VMware ESXi 6.5 with out patch ESXi650-201703410-SG and 5.5 with out patch ESXi550-201703401-SG; Workstation Pro / Player 12.x previous to 12.5.5; and Fusion Pro / Fusion 8.x prior to eight.5.6 have a Heap Buffer Overflow in SVGA. This concern might permit a visitor to execute code on the host.
VMware ESXi 6.5 with out patch ESXi650-201703410-SG, 6.0 U3 with out patch ESXi600-201703401-SG, 6.0 U2 with out patch ESXi600-201703403-SG, 6.0 U1 with out patch ESXi600-201703402-SG, and 5.5 with out patch ESXi550-201703401-SG; Workstation Pro / Player 12.x previous to 12.5.5; and Fusion Pro / Fusion 8.x prior to eight.5.6 have an uninitialized stack reminiscence utilization in SVGA. This concern might permit a visitor to execute code on the host.
The XHCI controller in VMware ESXi 6.5 with out patch ESXi650-201703410-SG, 6.0 U3 with out patch ESXi600-201703401-SG, 6.0 U2 with out patch ESXi600-201703403-SG, 6.0 U1 with out patch ESXi600-201703402-SG, and 5.5 with out patch ESXi550-201703401-SG; Workstation Pro / Player 12.x previous to 12.5.5; and Fusion Pro / Fusion 8.x prior to eight.5.6 has uninitialized reminiscence utilization. This concern might permit a visitor to execute code on the host. The concern is decreased to a Denial of Service of the visitor on ESXi 5.5.
VMware ESXi (ESXi 6.5 with out patch ESXi650-201707101-SG), Workstation (12.x earlier than 12.5.7) and Fusion (8.x earlier than 8.5.8) include an out-of-bounds write vulnerability in SVGA gadget. This concern might permit a visitor to execute code on the host.
In the add_match perform in libbb/lineedit.c in BusyBox by way of 1.27.2, the tab autocomplete function of the shell, used to get an inventory of filenames in a listing, doesn’t sanitize filenames and leads to executing any escape sequence within the terminal. This may probably lead to code execution, arbitrary file writes, or different assaults.
VMware ESXi (6.5 earlier than ESXi650-201710401-BG), Workstation (12.x earlier than 12.5.8), and Fusion (8.x earlier than 8.5.9) include a vulnerability that might permit an authenticated VNC session to trigger a heap overflow by way of a selected set of VNC packets leading to heap corruption. Successful exploitation of this concern may lead to distant code execution in a digital machine by way of the authenticated VNC session. Note: In order for exploitation to be doable in ESXi, VNC should be manually enabled in a digital machine’s .vmx configuration file. In addition, ESXi should be configured to permit VNC site visitors by way of the built-in firewall.
VMware ESXi (6.0 earlier than ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x earlier than 12.5.8), and Fusion (8.x earlier than 8.5.9) include a vulnerability that might permit an authenticated VNC session to trigger a stack overflow by way of a selected set of VNC packets. Successful exploitation of this concern may lead to distant code execution in a digital machine by way of the authenticated VNC session. Note: In order for exploitation to be doable in ESXi, VNC should be manually enabled in a digital machine’s .vmx configuration file. In addition, ESXi should be configured to permit VNC site visitors by way of the built-in firewall.
A XML exterior entity (XXE) vulnerability exists within the import.cgi of the online interface part of the Schneider Electric’s Pelco Sarix Professional in all firmware variations prior to three.29.67.
An exploitable use-after-free vulnerability exists within the JavaScript engine of Foxit Software’s Foxit PDF Reader model 8.3.2.25013. A specifically crafted PDF doc can set off a beforehand freed object in reminiscence to be reused, leading to arbitrary code execution. An attacker must trick the consumer to open the malicious file to set off this vulnerability. If the browser plugin extension is enabled, visiting a malicious website can even set off the vulnerability.
An exploitable use-after-free vulnerability exists within the JavaScript engine Foxit Software Foxit PDF Reader model 9.0.1.1049. A specifically crafted PDF doc can set off a beforehand freed object in reminiscence to be reused, leading to arbitrary code execution. An attacker must trick the consumer to open the malicious file to set off this vulnerability. If a browser plugin extension is enabled, visiting a malicious website can even set off the vulnerability.
VMware ESXi 6.7 with out ESXi670-201811401-BG and VMware ESXi 6.5 with out ESXi650-201811301-BG, VMware ESXi 6.0 with out ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or beneath, VMware Fusion 11, VMware Fusion 10.1.3 or beneath include uninitialized stack reminiscence utilization within the vmxnet3 digital community adapter which can permit a visitor to execute code on the host.
Out of bounds write in SQLite in Google Chrome previous to 79.0.3945.79 allowed a distant attacker to probably exploit heap corruption by way of a crafted HTML web page.
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x shouldn’t be affected by the difficulty. Fixed model is 1.4.0) there’s a script-cache privilege escalation vulnerability on account of kotlin-main-kts cached scripts within the system temp listing, which is shared by all customers by default.
XStream earlier than model 1.4.14 is susceptible to Remote Code Execution.The vulnerability might permit a distant attacker to run arbitrary shell instructions solely by manipulating the processed enter stream. Only customers who depend on blocklists are affected. Anyone utilizing XStream’s Security Framework allowlist shouldn’t be affected. The linked advisory gives code workarounds for customers who can not improve. The concern is mounted in model 1.4.14.
