache entries. The code makes an attempt to pick out a less-often-used cache entry by way of a random quantity generator, however this isn’t finished appropriately. Remote code execution is perhaps a slight chance.
The Bzip2 decompression decoder perform would not permit setting measurement restrictions on the decompressed output information (which impacts the allocation measurement used throughout decompression). All customers of Bzip2Decoder are affected. The malicious enter can set off an OOME and so a DoS assault
The Snappy body decoder perform would not prohibit the chunk size which can result in extreme reminiscence utilization. Beside this it additionally might buffer reserved skippable chunks till the entire chunk was obtained which can result in extreme reminiscence utilization as properly. This vulnerability could be triggered by supplying malicious enter that decompresses to a really massive measurement (by way of a community stream or a file) or by sending an enormous skippable chunk.
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT previous to variations V2.4.7.56 unauthenticated crafted invalid requests might lead to a number of denial-of-service situations. Running PLC packages could also be stopped, reminiscence could also be leaked, or additional communication shoppers could also be blocked from accessing the PLC.
Adobe Campaign model 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that might result in studying arbitrary server information. By leveraging an uncovered XML file, an unauthenticated attacker can enumerate different information on the server.
The TCP Server module in toxcore earlier than 0.2.8 would not free the TCP precedence queue beneath sure situations, which permits a distant attacker to exhaust the system’s reminiscence, inflicting a denial of service (DoS).
JMSAppender in Log4j 1.2 is susceptible to deserialization of untrusted information when the attacker has write entry to the Log4j configuration. The attacker can present TopicBindingName and TopicConnectionFactoryBindingName configurations inflicting JMSAppender to carry out JNDI requests that lead to distant code execution similarly to CVE-2021-44228. Note this concern solely impacts Log4j 1.2 when particularly configured to make use of JMSAppender, which isn’t the default. Apache Log4j 1.2 reached finish of life in August 2015. Users ought to improve to Log4j 2 because it addresses quite a few different points from the earlier variations.
Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a consumer logged out of Boards, which permits an attacker to reuse previous session token for authorization.
In api.rb in Sidekiq earlier than 5.2.10 and 6.4.0, there isn’t any restrict on the variety of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to customers.
The Protect WP Admin WordPress plugin earlier than 3.6.2 doesn’t test for authorisation within the lib/pwa-deactivate.php file, which may permit unauthenticated customers to disable the plugin (and subsequently the safety supplied) by way of a crafted request
Xerox VersaLink units on particular variations of firmware earlier than 2022-01-26 permit distant attackers to brick the gadget by way of a crafted TIFF file in an unauthenticated HTTP POST request. There is a everlasting denial of service as a result of picture parsing causes a reboot, however picture parsing is restarted as quickly because the boot course of finishes. However, this boot loop could be resolved by a area technician. The TIFF file should have an incomplete Image Directory. Affected firmware variations embody xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included “believed to have an effect on all earlier and later variations as of the date of this posting” however a 2022-01-26 vendor assertion reviews “the newest variations of firmware usually are not susceptible to this concern.”
Nullptr dereference when a null char is current in a proto image. The image is parsed incorrectly, resulting in an unchecked name into the proto file’s title throughout era of the ensuing error message. Since the image is incorrectly parsed, the file is nullptr. We advocate upgrading to model 3.15.0 or larger.
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The influence is: get hold of delicate info (distant). The part is: internet.mingsoft.mdiy.motion.internet.DictAction#checklist. The assault vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability by way of which attacker can get delicate info from the database.
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The influence is: get hold of delicate info (distant). The part is: internet.mingsoft.mdiy.motion.FormDataMotion#questionData. The assault vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability by way of which attacker can get delicate info from the database.
An insecure direct object reference for the file-download URL in Synametrics SynaMan earlier than 5.0 permits a distant attacker to entry unshared information by way of a modified base64-encoded filename string.
Single Connect doesn’t carry out an authorization test when utilizing the sc-reports-ui” module. A distant attacker may exploit this vulnerability to entry the gadget configuration web page and export the info to an exterior file. The exploitation of this vulnerability would possibly permit a distant attacker to acquire delicate info together with the database credentials. Since the database runs with excessive privileges it’s doable to execute instructions with the attained credentials.
Single Connect doesn’t carry out an authorization test when utilizing the “sc-assigned-credential-ui” module. A distant attacker may exploit this vulnerability to switch customers permissions. The exploitation of this vulnerability would possibly permit a distant attacker to delete permissions from different customers with out authenticating.
From model 0.2.14 to 0.2.16 for Solana rBPF, perform “relocate” within the file src/elf.rs has an integer overflow bug as a result of the sym.st_value is learn instantly from ELF file with out checking. If the sym.st_value is relatively massive, an integer overflow is triggered whereas calculating the variable “addr” by way of “addr = (sym.st_value + refd_pa) as u64”;
An concern was found within the DNS proxy in Connman by way of 1.40. The TCP server reply implementation has an infinite loop if no information is obtained.
A file disclosure vulnerability within the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET earlier than 5.052.000 permits a distant, unauthenticated attacker to retrieve survey consumer submitted information by modifying the worth of the ID parameter in sequential order starting from 1.
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that might trigger a Denial of Service of the RTU when receiving a specifically crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E and 357E RTUs with firmware V8.18.1 and prior
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that might permit an attacker to achieve unauthorized entry to the charging station internet interface by performing brute drive assaults. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All variations previous to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All variations previous to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All variations previous to R8 V3.4.0.2)
Configuration vulnerability in Hitachi Energy LinkOne software because of the lack of HTTP Headers, permits an attacker that manages to take advantage of this vulnerability to retrieve delicate info. This concern impacts: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
Information Exposure vulnerability in Hitachi Energy LinkOne software, on account of a misconfiguration within the ASP server exposes server and ASP.internet info, an attacker that manages to take advantage of this vulnerability can use the uncovered info as a reconnaissance for additional exploitation. This concern impacts: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
A denial of service vulnerability exists within the cgiserver.cgi session creation performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in forestall customers from logging in. An attacker can ship an HTTP request to set off this vulnerability.
A firmware replace vulnerability exists within the ‘manufacturing unit’ binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted collection of community requests can result in arbitrary firmware replace. An attacker can ship a sequence of requests to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi API command parser performance of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted collection of HTTP requests can result in denial of service. An attacker can ship an HTTP request to set off this vulnerability.
A firmware replace vulnerability exists within the "replace" firmware checks performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in firmware replace. An attacker can ship a sequence of requests to set off this vulnerability.
An info disclosure vulnerability exists on account of an internet server misconfiguration within the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a disclosure of delicate info. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the netserver recv_command performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted community request can result in a reboot. An attacker can ship a malicious packet to set off this vulnerability.
SYNEL – eharmony Directory Traversal. Directory Traversal – is an assault towards a server or a Web software geared toward unauthorized entry to the file system. on the “Name” parameter the attacker can return to the basis listing and open the host file. The path exposes delicate information that customers add
A restricted SSRF vulnerability was found on Western Digital My Cloud units that might permit an attacker to impersonate a server and attain any web page on the server by bypassing entry controls. The vulnerability was addressed by making a whitelist for legitimate parameters.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetPtzTattern param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
Next.js is a React framework. Starting with model 12.0.0 and previous to model 12.0.9, susceptible code may permit a nasty actor to set off a denial of service assault for anybody utilizing i18n performance. In order to be affected by this CVE, one should use subsequent begin or a customized server and the built-in i18n help. Deployments on Vercel, together with comparable environments the place invalid requests are filtered earlier than reaching Next.js, usually are not affected. A patch has been launched, `[email protected]`, that mitigates this concern. As a workaround, one might guarantee `/${locale}/_next/` is blocked from reaching the Next.js occasion till it turns into possible to improve.