An attacker that is ready to modify Velocity templates might execute arbitrary Java code or run arbitrary system instructions with the identical privileges because the account working the Servlet container. This applies to purposes that permit untrusted customers to add/modify velocity templates working Apache Velocity Engine variations as much as 2.2.
XStream is software program for serializing Java objects to XML and again once more. A vulnerability in XStream variations previous to 1.4.17 might permit a distant attacker has enough rights to execute instructions of the host solely by manipulating the processed enter stream. No consumer who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties is affected. The vulnerability is patched in model 1.4.17.
Missing checks on Content-Type headers in geckodriver earlier than 0.27.0 may result in a CSRF vulnerability, which may, when paired with a particularly ready request, result in distant code execution.
A use-after-free vulnerability exists within the JavaScript engine of Foxit Software’s PDF Reader, model 10.1.3.37598. A specifically crafted PDF doc can set off the reuse of beforehand freed reminiscence, which might result in arbitrary code execution. An attacker must trick the consumer to open the malicious file to set off this vulnerability. Exploitation can be doable if a consumer visits a specifically crafted, malicious website if the browser plugin extension is enabled.
A use-after-free vulnerability exists within the JavaScript engine of Foxit Software’s PDF Reader, model 10.1.4.37651. A specifically crafted PDF doc can set off the reuse of beforehand free reminiscence, which might result in arbitrary code execution. An attacker must trick the consumer into opening a malicious file or website to set off this vulnerability if the browser plugin extension is enabled.
A use-after-free vulnerability exists within the JavaScript engine of Foxit Software’s PDF Reader, model 11.0.0.49893. A specifically crafted PDF doc can set off the reuse of beforehand freed reminiscence, which might result in arbitrary code execution. An attacker must trick the consumer to open the malicious file to set off this vulnerability. Exploitation can be doable if a consumer visits a specifically crafted, malicious website if the browser plugin extension is enabled.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. A consumer is simply affected if utilizing the model out of the field with JDK 1.7u21 or beneath. However, this state of affairs could be adjusted simply to an exterior Xalan that works whatever the model of the Java runtime. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
A buffer overflow concern was addressed with improved reminiscence dealing with. This concern is mounted in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted internet content material might result in arbitrary code execution.
A use after free concern was addressed with improved reminiscence administration. This concern is mounted in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted internet content material might result in arbitrary code execution.
A use after free concern was addressed with improved reminiscence administration. This concern is mounted in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted internet content material might result in arbitrary code execution.
An out-of-bounds learn was addressed with improved bounds checking. This concern is mounted in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted internet content material might result in arbitrary code execution.
SAP NetWeaver Knowledge Management XML Forms variations – 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, accommodates an XSLT vulnerability which permits a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level instructions, copy it right into a location to be accessed by the system after which create a file which is able to set off the XSLT engine to execute the script contained inside the malicious XSL file. This may end up in a full compromise of the confidentiality, integrity, and availability of the system.
Use after free in media in Google Chrome previous to 96.0.4664.45 allowed a distant attacker to probably exploit heap corruption by way of a crafted HTML web page.
On BIG-IP DNS & GTM model 16.x earlier than 16.1.0, 15.1.x earlier than 15.1.4, 14.1.x earlier than 14.1.4.4, and all variations of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed web page of the BIG-IP Configuration utility that permits an attacker to execute JavaScript within the context of the presently logged-in consumer. Note: Software variations which have reached End of Technical Support (EoTS) usually are not evaluated.
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a customer should go to a malicious web site which redirects to the SPIP web site. It can be doable to mix XSS vulnerabilities in SPIP 4.0.0 to take advantage of it. The vulnerability permits an authenticated attacker to execute malicious code with out the data of the consumer on the web site (CSRF).
SPIP 4.0.0 is affected by a distant command execution vulnerability. To exploit the vulnerability, an attacker should craft a malicious image with a double extension, add it after which click on on it to execute it.
IBM Security Guardium Insights 3.0 may permit an authenticated consumer to carry out unauthorized actions on account of improper enter validation. IBM X-Force ID: 205255.
jpress v 4.2.0 is susceptible to RCE by way of io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel gives a perform by way of which attackers can edit the e-mail templates and inject some malicious code.
Gerapy is a distributed crawler administration framework. Prior to model 0.9.9, an authenticated consumer may execute arbitrary instructions. This concern is mounted in model 0.9.9. There are not any recognized workarounds.
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that might permit an attacker to impersonate the consumer or perform actions on their behalf when crafted malicious parameters are submitted in POST requests despatched to the charging station internet server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All variations previous to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All variations previous to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All variations previous to R8 V3.4.0.2)
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that might permit an attacker to impersonate the consumer or perform actions on their behalf when crafted malicious parameters are submitted in POST requests despatched to the charging station internet server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All variations previous to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All variations previous to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All variations previous to R8 V3.4.0.2)
A CWE-20: Improper Input Validation vulnerability exists that might trigger arbitrary code execution when the consumer visits a web page containing the injected payload. This CVE is exclusive from CVE-2021-22827. Affected Product: EcoStruxure? Power Monitoring Expert 9.0 and prior variations
A CWE-20: Improper Input Validation vulnerability exists that might trigger arbitrary code execution when the consumer visits a web page containing the injected payload. This CVE is exclusive from CVE-2021-22826. Affected Product: EcoStruxure? Power Monitoring Expert 9.0 and prior variations
An incorrect default permission vulnerability exists within the cgiserver.cgi cgi_check_ability performance of reolink RLC-410W v3.0.0.136_20121102. The UpgradePut together is the API that checks if a offered filename identifies a brand new model of the RLC-410W firmware. If the model is new, it might be doable, allegedly, to afterward carry out the Upgrade. An attacker can ship an HTTP request to set off this vulnerability.
An incorrect default permission vulnerability exists within the cgiserver.cgi cgi_check_ability performance of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API units the motion detection parameters, giving the power to set the sensitivity of the digicam per a spread of hours, and which of the digicam areas to disregard when contemplating motion detection. Because in cgi_check_ability the SetMdAlarm API doesn’t have a selected case, the consumer permission will default to 7. This will give non-administrative customers the chance to alter the motion detection parameters.
An incorrect default permission vulnerability exists within the cgiserver.cgi cgi_check_ability performance of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that aren’t included in cgi_check_ability are already executable by any logged-in customers. An attacker can ship an HTTP request to set off this vulnerability.
Element Desktop is a Matrix shopper for desktop platforms with Element Web at its core. Element Desktop earlier than 1.9.7 is susceptible to a distant program execution bug with consumer interplay. The exploit is non-trivial and requires clicking on a malicious hyperlink, adopted by one other button click on. To the very best of our data, the vulnerability has by no means been exploited within the wild. If you might be utilizing Element Desktop < 1.9.7, we advocate upgrading at your earliest comfort. If efficiently exploited, the vulnerability permits an attacker to specify a file path of a binary on the sufferer's laptop which then will get executed. Notably, the attacker does *not* have the power to specify program arguments. However, in sure unspecified configurations, the attacker might be able to specify an URI as an alternative of a file path which then will get dealt with utilizing commonplace platform mechanisms. These might permit exploiting additional vulnerabilities in these mechanisms, probably resulting in arbitrary code execution.
The Perfect Survey WordPress plugin earlier than 1.5.2 doesn’t have correct authorisation nor CSRF checks within the save_global_setting AJAX motion, permitting unauthenticated customers to edit surveys and modify settings. Given the shortage of sanitisation and escaping within the settings, this might additionally result in a Stored Cross-Site Scripting concern which will likely be executed within the context of a consumer viewing any survey
The Wicked Folders WordPress plugin earlier than 2.8.10 doesn’t sanitise and escape the folder_id parameter earlier than utilizing it in a SQL assertion within the wicked_folders_save_sort_order AJAX motion, obtainable to any authenticated consumer. resulting in an SQL injection
Symfony is a PHP framework for internet and console purposes and a set of reusable PHP elements. The Symfony type part gives a CSRF safety mechanism by utilizing a random token injected within the type and utilizing the session to retailer and management the token submitted by the consumer. When utilizing the FrameworkBundle, this safety could be enabled or disabled with the configuration. If the configuration shouldn’t be specified, by default, the mechanism is enabled so long as the session is enabled. In a latest change in the best way the configuration is loaded, the default conduct has been dropped and, consequently, the CSRF safety shouldn’t be enabled in type when not explicitly enabled, which makes the applying smart to CSRF assaults. This concern has been resolved within the patch variations listed and customers are suggested to replace. There are not any recognized workarounds for this concern.
A improper neutralization of particular parts utilized in a command (‘command injection’) in Fortinet FortiExtender model 7.0.1 and beneath, 4.2.3 and beneath, 4.1.7 and beneath permits an authenticated attacker to execute privileged shell instructions by way of CLI instructions together with particular characters
A improper neutralization of particular parts utilized in an os command (‘os command injection’) in Fortinet FortiWeb model 6.4.1 and 6.4.0, model 6.3.15 and beneath, model 6.2.6 and beneath permits attacker to execute unauthorized code or instructions by way of crafted HTTP requests.
IBM Financial Transaction Manager 3.2.4 is susceptible to cross-site request forgery which may permit an attacker to execute malicious and unauthorized actions transmitted from a consumer that the web site trusts. IBM X-Force ID: 214210.
IBM Financial Transaction Manager 3.2.4 doesn’t invalidate session any present session identifier provides an attacker the chance to steal authenticated periods. IBM X-Force ID: 215040.
A improper neutralization of particular parts utilized in an os command (‘os command injection’) in Fortinet FortiWeb model 6.4.1 and beneath, 6.3.15 and beneath permits attacker to execute unauthorized code or instructions by way of crafted HTTP requests.
An authenticated and licensed agent consumer may probably acquire administrative entry by way of an SQLi vulnerability to Capsule8 Console between variations 4.6.0 and 4.9.1.
In Phoenix Contact FL SWITCH Series 2xxx in model 3.00 an incorrect privilege task permits an low privileged consumer to allow full entry to the gadget configuration.