The question API in Casdoor earlier than 1.13.1 has a SQL injection vulnerability associated to the sphere and worth parameters, as demonstrated by api/get-organizations.
An concern was found in FAUST iServer earlier than 9.0.019.019.7. For every URL request, it accesses the corresponding .fau file on the working system with out stopping %2epercent2epercent5c listing traversal.
Victor CMS v1.0 was found to include a number of SQL injection vulnerabilities within the part admin/customers.php?supply=add_user. These vulnerabilities could be exploited by way of a crafted POST request by way of the user_name, user_firstname,user_lastname, or user_email parameters.
Cuppa CMS v1.0 was found to include a SQL injection vulnerability in /administrator/elements/menu/ by way of the trail=part/menu/&menu_filter=3 parameter.
MariaDB by way of 10.5.9 permits an software crash in find_field_in_tables and find_order_in_list by way of an unused widespread desk expression (CTE).
MariaDB by way of 10.5.9 permits an software crash by way of sure lengthy SELECT DISTINCT statements that improperly work together with storage-engine useful resource limitations for momentary information constructions.
XStream is an open supply java library to serialize objects to XML and again once more. Versions previous to 1.4.19 might permit a distant attacker to allocate 100% CPU time on the goal system relying on CPU sort or parallel execution of such a payload leading to a denial of service solely by manipulating the processed enter stream. XStream 1.4.19 screens and accumulates the time it takes so as to add parts to collections and throws an exception if a set threshold is exceeded. Users are suggested to improve as quickly as doable. Users unable to improve might set the NO_REFERENCE mode to forestall recursion. See GHSA-rmr5-cpv2-vgjf for additional particulars on a workaround if an improve shouldn’t be doable.
Junrar is an open supply java RAR archive library. In affected variations A fastidiously crafted RAR archive can set off an infinite loop whereas extracting mentioned archive. The influence relies upon solely on how the applying makes use of the library, and whether or not information could be offered by malignant customers. The drawback is patched in 7.4.1. There are not any recognized workarounds and customers are suggested to improve as quickly as doable.
The Link Library WordPress plugin earlier than 7.2.8 doesn’t have authorisation in place when deleting hyperlinks, permitting unauthenticated customers to delete arbitrary hyperlinks by way of a crafted request
Codesys Profinet in model V4.2.0.0 is susceptible to null pointer dereference that permits a denial of service (DoS) assault of an unauthenticated consumer by way of SNMP.
PrinterLogic Web Stack variations 19.1.1.13 SP9 and beneath are susceptible to an Insecure Direct Object Reference (IDOR) vulnerability that permits an unauthenticated attacker to reveal the username and e mail handle of all customers.
PrinterLogic Web Stack variations 19.1.1.13 SP9 and beneath are susceptible to an Insecure Direct Object Reference (IDOR) vulnerability that permits an unauthenticated attacker to reveal the plaintext console username and password for a printer.
An concern was found in MultiPartParser in Django 2.2 earlier than 2.2.27, 3.2 earlier than 3.2.12, and 4.0 earlier than 4.0.2. Passing sure inputs to multipart kinds may lead to an infinite loop when parsing information.
SQL Injection vulnerability found in Unified Office Total Connect Now that will permit an attacker to extract delicate info by way of a cookie parameter.
TOTOLINK X5000R v9.1.0u.6118_B20201102 was found to include a stack overflow within the perform setUrlFilterGuidelines. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the url parameter.
TOTOLINK X5000R v9.1.0u.6118_B20201102 was found to make use of the HTTP protocol for authentication into the admin interface, permitting attackers to intercept consumer credentials by way of packet seize software program.
TOTOLINK X5000R v9.1.0u.6118_B20201102 was found to include a stack overflow within the perform setL2tpServerCfg. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the eip, sip, server parameters.
TOTOLINK A720R v4.1.5cu.470_B20200911 was found to include a stack overflow within the Form_Login perform. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the Host parameter.
TOTOLINK A720R v4.1.5cu.470_B20200911 was found to include a stack overflow within the Form_Login perform. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the flag parameter.
TOTOLINK X5000R v9.1.0u.6118_B20201102 was found to include a stack overflow within the perform setIpv6Cfg. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the relay6to4 parameters.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform formAddDnsForward. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the DnsForwardRule parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform guestWifiRuleRefresh. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the qosGuestUpstream and qosGuestDownstream parameters.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform formAddVpnUsers. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the vpnUsers parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform typeSetQvlanList. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the qvlanName parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform formIPMacBindModify. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the IPMacBindRuleIP and IPMacBindRuleMac parameters.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform formDelDhcpRule. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the delDhcpIndex parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform typeSetStaticRoute. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the staticRouteNet, staticRouteMask, and staticRouteGateway parameters.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform typeSetPortMapping. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform typeSetPortMapping. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform typeSetFirewallCfg. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the firewallEn parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform form_fast_setting_wifi_set. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the timeZone parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform formWifiBasicSet. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the safety and security_5g parameters.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform typeSetQosBand. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the checklist parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform fromAdvSetMacMtuWan. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the wanMTU, wanSpeed, cloneType, mac, and repairName parameters.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform fromSetWirelessRepeat. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the wpapsk_crypto parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform fromSetWifiGusetBasic. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the shareSpeed parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform fromSetRouteStatic. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the checklist parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform formAddMacfilterRule. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the devName parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform typeSetRebootTimer. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the rebootTime parameter.
Tenda AX3 v16.03.12.10_CN was found to include a heap overflow within the perform setSchedWifi. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the schedStartTime and schedEndTime parameters.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform typeSetVirtualSer. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the checklist parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform typeSetMacFilterCfg. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the deviceList parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform fromSetIpMacBind. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the checklist parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform typeSetPPTPServer. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the startIp and endIp parameters.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform typeSetGadgetName. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the devName parameter.
Tenda AX3 v16.03.12.10_CN was found to include a heap overflow within the perform GetGuardianControlInfo. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the mac parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform saveParentControlInfo. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the time parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform fromSetSysTime. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the timeZone parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform typeSetVirtualSer. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the DnsHijackRule parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform typeSetSysTime. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the manualTime parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform formIPMacBindAdd. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the IPMacBindRule parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform formAddDhcpBindRule. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the addDhcpRules parameter.
Directory travesal in /northstar/filemanager/obtain.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 permits distant unauthenticated customers to obtain arbitrary information, together with JSP supply code, throughout the filesystem of the host of the online software.
Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 permits distant native consumer to intercept customers credentials transmitted in cleartext over HTTP.
ntpd in ntp earlier than 4.2.8p14 and 4.3.x earlier than 4.3.100 permits distant attackers to trigger a denial of service (daemon exit or system time change) by predicting transmit timestamps to be used in spoofed packets. The sufferer should be counting on unauthenticated IPv4 time sources. There should be an off-path attacker who can question time from the sufferer’s ntpd occasion.