Victor CMS v1.0 was found to include a SQL injection vulnerability that permits attackers to inject arbitrary instructions by way of ‘user_firstname’ parameter.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` doesn’t absolutely validate the worth of `axis` and may end up in heap OOB accesses. The `axis` argument could be `-1` (the default worth for the elective argument) or every other optimistic worth at most the variety of dimensions of the enter. Unfortunately, the higher certain shouldn’t be checked and this leads to studying previous the tip of the array containing the scale of the enter tensor. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of form inference for `Dequantize` is susceptible to an integer overflow weak spot. The `axis` argument could be `-1` (the default worth for the elective argument) or every other optimistic worth at most the variety of dimensions of the enter. Unfortunately, the higher certain shouldn’t be checked, and, because the code computes `axis + 1`, an attacker can set off an integer overflow. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Perl earlier than 5.30.3 has an integer overflow associated to mishandling of a “PL_regkind[OP(n)] == NOTHING” scenario. A crafted common expression may result in malformed bytecode with a chance of instruction injection.
XStream is a Java library to serialize objects to XML and again once more. In XStream earlier than model 1.4.16, there’s a vulnerability which can permit a distant attacker to request information from inside sources that aren’t publicly obtainable solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. If you depend on XStream’s default blacklist of the Security Framework, you’ll have to use not less than model 1.4.16.
There is a flaw within the xml entity encoding performance of libxml2 in variations earlier than 2.9.11. An attacker who is ready to provide a crafted file to be processed by an software linked with the affected performance of libxml2 may set off an out-of-bounds learn. The probably influence of this flaw is to software availability, with some potential influence to confidentiality and integrity if an attacker is ready to use reminiscence info to additional exploit the applying.
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that might trigger the station internet server to ahead requests to unintended community targets when crafted malicious parameters are submitted to the charging station internet server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All variations previous to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All variations previous to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All variations previous to R8 V3.4.0.2)
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker has enough rights to execute instructions of the host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream, if utilizing the model out of the field with Java runtime model 14 to eight or with JavaFX put in. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to load and execute arbitrary code from a distant host solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to request information from inside sources that aren’t publicly obtainable solely by manipulating the processed enter stream with a Java runtime model 14 to eight. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. If you depend on XStream’s default blacklist of the [Security Framework](https://x-stream.github.io/safety.html#framework), you’ll have to use not less than model 1.4.18.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to request information from inside sources that aren’t publicly obtainable solely by manipulating the processed enter stream with a Java runtime model 14 to eight. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. If you depend on XStream’s default blacklist of the [Security Framework](https://x-stream.github.io/safety.html#framework), you’ll have to use not less than model 1.4.18.
A CWE-306: Missing Authentication for Critical Function vulnerability exists which may trigger a modification of gadget IP configuration (IP handle, community masks and gateway IP handle) when a selected Ethernet body is obtained in all variations of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2
Perl earlier than 5.30.3 on 32-bit platforms permits a heap-based buffer overflow as a result of nested common expression quantifiers have an integer overflow.
Apache Batik 1.13 is susceptible to server-side request forgery, attributable to improper enter validation by the NodePickerPanel. By utilizing a specially-crafted argument, an attacker may exploit this vulnerability to trigger the underlying server to make arbitrary GET requests.
NVIDIA GPU and Tegra {hardware} include a vulnerability in an inside microcontroller, which can permit a consumer with elevated privileges to generate legitimate microcode by figuring out, exploiting, and loading susceptible microcode. Such an assault may result in info disclosure, information corruption, or denial of service of the gadget. The scope might lengthen to different elements.
A crafted URI despatched to httpd configured as a ahead proxy (ProxyRequests on) could cause a crash (NULL pointer dereference) or, for configurations mixing ahead and reverse proxy declarations, can permit for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This concern impacts Apache HTTP Server 2.4.7 as much as 2.4.51 (included).
An concern was found in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 earlier than 05.16.25, 5.2 earlier than 05.26.25, 5.3 earlier than 05.35.25, 5.4 earlier than 05.43.25, and 5.5 earlier than 05.51.25. A vulnerability exists within the SMM (System Management Mode) department that registers a SWSMI handler that doesn’t sufficiently test or validate the allotted buffer pointer (the CommBuffer+8 location).
An concern was found in SdHostDriver in Insyde InsydeH2O with kernel 5.1 earlier than 05.16.25, 5.2 earlier than 05.26.25, 5.3 earlier than 05.35.25, 5.4 earlier than 05.43.25, and 5.5 earlier than 05.51.25. A vulnerability exists within the SMM (System Management Mode) department that registers a SWSMI handler that doesn’t sufficiently test or validate the allotted buffer pointer (CommBufferData).
A reminiscence corruption vulnerability exists within the netserver parse_command_list performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in an out-of-bounds write. An attacker can ship an HTTP request to set off this vulnerability.
A vulnerability exists in Schneider Electric’s Pelco Sarix Professional in all firmware variations prior to three.29.67 which may allow SSH service on account of lack of authentication for /login/bin/set_param may allow SSH service.
VMware ESXi (6.7 earlier than ESXi670-201806401-BG), Workstation (14.x earlier than 14.1.2), and Fusion (10.x earlier than 10.1.2) include an out-of-bounds learn vulnerability within the shader translator. Successful exploitation of this concern might result in info disclosure or might permit attackers with regular consumer privileges to crash their VMs, a special vulnerability than CVE-2018-6966 and CVE-2018-6967.