ASN.1 strings are represented internally inside OpenSSL as an ASN1_STRING construction which accommodates a buffer holding the string information and a area holding the buffer size. This contrasts with regular C strings that are repesented as a buffer for the string information which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings which can be parsed utilizing OpenSSL’s personal “d2i” capabilities (and different comparable parsing capabilities) in addition to any string whose worth has been set with the ASN1_STRING_set() perform will moreover NUL terminate the byte array within the ASN1_STRING construction. However, it’s doable for purposes to instantly assemble legitimate ASN1_STRING constructions which don’t NUL terminate the byte array by instantly setting the “information” and “size” fields within the ASN1_STRING array. This can even occur by utilizing the ASN1_STRING_set0() perform. Numerous OpenSSL capabilities that print ASN.1 information have been discovered to imagine that the ASN1_STRING byte array will likely be NUL terminated, despite the fact that this isn’t assured for strings which have been instantly constructed. Where an software requests an ASN.1 construction to be printed, and the place that ASN.1 construction accommodates ASN1_STRINGs which have been instantly constructed by the applying with out NUL terminating the “information” area, then a learn buffer overrun can happen. The identical factor can even happen throughout title constraints processing of certificates (for instance if a certificates has been instantly constructed by the applying as an alternative of loading it by way of the OpenSSL parsing capabilities, and the certificates accommodates non NUL terminated ASN1_STRING constructions). It can even happen within the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() capabilities. If a malicious actor could cause an software to instantly assemble an ASN1_STRING after which course of it by way of one of many affected OpenSSL capabilities then this concern could possibly be hit. This would possibly lead to a crash (inflicting a Denial of Service assault). It may additionally consequence within the disclosure of personal reminiscence contents (corresponding to personal keys, or delicate plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
Adobe Creative Cloud Desktop Application model 5.4 (and earlier) is affected by a file dealing with vulnerability that might permit an attacker to arbitrarily overwrite a file. Exploitation of this concern requires native entry, administrator privileges and consumer interplay.
treq is an HTTP library impressed by requests however written on high of Twisted’s Agents. Treq’s request strategies (`treq.get`, `treq.put up`, and so forth.) and `treq.shopper.HTTPClient` constructor settle for cookies as a dictionary. Such cookies usually are not certain to a single area, and are subsequently despatched to *each* area (“supercookies”). This can probably trigger delicate info to leak upon an HTTP redirect to a special area., e.g. ought to `https://instance.com` redirect to `http://cloudstorageprovider.com` the latter will obtain the cookie `session`. Treq 2021.1.0 and later bind cookies given to request strategies (`treq.request`, `treq.get`, `HTTPClient.request`, `HTTPClient.get`, and so forth.) to the origin of the *url* parameter. Users are suggested to improve. For customers unable to improve Instead of passing a dictionary because the *cookies* argument, go a `http.cookiejar.CookieJar` occasion with correctly domain- and scheme-scoped cookies in it.
An unspecified ActiveX management in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers earlier than 2.1.0 permits distant attackers to execute arbitrary code by way of unknown vectors, associated to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka protected for scripting) flag.
In Apache Commons Beanutils 1.9.2, a particular BeanIntrospector class was added which permits suppressing the power for an attacker to entry the classloader by way of the category property obtainable on all Java objects. We, nonetheless weren’t utilizing this by default attribute of the PropertyUtilsBean.
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all variations) that might permit the attacker to interrupt the encryption key when the attacker has captured the site visitors between EcoStruxure Machine – Basic software program and Modicon M221 controller.
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all variations) that might permit the attacker to interrupt the encryption keys when the attacker has captured the site visitors between EcoStruxure Machine – Basic software program and Modicon M221 controller.
An concern was found in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to set off push notifications for VeridiumAD enrolled customers doesn’t implement correct entry management. A consumer can set off push notifications for every other consumer. The textual content contained within the push notification may also be modified. If a consumer who receives the notification accepts it, then the consumer who triggered the notification can get hold of the accepting consumer’s login certificates.
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all variations) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and beneath is susceptible to a number of authenticated command injections.
A file add restriction bypass vulnerability in Pluck CMS earlier than 4.7.13 permits an admin privileged consumer to achieve entry within the host by way of the “handle information” performance, which can lead to distant code execution.
The Catch Themes Demo Import WordPress plugin is susceptible to arbitrary file uploads by way of the import performance discovered within the ~/inc/CatchThemesDemoImport.php file, in variations as much as and together with 1.7, on account of inadequate file sort validation. This makes it doable for an attacker with administrative privileges to add malicious information that can be utilized to attain distant code execution.
The RegistrationMagic WordPress plugin earlier than 5.0.1.6 doesn’t escape consumer enter in its rm_chronos_ajax AJAX motion earlier than utilizing it in a SQL assertion when duplicating duties in batches, which may result in a SQL injection concern
jpress 4.2.0 is susceptible to distant code execution by way of io.jpress.internet.admin._TemplateController#doInstall. The admin panel gives a perform by way of which attackers can set up templates and inject some malicious code.
jpress 4.2.0 is susceptible to distant code execution by way of io.jpress.module.article.equipment.ArticleNotifyKit#doSendEmail. The admin panel gives a perform by way of which attackers can edit the e-mail templates and inject some malicious code.
controller/org.controller/org.controller.js within the CVE Services API 1.1.1 earlier than 5c50baf3bda28133a3bc90b854765a64fb538304 permits an organizational administrator to switch a consumer account to an arbitrary new group, and thereby obtain unintended entry inside the context of that new group.
Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is susceptible to Remote Code Execution (RCE). Any consumer with the “Zabbix Admin” function is ready to run customized shell script on the applying server within the context of the applying consumer.
Liferay Portal Server examined on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator consumer can inject Groovy script to execute any OS command on the Liferay Portal Sever.
Liferay Portal Server examined on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator consumer can inject instructions by way of the Gogo Shell module to execute any OS command on the Liferay Portal Sever.
An OS command injection vulnerability exists within the gadget community settings performance of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the worth of the dns1 parameter offered by way of the SetLocal API, shouldn’t be validated correctly. This would result in an OS command injection.
An OS command injection vulnerability exists within the gadget community settings performance of reolink RLC-410W v3.0.0.136_20121102. At [6] the dns_data->dns2 variable, that has the worth of the dns2 parameter offered by way of the SetLocalLink API, shouldn’t be validated correctly. This would result in an OS command injection.
An OScommand injection vulnerability exists within the gadget community settings performance of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the worth of the title parameter offered by way of the SetDevName API, shouldn’t be validated correctly. This would result in an OS command injection.
Authenticated distant code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 permits a distant attacker to add a configuration backup file containing a malicious python pickle file which is able to execute arbitrary code on the server.
Multiple stack-based buffer overflows within the command line interpreter of FortiWeb earlier than 6.4.2 might permit an authenticated attacker to attain arbitrary code execution by way of specifically crafted instructions.
curl 7.20.0 by way of 7.70.0 is susceptible to improper restriction of names for information and different sources that may lead too overwriting an area file when the -J flag is used.
When utilizing Apache Tomcat variations 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to eight.5.54 and seven.0.0 to 7.0.103 if a) an attacker is ready to management the contents and title of a file on the server; and b) the server is configured to make use of the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=”null” (the default except a SecurityManager is used) or a sufficiently lax filter to permit the attacker offered object to be deserialized; and d) the attacker is aware of the relative file path from the storage location utilized by FileStore to the file the attacker has management over; then, utilizing a particularly crafted request, the attacker will be capable to set off distant code execution by way of deserialization of the file beneath their management. Note that each one of situations a) to d) should be true for the assault to succeed.
In Eclipse Jetty variations 1.0 through 9.4.32.v20200930, 10.0.0.alpha1 through 10.0.0.beta2, and 11.0.0.alpha1 through 11.0.0.beta2O, on Unix like techniques, the system’s momentary listing is shared between all customers on that system. A collocated consumer can observe the method of making a short lived sub listing within the shared momentary listing and race to finish the creation of the momentary subdirectory. If the attacker wins the race then they are going to have learn and write permission to the subdirectory used to unpack internet purposes, together with their WEB-INF/lib jar information and JSP information. If any code is ever executed out of this momentary listing, this may result in an area privilege escalation vulnerability.
The repair for CVE-2020-9484 was incomplete. When utilizing Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to eight.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was extremely unlikely for use, the Tomcat occasion was nonetheless susceptible to CVE-2020-9494. Note that each the beforehand revealed stipulations for CVE-2020-9484 and the beforehand revealed mitigations for CVE-2020-9484 additionally apply to this concern.
In PHP variations 7.3.x as much as and together with 7.3.31, 7.4.x beneath 7.4.25 and eight.0.x beneath 8.0.12, when working PHP FPM SAPI with essential FPM daemon course of working as root and little one employee processes working as lower-privileged customers, it’s doable for the kid processes to entry reminiscence shared with the primary course of and write to it, modifying it in a method that will trigger the basis course of to conduct invalid reminiscence reads and writes, which can be utilized to escalate privileges from native unprivileged consumer to the basis consumer.
The repair for bug CVE-2020-9484 launched a time of test, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and eight.5.55 to eight.5.73 that allowed an area attacker to carry out actions with the privileges of the consumer that the Tomcat course of is utilizing. This concern is simply exploitable when Tomcat is configured to persist periods utilizing the FileStore.
A CWE-119: Improper Restriction of Operations inside the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All variations previous to V5.0.4.11) and SoMachine/SoMachine Motion software program (All variations), that might trigger a buffer overflow when the size of a file transferred to the webserver shouldn’t be verified.
Authenticated (admin+) Arbitrary File Download vulnerability found in Download Monitor WordPress plugin (variations <= 4.4.6). The plugin permits arbitrary information, together with delicate configuration information corresponding to wp-config.php, to be downloaded by way of the &downloadable_file_urls[0] parameter information. It's additionally doable to flee from the online server residence listing and obtain any file inside the OS.
An concern was found in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior variations, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior variations, and Proficy Historian Version 6.0 and prior variations. An attacker might be able to retrieve consumer passwords if she or he has entry to an authenticated session.
Insecure default variable initialization for the Intel BSSA DFT function might permit a privileged consumer to probably allow an escalation of privilege by way of native entry.
Insecure default variable initialization for the Intel BSSA DFT function might permit a privileged consumer to probably allow an escalation of privilege by way of native entry.
NVIDIA GPU and Tegra {hardware} include a vulnerability within the inside microcontroller, which can permit a consumer with elevated privileges to instantiate a DMA write operation solely inside a selected time window timed to deprave code execution, which can influence confidentiality, integrity, or availability. The scope influence might lengthen to different elements.
Dell BIOS accommodates an improper enter validation vulnerability. An area authenticated malicious consumer might probably exploit this vulnerability by utilizing an SMI to achieve arbitrary code execution in SMRAM.
Dell BIOS accommodates an improper enter validation vulnerability. An area authenticated malicious consumer might probably exploit this vulnerability by utilizing an SMI to achieve arbitrary code execution in SMRAM.
Apache Log4j2 variations 2.0-beta7 by way of 2.17.0 (excluding safety repair releases 2.3.2 and a pair of.12.4) are susceptible to a distant code execution (RCE) assault when a configuration makes use of a JDBC Appender with a JNDI LDAP information supply URI when an attacker has management of the goal LDAP server. This concern is mounted by limiting JNDI information supply names to the java protocol in Log4j2 variations 2.17.1, 2.12.4, and a pair of.3.2.
A Predictable Value Range from Previous Values concern was found in Schneider Electric Modicon PLCs Modicon M221, firmware variations previous to Version 1.5.0.0, Modicon M241, firmware variations previous to Version 4.0.5.11, and Modicon M251, firmware variations previous to Version 4.0.5.11. The affected merchandise generate insufficiently random TCP preliminary sequence numbers which will permit an attacker to foretell the numbers from earlier values. This might permit an attacker to spoof or disrupt TCP connections.
VMware ESXi 6.7 with out ESXi670-201811401-BG and VMware ESXi 6.5 with out ESXi650-201811301-BG include uninitialized stack reminiscence utilization within the vmxnet3 digital community adapter which can result in an info leak from host to visitor.
CWE-330: Use of Insufficiently Random Values vulnerability, which may trigger the hijacking of the TCP connection when utilizing Ethernet communication in Modicon M580 firmware variations previous to V2.30, and all firmware variations of Modicon M340, Modicon Premium, Modicon Quantum.
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware variations), which may trigger info disclosure when utilizing the FTP protocol.
A CWE-863: Incorrect Authorization vulnerability exists in U.movement Servers and Touch Panels (affected variations listed within the safety notification) which may trigger unauthorized entry when a low privileged consumer makes unauthorized adjustments.
In Spring Framework variations 5.2.0 – 5.2.8, 5.1.0 – 5.1.17, 5.0.0 – 5.0.18, 4.3.0 – 4.3.28, and older unsupported variations, the protections towards RFD assaults from CVE-2015-5211 could also be bypassed relying on the browser used by way of using a jsessionid path parameter.
It was doable to execute a ReDoS-type assault inside CKEditor 4 earlier than 4.16 by persuading a sufferer to stick crafted URL-like textual content into the editor, after which press Enter or Space (within the Autolink plugin).
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with sure permissions may carry out particular SQL assertion to take advantage of this vulnerability. Due to inadequate safety design, profitable exploit could cause service irregular. Affected product variations embody: ManageOne variations 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.
Directory traversal in Eclipse Mojarra earlier than 2.3.14 permits attackers to learn arbitrary information by way of the loc parameter or con parameter.
Prism is a syntax highlighting library. Some languages earlier than 1.24.0 are susceptible to Regular Expression Denial of Service (ReDoS). When Prism is used to spotlight untrusted (user-given) textual content, an attacker can craft a string that can take a really very very long time to spotlight. This drawback has been mounted in Prism v1.24. As a workaround, don’t use ASCIIDoc or ERB to spotlight untrusted textual content. Other languages usually are not affected and can be utilized to spotlight untrusted textual content.
A flaw was present in libxml2. Exponential entity growth assault its doable bypassing all present safety mechanisms and resulting in denial of service.
A vulnerability within the JNDI Realm of Apache Tomcat permits an attacker to authenticate utilizing variations of a sound consumer title and/or to bypass among the safety offered by the LockOut Realm. This concern impacts Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to eight.5.65.
The crypto/tls bundle of Go by way of 1.16.5 doesn’t correctly assert that the kind of public key in an X.509 certificates matches the anticipated sort when doing a RSA based mostly key alternate, permitting a malicious TLS server to trigger a TLS shopper to panic.
A logic concern was addressed with improved restrictions. This concern is mounted in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted internet content material might result in unexpectedly unenforced Content Security Policy.