VMware ESXi (6.7 earlier than ESXi670-201806401-BG), Workstation (14.x earlier than 14.1.2), and Fusion (10.x earlier than 10.1.2) include an out-of-bounds learn vulnerability within the shader translator. Successful exploitation of this concern might result in info disclosure or might permit attackers with regular consumer privileges to crash their VMs, a special vulnerability than CVE-2018-6965 and CVE-2018-6967.
VMware ESXi (6.7 earlier than ESXi670-201806401-BG), Workstation (14.x earlier than 14.1.2), and Fusion (10.x earlier than 10.1.2) include an out-of-bounds learn vulnerability within the shader translator. Successful exploitation of this concern might result in info disclosure or might permit attackers with regular consumer privileges to crash their VMs, a special vulnerability than CVE-2018-6965 and CVE-2018-6966.
The Apache Xerces-C 3.0.0 to three.2.3 XML parser accommodates a use-after-free error triggered throughout the scanning of exterior DTDs. This flaw has not been addressed within the maintained model of the library and has no present mitigation aside from to disable DTD processing. This could be completed by way of the DOM utilizing a normal parser function, or by way of SAX utilizing the XERCES_DISABLE_DTD surroundings variable.
FasterXML jackson-databind 2.x earlier than 2.9.10.6 mishandles the interplay between serialization devices and typing, associated to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
FasterXML jackson-databind 2.x earlier than 2.9.10.6 mishandles the interplay between serialization devices and typing, associated to com.pastdev.httpcomponents.configuration.JndiConfiguration.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
An concern was found in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility methodology in contrast incorrect information when checking the password, permitting incorrect passwords to point they have been matching with beforehand hashed ones that have been completely different.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.internet/javax.servlet.jsp.jstl).
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
FasterXML jackson-databind 2.x earlier than 2.9.10.8 mishandles the interplay between serialization devices and typing, associated to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
curl 7.75.0 by way of 7.76.1 suffers from a use-after-free vulnerability leading to already freed reminiscence getting used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in uncommon unlucky circumstances to probably attain distant code execution within the shopper. When libcurl at run-time units up help for TLS 1.3 session tickets on a connection utilizing OpenSSL, it shops tips to the switch in-memory object for later retrieval when a session ticket arrives. If the connection is utilized by a number of transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first switch object is perhaps freed earlier than the brand new session is established on that connection after which the perform will entry a reminiscence buffer that is perhaps freed. When utilizing that reminiscence, libcurl would possibly even name a perform pointer within the object, making it doable for a distant code execution if the server may one way or the other handle to get crafted reminiscence content material into the proper place in reminiscence.
The SAP NetWeaver Portal, variations – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, part Iviews Editor accommodates a Server-Side Request Forgery (SSRF) vulnerability which permits an unauthenticated attacker to craft a malicious URL which when clicked by a consumer could make any sort of request (e.g. POST, GET) to any inside or exterior server. This may end up in the accessing or modification of information accessible from the Portal however won’t have an effect on its availability.
Simple College Website 1.0 is susceptible to unauthenticated file add & distant code execution by way of UNION-based SQL injection within the username parameter on /admin/login.php.
Apache Karaf permits monitoring of purposes and the Java runtime by utilizing the Java Management Extensions (JMX). JMX is a Java RMI based mostly know-how that depends on Java serialized objects for shopper server communication. Whereas the default JMX implementation is hardened towards unauthenticated deserialization assaults, the implementation utilized by Apache Karaf shouldn’t be protected towards this type of assault. The influence of Java deserialization vulnerabilities strongly is dependent upon the courses which can be obtainable inside the targets class path. Generally talking, deserialization of untrusted information does all the time characterize a excessive safety threat and ought to be prevented. The threat is low as, by default, Karaf makes use of a restricted set of courses within the JMX server class path. It relies upon of system scoped courses (e.g. jar within the lib folder).
Piwigo is picture gallery software program written in PHP. When a standards shouldn’t be met on a number, piwigo defaults to usingmt_rand with a purpose to generate password reset tokens. mt_rand output could be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account offering they know an directors e mail handle so as to have the ability to request password reset.
Nimforum is a light-weight different to Discourse written in Nim. In variations previous to 2.2.0 any discussion board consumer can create a brand new thread/put up with an embody referencing a file native to the host working system. Nimforum will render the file if ready. This may also be finished silently by utilizing NimForum’s put up “preview” endpoint. Even if NimForum is working as a non-critical consumer, the discussion board.json secrets and techniques could be stolen. Version 2.2.0 of NimForum contains patches for this vulnerability. Users are suggested to improve as quickly as is feasible. There are not any recognized workarounds for this concern.
An improper limitation of a pathname to a restricted listing (‘Path Traversal’) vulnerability [CWE-22] in FortiWeb administration interface 6.4.1 and beneath, 6.3.15 and beneath, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x might permit an authenticated attacker to carry out an arbitrary file and listing deletion within the gadget filesystem.