A flaw has been present in libssh in variations previous to 0.9.6. The SSH protocol retains monitor of two shared secrets and techniques throughout the lifetime of the session. One of them known as secret_hash and the opposite session_id. Initially, each of them are the identical, however after key re-exchange, earlier session_id is saved and used as an enter to new secret_hash. Historically, each of those buffers had shared size variable, which labored so long as these buffers have been identical. But the important thing re-exchange operation can even change the important thing alternate methodology, which could be based mostly on hash of various measurement, ultimately creating “secret_hash” of various measurement than the session_id has. This turns into a problem when the session_id reminiscence is zeroed or when it’s used once more throughout second key re-exchange.
Acrobat Reader DC ActiveX Control variations 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker may leverage this vulnerability to acquire NTLMv2 credentials. Exploitation of this concern requires consumer interplay in {that a} sufferer should open a maliciously crafted Microsoft Office file, or go to an attacker managed internet web page.
Acrobat Reader DC ActiveX Control variations 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker may leverage this vulnerability to acquire NTLMv2 credentials. Exploitation of this concern requires consumer interplay in {that a} sufferer should go to an attacker managed internet web page.
The parse perform in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the physique of chunked requests. This results in HTTP Request Smuggling (HRS) beneath sure situations.
The parser in accepts requests with an area (SP) proper after the header title earlier than the colon. This can result in HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
Netty is an asynchronous event-driven community software framework for fast improvement of maintainable excessive efficiency protocol servers & shoppers. Netty previous to model 4.1.71.Final skips management chars when they’re current in the beginning / finish of the header title. It ought to as an alternative fail quick as these usually are not allowed by the spec and will result in HTTP request smuggling. Failing to do the validation would possibly trigger netty to “sanitize” header names earlier than it ahead these to a different distant system when used as proxy. This distant system cannot see the invalid utilization anymore, and subsequently doesn’t do the validation itself. Users ought to improve to model 4.1.71.Final to obtain a patch.
A flaw was present in podman. The `podman machine` perform (used to create and handle Podman digital machine containing a Podman course of) spawns a `gvproxy` course of on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host’s firewall, an attacker can probably use the `gvproxy` API to ahead ports on the host to ports within the VM, making personal companies on the VM accessible to the community. This concern could possibly be additionally used to interrupt the host’s companies by forwarding all ports to the VM.
In WebKitGTK earlier than 2.32.4, there’s incorrect reminiscence allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, resulting in a segmentation violation and software crash, a special vulnerability than CVE-2021-30889.
An incorrect default permission vulnerability exists within the cgiserver.cgi cgi_check_ability performance of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API doesn’t have a selected case, the consumer permission will default to 7. This will give non-administrative customers the chance to format the SD card and reboot the gadget.
VMware Workstation (16.x previous to 16.2.2) and Horizon Client for Windows (5.x prior to five.5.3) accommodates a denial-of-service vulnerability within the Cortado ThinPrint part. The concern exists in TrueType font parser. A malicious actor with entry to a digital machine or distant desktop might exploit this concern to set off a denial-of-service situation within the Thinprint service working on the host machine the place VMware Workstation or Horizon Client for Windows is put in.
YzmCMS v6.3 was found to include a Cross-Site Request Forgery (CSRF) which permits attackers to arbitrarily delete consumer accounts by way of /admin/admin_manage/delete.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetRec param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetCrop param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetNorm param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. Set3G param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetCloudSchedule param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetPush param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetWifi param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetDevName param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetUpnp param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetNetPort param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetNtp param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetFtp param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetEmail param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetLocalLink param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetAutoFocus param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetMasks param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetIsp param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetImage param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetEnc param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetAutoMaint param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetTime param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetPowerLed param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot.SetIrLights param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetAutoUpgrade param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetPtzSerial param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetPtzPatrol param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetPtzPreset param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. Login param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetCapability param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. Format param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetEnc param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetImage param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetIsp param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetMasks param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. Preview param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. rtmp=begin param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. rtmp=cease param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetPtzPreset param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetPtzPatrol param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. PtzCtrl param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetPtzSerial param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetPtzTattern param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetZoomFocus param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. StartZoomFocus param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetAutoFocus param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. Take a look atEmail param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. TestFtp param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. TestWifi param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. UpgradePut together param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. Search param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetRec param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. AddUser param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. DelUser param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. ModifyUser param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. Disconnect param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetAlarm param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetMdState param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetMdAlarm param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
gh-ost is a triggerless on-line schema migration answer for MySQL. Versions previous to 1.1.3 are topic to an arbitrary file learn vulnerability. The attacker should have entry to the goal host or trick an administrator into executing a malicious gh-ost command on a number working gh-ost, plus community entry from host working gh-ost to the assault’s malicious MySQL server. The `-database` parameter doesn’t correctly sanitize consumer enter which might result in arbitrary file reads.
The Error Log Viewer WordPress plugin by way of 1.1.1 doesn’t carry out nonce test when deleting a log file and doesn’t have path traversal prevention, which may permit attackers to make a logged in admin delete arbitrary textual content information on the net server.
The NextScripts: Social Networks Auto-Poster WordPress plugin earlier than 4.3.25 doesn’t have CSRF test in place when deleting gadgets, permitting attacker to make a logged in admin delete arbitrary posts by way of a CSRF assault
The Link Library WordPress plugin earlier than 7.2.8 doesn’t have CSRF test when resetting library settings, permitting attackers to make a logged in admin reset arbitrary settings by way of a CSRF assault
The LabTools WordPress plugin by way of 1.0 doesn’t have correct authorisation and CSRF test in place when deleting publications, permitting any authenticated customers, corresponding to subscriber to delete arbitrary publication
Apache Superset as much as and together with 1.3.2 allowed for registered database connections password leak for authenticated customers. This info could possibly be accessed in a non-trivial method. Users ought to improve to Apache Superset 1.4.0 or greater.
iText v7.1.17 was found to include an out-of-memory error by way of the part readStreamBytesRaw, which permits attackers to trigger a Denial of Service (DoS) by way of a crafted PDF file.
iText v7.1.17 was found to include a stack-based buffer overflow by way of the part ByteBuffer.append, which permits attackers to trigger a Denial of Service (DoS) by way of a crafted PDF file.
iText v7.1.17 was found to include an out-of-bounds exception by way of the part ARCFOUREncryption.encryptARCFOUR, which permits attackers to trigger a Denial of Service (DoS) by way of a crafted PDF file.
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 permits distant authenticated customers to alter the password of any focused consumer accounts by way of lack of correct authorization within the user-controlled “userID” parameter of the HTTP POST request.
General Electric (GE) Digital Proficy HMI/SCADA – CIMPLICITY earlier than 8.2 SIM 27 mishandles service DACLs, which permits native customers to switch a service configuration by way of unspecified vectors.
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 makes use of the default momentary listing recognized by the Java system property java.io.tmpdir for a number of duties and will thus leak delicate info. The fixcrlf and replaceregexp duties additionally copy information from the momentary listing again into the construct tree permitting an attacker to inject modified supply information into the construct course of.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to allocate 100% CPU time on the goal system relying on CPU sort or parallel execution of such a payload leading to a denial of service solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 permit distant attackers to inject arbitrary internet script or HTML by way of (1) the list_1680466951_oldfilterval parameter to techniques/PhysicalList.do or (2) unspecified vectors involving techniques/VirtualSystemsRecord.do.
Multiple cross-site scripting (XSS) vulnerabilities within the Web UI in Spacewalk and Red Hat Satellite 5.7 permit distant attackers to inject arbitrary internet script or HTML by way of (1) the PATH_INFO to techniques/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the title of a (3) snapshot tag or (4) system group in System Set Manager (SSM).
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 permits distant attackers to inject arbitrary internet script or HTML by way of the (1) RHNMD User or (2) Filesystem parameters, associated to show of monitoring probes.
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 permits distant attackers to inject arbitrary internet script or HTML by way of a bunch title, associated to viewing snapshot information.
Cross-site scripting (XSS) vulnerability in jQuery UI earlier than 1.12.0 would possibly permit distant attackers to inject arbitrary internet script or HTML by way of the shutText parameter of the dialog perform.
The ESXi Host Client in VMware ESXi (6.5 earlier than ESXi650-201712103-SG, 5.5 earlier than ESXi600-201711103-SG and 5.5 earlier than ESXi550-201709102-SG) accommodates a vulnerability which will permit for saved cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which could get executed when different customers entry the Host Client.
jQuery earlier than 3.4.0, as utilized in Drupal, Backdrop CMS, and different merchandise, mishandles jQuery.lengthen(true, {}, …) due to Object.prototype air pollution. If an unsanitized supply object contained an enumerable __proto__ property, it may lengthen the native Object.prototype.
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as utilized in Mojarra for Eclipse EE4J earlier than 2.3.10 and Mojarra JavaServer Faces earlier than 2.2.20, permits Reflected XSS as a result of a shopper window area is mishandled.
A vulnerability was present in Hibernate-Validator. The SafeHtml validator annotation fails to correctly sanitize payloads consisting of probably malicious code in HTML feedback and directions. This vulnerability may end up in an XSS assault.
A cross-site scripting (XSS) vulnerability within the HTML Data Processor for CKEditor 4.0 earlier than 4.14 permits distant attackers to inject arbitrary internet script by way of a crafted “protected” remark (with the cke_protected syntax).
In jQuery variations larger than or equal to 1.2 and earlier than 3.5.0, passing HTML from untrusted sources – even after sanitizing it – to considered one of jQuery’s DOM manipulation strategies (i.e. .html(), .append(), and others) might execute untrusted code. This drawback is patched in jQuery 3.5.0.
A cross-site scripting (XSS) concern within the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 permits distant attackers to inject JavaScript by way of the signalIn.do urll parameter.
OWASP AntiSamy earlier than 1.6.4 permits XSS by way of HTML attributes when utilizing the HTML output serializer (XHTML shouldn’t be affected). This was demonstrated by a javascript: URL with : because the alternative for the : character.
Under sure situations, NetWeaver Enterprise Portal, variations – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, doesn’t sufficiently encode report information. An attacker can craft malicious information and print it to the report. In a profitable assault, a sufferer opens the report, and the malicious script will get executed within the sufferer’s browser, leading to a Stored Cross-Site Scripting (XSS) vulnerability.
Under sure situations, NetWeaver Enterprise Portal, variations – 7.30, 7.31, 7.40, 7.50, doesn’t sufficiently encode URL parameters. An attacker can craft a malicious hyperlink and ship it to a sufferer. A profitable assault leads to Reflected Cross-Site Scripting (XSS) vulnerability.
A logic concern was addressed with improved state administration. This concern is mounted in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted internet content material might result in common cross website scripting.
Adobe Experience Manager model 6.5.9.0 (and earlier) is affected by a mirrored Cross-Site Scripting (XSS) vulnerability by way of the accesskey parameter. If an attacker is ready to persuade a sufferer to go to a URL referencing a susceptible web page, malicious JavaScript content material could also be executed inside the context of the sufferer’s browser
Acrobat Reader DC variations 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability on account of insecure dealing with of a crafted PDF file, probably leading to reminiscence corruption within the context of the present consumer. Exploitation requires consumer interplay in {that a} sufferer should open a crafted PDF file in Acrobat Reader.
Acrobat Reader DC variations 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability on account of insecure dealing with of a crafted PDF file, probably leading to reminiscence corruption within the context of the present consumer. Exploitation requires consumer interplay in {that a} sufferer should open a crafted PDF file in Acrobat Reader.
XMP Toolkit model 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that might lead to leaking information from sure reminiscence places and inflicting an area denial of service within the context of the present consumer. User interplay is required to take advantage of this vulnerability in that the sufferer might want to open a specifically crafted MXF file.
Adobe Connect model 11.2.3 (and earlier) is affected by a mirrored Cross-Site Scripting (XSS) vulnerability. If an attacker is ready to persuade a sufferer to go to a URL referencing a susceptible web page, malicious JavaScript content material could also be executed inside the context of the sufferer’s browser.
In MediaWiki by way of 1.37, XSS can happen in Wikibase as a result of an exterior identifier property can have a URL format that features a $1 formatter substitution marker, and the javascript: URL scheme (amongst others) can be utilized.
In MediaWiki by way of 1.37, Wikibase merchandise descriptions permit XSS, which is triggered upon a go to to an motion=information URL (aka a page-information sidebar).
A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software model 6.0.1 and older, which permits the injection of unauthenticated, specially-crafted internet requests with out correct sanitization.
GLPI is a free asset and IT administration software program bundle. All GLPI variations previous to 9.5.7 are susceptible to mirrored cross-site scripting. Version 9.5.7 accommodates a patch for this concern. There are not any recognized workarounds.
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that might trigger arbritrary script execution when a privileged account clicks on a malicious URL particularly crafted for the NMC pointing to a delete coverage file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC3 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products utilizing NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for collection ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for collection ACRC10x SKUs (RC10X2G), InRow Cooling for collection ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for collection ACRD3xx (ACRC2G), InRow Cooling for collection ACSC1xx SKUs (SC2G), InRow Cooling for collection ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that might trigger script execution when the request of a privileged account accessing the susceptible internet web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC3 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products utilizing NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for collection ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for collection ACRC10x SKUs (RC10X2G), InRow Cooling for collection ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for collection ACRD3xx (ACRC2G), InRow Cooling for collection ACSC1xx SKUs (SC2G), InRow Cooling for collection ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that might trigger arbritrary script execution when a privileged account clicks on a malicious URL particularly crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC3 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products utilizing NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for collection ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for collection ACRC10x SKUs (RC10X2G), InRow Cooling for collection ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for collection ACRD3xx (ACRC2G), InRow Cooling for collection ACSC1xx SKUs (SC2G), InRow Cooling for collection ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that might trigger arbritrary script execution when a privileged account clicks on a malicious URL particularly crafted for the NMC pointing to an edit coverage file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC3 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products utilizing NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for collection ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for collection ACRC10x SKUs (RC10X2G), InRow Cooling for collection ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for collection ACRD3xx (ACRC2G), InRow Cooling for collection ACSC1xx SKUs (SC2G), InRow Cooling for collection ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists which may trigger arbritrary script execution when a malicious file is learn and displayed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC3 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products utilizing NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for collection ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for collection ACRC10x SKUs (RC10X2G), InRow Cooling for collection ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for collection ACRD3xx (ACRC2G), InRow Cooling for collection ACSC1xx SKUs (SC2G), InRow Cooling for collection ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
A CWE-79 Improper Neutralization of Input During Web Page Generation (?Cross-site Scripting?) vulnerability exists that might permit an attacker to impersonate the consumer who manages the charging station or perform actions on their behalf when crafted malicious parameters are submitted to the charging station internet server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All variations previous to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All variations previous to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All variations previous to R8 V3.4.0.2)
HTML code injection vulnerability in Android Application, Bosch Video Security, model 3.2.3. or earlier, when efficiently exploited permits an attacker to inject random HTML code right into a part loaded by WebView, thus permitting the Application to show internet sources managed by the attacker.
laminas-form is a bundle for validating and displaying easy and complicated kinds. When rendering validation error messages by way of the `typeElementErrors()` view helper shipped with laminas-form, many messages will include the submitted worth. However, in laminas-form previous to model 3.1.1, the worth was not being escaped for HTML contexts, which may probably result in a mirrored cross-site scripting assault. Versions 3.1.1 and above include a patch to mitigate the vulnerability. A workaround is out there. One might manually place code on the high of a view script the place one calls the `typeElementErrors()` view helper. More details about this workaround is out there on the GitHub Security Advisory.