Tensorflow is an Open Source Machine Learning Framework. The implementation of form inference for `ReverseSequence` doesn’t absolutely validate the worth of `batch_dim` and may end up in a heap OOB learn. There is a test to ensure the worth of `batch_dim` doesn’t go over the rank of the enter, however there isn’t any test for unfavourable values. Negative dimensions are allowed in some instances to imitate Python’s unfavourable indexing (i.e., indexing from the tip of the array), nonetheless if the worth is just too unfavourable then the implementation of `Dim` would entry parts earlier than the beginning of an array. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` doesn’t contemplate instances the place the enter tensors are invalid permitting an attacker to learn from exterior of bounds of heap. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
A heap-based buffer overflow vulnerability exists within the OTA Update u-download performance of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A collection of specially-crafted MQTT payloads can result in distant code execution. An attacker should carry out a man-in-the-middle assault with a purpose to set off this vulnerability.
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that might permit an attacker to entry the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the safety token. Affected Products: AP7xxxx and AP8xxx with NMC2 (V6.9.6 or earlier), AP7xxx and AP8xxx with NMC3 (V1.1.0.3 or earlier), and APDU9xxx with NMC3 (V1.0.0.28 or earlier)
Use-after-free vulnerability within the xcf_load_image perform in app/xcf/xcf-load.c in GIMP permits distant attackers to trigger a denial of service (program crash) or presumably execute arbitrary code by way of a crafted XCF file.
A vulnerability within the OpenOffice Writer DOC file parser earlier than 4.1.4, and particularly within the WW8Fonts Constructor, permits attackers to craft malicious paperwork that trigger denial of service (reminiscence corruption and software crash) probably leading to arbitrary code execution.
A vulnerability in OpenOffice’s PPT file parser earlier than 4.1.4, and particularly in PPTStyleSheet, permits attackers to craft malicious paperwork that trigger denial of service (reminiscence corruption and software crash) probably leading to arbitrary code execution.
A vulnerability in Apache OpenOffice Writer DOC file parser earlier than 4.1.4, and particularly in ImportOutdatedFormatStyles, permits attackers to craft malicious paperwork that trigger denial of service (reminiscence corruption and software crash) probably leading to arbitrary code execution.
In GIMP 2.8.22, there’s a heap-based buffer over-read in load_image in plug-ins/widespread/file-gbr.c within the gbr import parser, associated to mishandling of UTF-8 information.
In GIMP 2.8.22, there’s a heap-based buffer over-read in ReadImage in plug-ins/widespread/file-tga.c (associated to bgr2rgb.half.1) by way of an surprising bits-per-pixel worth for an RGBA picture.
A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier variations, which may trigger arbitrary code execution on the system working SoMachine HVAC when a malicious DLL library is loaded by the product.
meshsystem.dll in Valve Dota 2 by way of 2020-02-17 permits distant attackers to attain code execution or denial of service by making a gaming server with a crafted map, and welcoming a sufferer to this server. A GetValue name is mishandled.
In Spring Framework, variations 5.2.x prior to five.2.15 and variations 5.3.x prior to five.3.7, a WebFlux software is susceptible to a privilege escalation: by (re)creating the momentary storage listing, a domestically authenticated malicious consumer can learn or modify information which have been uploaded to the WebFlux software, or overwrite arbitrary information with multipart request information.
There’s a flaw in libxml2’s xmllint in variations earlier than 2.9.11. An attacker who is ready to submit a crafted file to be processed by xmllint may set off a use-after-free. The best influence of this flaw is to confidentiality, integrity, and availability.
fs/seq_file.c within the Linux kernel 3.16 by way of 5.13.x earlier than 5.13.4 doesn’t correctly prohibit seq buffer allocations, resulting in an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged consumer, aka CID-8cae8cd89f05.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.4.37651. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Document objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-13741.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of the delay property. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-13928.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14023.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14014.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14015.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14017.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14018.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14019.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14020.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14021.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14022.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14024.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14025.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14033.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14034.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14120.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14270.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14532.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14531.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14529.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14016.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-13929.
This vulnerability permits distant attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the dealing with of Annotation objects. The concern outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the present course of. Was ZDI-CAN-14013.
An integer overflow was addressed with improved enter validation. This concern is mounted in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted internet content material might result in arbitrary code execution.
A kind confusion concern was addressed with improved reminiscence dealing with. This concern is mounted in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted internet content material might result in arbitrary code execution.
A vulnerability exists in SMM (System Management Mode) department that registers a SWSMI handler that doesn’t sufficiently test or validate the allotted buffer pointer(QWORD values for CommBuffer). This can be utilized by an attacker to deprave information in SMRAM reminiscence and even result in arbitrary code execution.
An Out-of-Bounds Write vulnerability exists when studying a DXF file utilizing Open Design Alliance Drawings SDK earlier than 2022.11. The particular concern exists inside the parsing of DXF information. Crafted information in a DXF file (an invalid variety of properties) can set off a write operation previous the tip of an allotted buffer. An attacker can leverage this vulnerability to execute code within the context of the present course of.
Adobe Prelude model 10.1 (and earlier) is affected by a reminiscence corruption vulnerability on account of insecure dealing with of a malicious M4A file, probably leading to arbitrary code execution within the context of the present consumer. User interplay is required in that the sufferer should open a specifically crafted file to take advantage of this vulnerability.
Adobe Premiere Rush model 1.5.16 (and earlier) is affected by a reminiscence corruption vulnerability on account of insecure dealing with of a malicious WAV file, probably leading to arbitrary code execution within the context of the present consumer. User interplay is required to take advantage of this vulnerability.
load_cache in GEGL earlier than 0.4.34 permits shell growth when a pathname in a constructed command line shouldn’t be escaped or filtered. This is attributable to use of the system library perform for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases earlier than 0.4.34 are utilized in GIMP releases earlier than 2.10.30; nonetheless, this doesn’t suggest that GIMP builds allow the susceptible function.
A UNIX Symbolic Link (Symlink) Following vulnerability within the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory permits native attackers to escalate to root. This concern impacts: openSUSE Backports SLE-15-SP3 watchman variations previous to 4.9.0. openSUSE Factory watchman variations previous to 4.9.0-9.1.
A double free bug in packet_set_ring() in internet/packet/af_packet.c could be exploited by an area consumer by way of crafted syscalls to escalate privileges or deny service. We advocate upgrading kernel previous the effected variations or rebuilding previous ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
In RecordCheck.exe in Acer Care Center 4.x earlier than 4.00.3038, a vulnerability within the loading mechanism of Windows DLLs may permit an area attacker to carry out a DLL hijacking assault. This vulnerability is because of incorrect dealing with of listing search paths at run time. An attacker may exploit this vulnerability by putting a malicious DLL file on the focused system. This file will execute when the susceptible software launches. A profitable exploit may permit the attacker to execute arbitrary code on the focused system with native administrator privileges.
A CWE-787: Out-of-bounds Write vulnerability exists that might trigger arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon instrument. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior
A CWE-416: Use After Free vulnerability exists that might trigger arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon instrument. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior
A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file could be changed within the system to escalate privileges to NT SYSTEM authority. An attacker can present a malicious file to set off this vulnerability.
A privilege escalation vulnerability exists within the set up of Advantech GadgetOn/iEdge Server 1.0.2. A specially-crafted file could be changed within the system to escalate privileges to NT SYSTEM authority. An attacker can present a malicious file to set off this vulnerability.
A privilege escalation vulnerability exists within the set up of Advantech GadgetOn/iService 1.1.7. A specially-crafted file could be changed within the system to escalate privileges to NT SYSTEM authority. An attacker can present a malicious file to set off this vulnerability.
A privilege escalation vulnerability exists within the set up of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file could be changed within the system to escalate privileges to NT SYSTEM authority. An attacker can present a malicious file to set off this vulnerability.
There is a privilege escalation vulnerability in some webOS TVs. Due to incorrect setting environments, native attacker is ready to carry out particular operation to take advantage of this vulnerability. Exploitation might trigger the attacker to acquire the next privilege
kernel/ucount.c within the Linux kernel 5.14 by way of 5.16.4, when unprivileged consumer namespaces are enabled, permits a use-after-free and privilege escalation as a result of a ucounts object can outlive its namespace.
This impacts the bundle juce-framework/JUCE earlier than 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic hyperlink. When extracted, the symbolic hyperlink is adopted exterior of the goal dir permitting writing arbitrary information on the goal host. In some instances, this may permit an attacker to execute arbitrary code. The susceptible code is within the ZipFile::uncompressEntry perform in juce_ZipFile.cpp and is executed when the archive is extracted upon calling uncompressTo() on a ZipFile object.
Micro-Star International (MSI) Center <= 1.0.31.0 is susceptible to a number of Privilege Escalation vulnerabilities within the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers elements. All the vulnerabilities are triggered by sending particular IOCTL requests.
Micro-Star International (MSI) App Player <= 4.280.1.6309 is susceptible to a number of Privilege Escalation (LPE/EoP) vulnerabilities within the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers elements. All the vulnerabilities are triggered by sending particular IOCTL requests.
Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is susceptible to a number of Privilege Escalation (LPE/EoP) vulnerabilities within the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers elements. All the vulnerabilities are triggered by sending particular IOCTL requests.
Micro-Star International (MSI) Center Pro <= 2.0.16.0 is susceptible to a number of Privilege Escalation (LPE/EoP) vulnerabilities within the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers elements. All the vulnerabilities are triggered by sending particular IOCTL requests.
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php within the Simple Board Job plugin 2.9.3 and earlier for WordPress permits distant attackers to learn arbitrary information by way of the sjb_file parameter to wp-admin/put up.php.
The jv_dump_term perform in jq 1.5 permits distant attackers to trigger a denial of service (stack consumption and software crash) by way of a crafted JSON file. This concern has been mounted in jq 1.6_rc1-r0.
An concern was found in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all variations, Magelis GTU Universal Panel, all variations, Magelis STO5xx and STU Small panels, all variations, Magelis XBT GH Advanced Hand-held Panels, all variations, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all variations, Magelis XBT GT Advanced Touchscreen Panels, all variations, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker might be able to disrupt a focused internet server, leading to a denial of service due to UNCONTROLLED RESOURCE CONSUMPTION.
A vulnerability exists in Schneider Electric’s Pelco Sarix Professional in all firmware variations prior to three.29.67 which may permit arbitrary system file obtain on account of lack of validation of SSL certificates.
A vulnerability exists in Schneider Electric’s Pelco Sarix Professional in all firmware variations prior to three.29.67 which may permit arbitrary system file obtain on account of lack of validation of the shell meta characters with the worth of ‘system.obtain.sd_file’
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric’s Modicon M221 product (all references, all variations previous to firmware V1.6.2.0). The vulnerability permits unauthorized customers to remotely reboot Modicon M221 utilizing crafted programing protocol frames.