Products.ATContentTypes are the core content material varieties for Plone 2.1 – 4.3. Versions of Plone which can be depending on Products.ATContentTypes previous to model 3.0.6 are susceptible to mirrored cross website scripting and open redirect when an attacker can get a compromised model of the image_view_fullscreen web page in a cache, for instance in Varnish. The method is called cache poisoning. Any later customer can get redirected when clicking on a hyperlink on this web page. Usually solely nameless customers are affected, however this is dependent upon the consumer’s cache settings. Version 3.0.6 of Products.ATContentTypes has been launched with a repair. This model works on Plone 5.2, Python 2 solely. As a workaround, be sure the image_view_fullscreen web page shouldn’t be saved within the cache. More details about the vulnerability and cvmitigation measures is out there within the GitHub Security Advisory.
iTunesRPC-Remastered is a discord wealthy presence software to be used with iTunes & Apple Music. In code earlier than commit 24f43aa consumer enter shouldn’t be correctly sanitized and code injection is feasible. Users are suggested to improve as quickly as is feasible. There are not any recognized workarounds for this concern.
The RegistrationMagic WordPress plugin earlier than 5.0.1.9 doesn’t sanitise and escape the rm_search_value parameter earlier than outputting again in an attribute, resulting in a Reflected Cross-Site Scripting
The Perfect Survey WordPress plugin earlier than 1.5.2 doesn’t sanitise and escape a number of parameters (id and filters[session_id] of single_statistics web page, sort and message of importexport web page) earlier than outputting them again in pages/attributes within the admin dashboard, resulting in Reflected Cross-Site Scripting points
The Perfect Survey WordPress plugin by way of 1.5.2 doesn’t validate and escape the X-Forwarded-For header worth earlier than outputting it within the statistic web page when the Anonymize IP setting of a survey is turned off, resulting in a Stored Cross-Site Scripting concern
The Domain Check WordPress plugin earlier than 1.0.17 doesn’t sanitise and escape the area parameter earlier than outputting it again within the web page, resulting in a Reflected Cross-Site Scripting concern
6.1
(*9*)
CVE-2021-24934
The Visual CSS Style Editor WordPress plugin earlier than 7.5.4 doesn’t sanitise and escape the wyp_page_type parameter earlier than outputting it again in an admin web page, resulting in a Reflected Cross-Site Scripting concern
The Asset CleanUp: Page Speed Booster WordPress plugin earlier than 1.3.8.5 doesn’t escape the wpacu_selected_sub_tab_area parameter earlier than outputting it again in an attribute in an admin web page, resulting in a Reflected Cross-Site Scripting concern
The NextScripts: Social Networks Auto-Poster WordPress plugin earlier than 4.3.24 doesn’t sanitise and escape logged requests earlier than outputting them within the associated admin dashboard, resulting in an Unauthenticated Stored Cross-Site Scripting concern
The Asset CleanUp: Page Speed Booster WordPress plugin earlier than 1.3.8.5 doesn’t sanitise and escape POSted parameters despatched to the wpassetcleanup_fetch_active_plugins_icons AJAX motion (obtainable to admin customers), resulting in a Reflected Cross-Site Scripting concern
The Contact Form 7 Skins WordPress plugin by way of 2.5.0 doesn’t sanitise and escape the tab parameter earlier than outputting it again in an admin web page, resulting in a Reflected Cross-Site Scripting
The WOOF WordPress plugin earlier than 1.2.6.3 doesn’t sanitise and escape the woof_redraw_elements earlier than outputing again in an admin web page, resulting in a Reflected Cross-Site Scripting
The UpdraftPlus WordPress Backup Plugin WordPress plugin earlier than 1.16.69 doesn’t sanitise and escape the updraft_restore parameter earlier than outputting it again within the Restore web page, resulting in a Reflected Cross-Site Scripting
The Link Library WordPress plugin earlier than 7.2.9 doesn’t sanitise and escape the settingscopy parameter earlier than outputting it again in an admin web page, resulting in a Reflected Cross-Site Scripting
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 permits attackers to inject arbitrary HTML by way of the search_term parameter within the modules/Scheduling/Courses.php script.
The check_privacy_settings AJAX motion of the WordPress GDPR WordPress plugin earlier than 1.9.27, obtainable to each unauthenticated and authenticated customers, responds with JSON information with out an “software/json” content-type. Since an HTML payload is not correctly escaped, it could be interpreted by an internet browser led to this endpoint. Javascript code could also be executed on a sufferer’s browser. Due to v1.9.26 including a CSRF test, the XSS is simply exploitable towards unauthenticated customers (as all of them share the identical nonce)
Ivanti Service Manager 2021.1 permits mirrored XSS by way of the appName parameter related to ConfigDB calls, corresponding to in RelocateAttachments.aspx.
A improper neutralization of enter throughout internet web page era (‘cross-site scripting’) in Fortinet FortiMail model 7.0.1 and seven.0.0, model 6.4.5 and beneath, model 6.3.7 and beneath, model 6.0.11 and beneath permits attacker to execute unauthorized code or instructions by way of crafted HTTP GET requests to the FortiGuard URI safety service.
JHEAD is a straightforward command line instrument for displaying and a few manipulation of EXIF header information embedded in Jpeg photos from digital cameras. In affected variations there’s a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg photos could be offered to the consumer leading to a program crash or probably incorrect exif info retrieval. Users are suggested to improve. There isn’t any recognized workaround for this concern.
PrinterLogic Web Stack variations 19.1.1.13 SP9 and beneath are susceptible to a number of mirrored cross website scripting vulnerabilities. Attacker managed enter is mirrored again within the web page with out sanitization.
The {% debug %} template tag in Django 2.2 earlier than 2.2.27, 3.2 earlier than 3.2.12, and 4.0 earlier than 4.0.2 doesn’t correctly encode the present context. This might result in XSS.
A Cross Site Scripting (XSS) vulnerability exists in Codex earlier than 1.4.0 by way of Notebook/Page title area, which permits malicious customers to execute arbitrary code by way of a crafted http code in a .json file.
NVIDIA GPU Display Driver for Linux accommodates a vulnerability within the kernel driver, the place improper dealing with of inadequate permissions or privileges might permit an unprivileged native consumer restricted write entry to protected reminiscence, which might result in denial of service.
NVIDIA GPU Display Driver for Linux accommodates a vulnerability within the kernel driver bundle, the place improper dealing with of inadequate permissions or privileges might permit an unprivileged native consumer restricted write entry to protected reminiscence, which might result in denial of service.
The bundle python/cpython from 0 and earlier than 3.6.13, from 3.7.0 and earlier than 3.7.10, from 3.8.0 and earlier than 3.8.8, from 3.9.0 and earlier than 3.9.2 are susceptible to Web Cache Poisoning by way of urllib.parse.parse_qsl and urllib.parse.parse_qs by utilizing a vector known as parameter cloaking. When the attacker can separate question parameters utilizing a semicolon (;), they’ll trigger a distinction within the interpretation of the request between the proxy (working with default configuration) and the server. This may end up in malicious requests being cached as fully protected ones, because the proxy would normally not see the semicolon as a separator, and subsequently wouldn’t embody it in a cache key of an unkeyed parameter.
Netty is an open-source, asynchronous event-driven community software framework for fast improvement of maintainable excessive efficiency protocol servers & shoppers. In Netty (io.netty:netty-codec-http2) earlier than model 4.1.61.Final there’s a vulnerability that allows request smuggling. The content-length header shouldn’t be appropriately validated if the request solely makes use of a single Http2HeaderFrame with the endStream set to to true. This may result in request smuggling if the request is proxied to a distant peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to repair this one case. This was mounted as a part of 4.1.61.Final.
A vulnerability was found in XNIO the place file descriptor leak attributable to rising quantities of NIO Selector file handles between rubbish assortment cycles. It might permit the attacker to trigger a denial of service. It impacts XNIO variations 3.6.0.Beta1 by way of 3.8.1.Final.
The aaugustin websockets library earlier than 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=…). An attacker might be able to guess a password by way of a timing assault.
Go earlier than 1.15.15 and 1.16.x earlier than 1.16.7 has a race situation that may result in a internet/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
Some elements in Apache Kafka use `Arrays.equals` to validate a password or key, which is susceptible to timing assaults that make brute drive assaults for such credentials extra probably to achieve success. Users ought to improve to 2.8.1 or greater, or 3.0.0 or greater the place this vulnerability has been mounted. The affected variations embody Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and a pair of.8.0.
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve information utilizing STARTTLS to improve to TLS safety, the server can reply and ship again a number of responses directly that curl caches. curl would then improve to TLS however not flush the in-queue of cached responses however as an alternative proceed utilizing and trustingthe responses it bought *earlier than* the TLS handshake as in the event that they have been authenticated.Using this flaw, it permits a Man-In-The-Middle attacker to first inject the pretend responses, then pass-through the TLS site visitors from the respectable server and trick curl into sending information again to the consumer pondering the attacker's injected information comes from the TLS-protected server.
Vulnerability within the MySQL Connectors product of Oracle MySQL (part: Connector/J). Supported variations which can be affected are 8.0.26 and prior. Difficult to take advantage of vulnerability permits excessive privileged attacker with community entry by way of a number of protocols to compromise MySQL Connectors. Successful assaults of this vulnerability may end up in unauthorized entry to crucial information or full entry to all MySQL Connectors accessible information and unauthorized means to trigger a grasp or often repeatable crash (full DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
Apache Log4j2 variations 2.0-alpha1 by way of 2.16.0 (excluding 2.12.3 and a pair of.3.1) didn’t shield from uncontrolled recursion from self-referential lookups. This permits an attacker with management over Thread Context Map information to trigger a denial of service when a crafted string is interpreted. This concern was mounted in Log4j 2.17.0, 2.12.3, and a pair of.3.1.
IBM Security Guardium Insights 3.0 may permit a distant attacker to acquire delicate info, attributable to the failure to correctly allow HTTP Strict Transport Security. An attacker may exploit this vulnerability to acquire delicate info utilizing man within the center strategies.
An info disclosure vulnerability exists because of the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle assault can result in a disclosure of delicate info. An attacker can carry out a man-in-the-middle assault to set off this vulnerability.
There is a carry propagation bug within the MIPS32 and MIPS64 squaring process. Many EC algorithms are affected, together with among the TLS 1.3 default curves. Impact was not analyzed intimately, as a result of the pre-requisites for assault are thought of unlikely and embody reusing personal keys. Analysis means that assaults towards RSA and DSA because of this defect could be very tough to carry out and usually are not believed probably. Attacks towards DH are thought of simply possible (though very tough) as a result of many of the work essential to deduce details about a personal key could also be carried out offline. The quantity of sources required for such an assault could be important. However, for an assault on TLS to be significant, the server must share the DH personal key amongst a number of shoppers, which is not an choice since CVE-2016-0701. This concern impacts OpenSSL variations 1.0.2, 1.1.1 and three.0.0. It was addressed within the releases of 1.1.1m and three.0.1 on the fifteenth of December 2021. For the 1.0.2 launch it’s addressed in git commit 6fc1aaaf3 that’s obtainable to premium help prospects solely. It will likely be made obtainable in 1.0.2zc when it’s launched. The concern solely impacts OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).
h2o is an open supply http server. In code previous to the `8c0eca3` commit h2o might try and entry uninitialized reminiscence. When receiving QUIC frames in sure order, HTTP/3 server-side implementation of h2o could be misguided to deal with uninitialized reminiscence as HTTP/3 frames which have been obtained. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to ship inside state of h2o to backend servers managed by the attacker or third occasion. Also, if there’s an HTTP endpoint that displays the site visitors despatched from the shopper, an attacker can use that reflector to acquire inside state of h2o. This inside state contains site visitors of different connections in unencrypted type and TLS session tickets. This vulnerability exists in h2o server with HTTP/3 help, between commit 93af138 and d1f0f65. None of the launched variations of h2o are affected by this vulnerability. There are not any recognized workarounds. Users of unreleased variations of h2o utilizing HTTP/3 are suggested to improve instantly.
An info disclosure vulnerability exists within the Web Server performance of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle assault can result in a disclosure of delicate info. An attacker can carry out a man-in-the-middle assault to set off this vulnerability.
Various Vembu merchandise permit an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other merchandise or variations of merchandise on this household could also be affected too.)
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all variations) that might permit the attacker to seek out the password hash when the attacker has captured the site visitors between EcoStruxure Machine – Basic software program and Modicon M221 controller and broke the encryption keys.
There’s a flaw in Python 3’s pydoc. An area or adjoining attacker who discovers or is ready to persuade one other native or adjoining consumer to start out a pydoc server may entry the server and use it to reveal delicate info belonging to the opposite consumer that they might not usually be capable to entry. The highest threat of this flaw is to information confidentiality. This flaw impacts Python variations earlier than 3.8.9, Python variations earlier than 3.9.3 and Python variations earlier than 3.10.0a7.
VMware ESXi 6.5 with out patch ESXi650-201703410-SG, 6.0 U3 with out patch ESXi600-201703401-SG, 6.0 U2 with out patch ESXi600-201703403-SG, 6.0 U1 with out patch ESXi600-201703402-SG, 5.5 with out patch ESXi550-201703401-SG; Workstation Pro / Player 12.x previous to 12.5.5; and Fusion Pro / Fusion 8.x prior to eight.5.6 have uninitialized reminiscence utilization. This concern might result in an info leak.
VMware ESXi 6.5 with out patch ESXi650-201707101-SG, ESXi 6.0 with out patch ESXi600-201706101-SG, ESXi 5.5 with out patch ESXi550-201709101-SG, Workstation (12.x earlier than 12.5.3), Fusion (8.x earlier than 8.5.4) include a NULL pointer dereference vulnerability. This concern happens when dealing with visitor RPC requests. Successful exploitation of this concern might permit attackers with regular consumer privileges to crash their VMs.