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric’s Modicon M221 product (all references, all variations previous to firmware V1.6.2.0). The vulnerability permits unauthorized customers to decode the password utilizing rainbow desk.
A CWE-248: Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger denial of service when studying reminiscence blocks with an invalid information measurement or with an invalid information offset within the controller over Modbus.
A CWE-125: Out-of-bounds Read vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger the disclosure of surprising information from the controller when studying particular reminiscence blocks within the controller over Modbus.
A CWE-200: Information Exposure vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger the disclosure of SNMP info when studying information from the controller over Modbus
A CWE-248: Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which may trigger a doable Denial of Service on account of improper information integrity test when sending information the controller over Modbus.
A CWE-248: Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger denial of service when an invalid personal command parameter is distributed to the controller over Modbus.
A CWE-200: Information Exposure vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger the disclosure of SNMP info when studying reminiscence blocks from the controller over Modbus.
A CWE-248: Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger denial of service when studying invalid bodily reminiscence blocks within the controller over Modbus
A CWE-248 Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger a denial of Service when sending invalid debug parameters to the controller over Modbus.
A CWE-248 Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus
A CWE-248: Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger a doable denial of Service when writing invalid reminiscence blocks to the controller over Modbus.
A CWE-248: Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger a doable Denial of Service when writing out of bounds variables to the controller over Modbus.
A CWE-200: Information Exposure vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger the disclosure of SNMP info when studying variables within the controller utilizing Modbus.
A CWE-248: Uncaught Exception vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger a doable denial of service when writing delicate software variables to the controller over Modbus.
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware variations previous to V2.90), Modicon M340 (firmware variations previous to V3.10), Modicon Premium (all variations), Modicon Quantum (all variations), which may trigger a doable denial of service when studying invalid information from the controller.
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware variations) and Modicon M340 controller (all firmware variations), which may trigger denial of service when truncated SNMP packets on port 161/UDP are obtained by the gadget.
A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware model previous to V2.90), Modicon M340 (firmware model previous to V3.10), Modicon Premium (all variations), and Modicon Quantum (all variations), which may trigger a doable denial of service when studying particular coils and registers within the controller over Modbus.
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware model previous to V2.90) and Modicon M340 (firmware model previous to V3.10), which may trigger a doable denial of service when writing to particular reminiscence addresses within the controller over Modbus.
RSA BSAFE Crypto-C Micro Edition variations previous to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite variations previous to 4.0.13 (in 4.0.x) and previous to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are susceptible to a Buffer Over-read vulnerability when processing DSA signature. A malicious distant consumer may probably exploit this vulnerability to trigger a crash within the library of the affected system.
RSA BSAFE Micro Edition Suite variations previous to 4.1.6.3 (in 4.1.x) and previous to 4.4 (in 4.2.x and 4.3.x), are susceptible to an Information Exposure Through an Error Message vulnerability, also referred to as a “padding oracle assault vulnerability”. A malicious distant consumer may probably exploit this vulnerability to extract info leaving information vulnerable to publicity.
RSA BSAFE Crypto-C Micro Edition variations previous to 4.1.4 and RSA Micro Edition Suite variations previous to 4.4 are susceptible to an Information Exposure Through Timing Discrepancy. A malicious distant consumer may probably exploit this vulnerability to extract info leaving information vulnerable to publicity.
RSA BSAFE Crypto-C Micro Edition, variations previous to 4.0.5.3 (in 4.0.x) and variations previous to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, variations previous to 4.0.11 (in 4.0.x) variations previous to 4.1.6.1 (in 4.1.x) and variations previous to 4.3.3 (4.2.x and 4.3.x) are susceptible to an Information Exposure Through Timing Discrepancy. A malicious distant consumer may probably exploit this vulnerability to extract info leaving information vulnerable to publicity.
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware variations), which may trigger the disclosure of data when transferring purposes to the controller utilizing Modbus TCP protocol.
A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware variations), which may trigger the disclosure of data from the controller when utilizing TFTP protocol.
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see safety notification for particular variations) which may trigger a Denial of Service when studying information with invalid index utilizing Modbus TCP.
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see safety notification for particular variations) which may trigger a Denial of Service when writing particular bodily reminiscence blocks utilizing Modbus TCP.
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see safety notification for particular variations) which may trigger a Denial of Service of the controller when studying particular reminiscence blocks utilizing Modbus TCP.
In affected variations of dojo (NPM bundle), the deepCopy methodology is susceptible to Prototype Pollution. Prototype Pollution refers back to the means to inject properties into present JavaScript language assemble prototypes, corresponding to objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript software object prototype of the bottom object by injecting different values. This has been patched in variations 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All variations of the next CPUs and Communication Module product references listed within the Security Notifications), which may trigger the disclosure of FTP hardcoded credentials when utilizing the Web server of the controller on an unsecure community.
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which may leak delicate info transmitted between the software program and the Modicon M218, M241, M251, and M258 controllers.
A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware model 1.5.2 and older) which may permit attacker to acquire personal keys.
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware model 1.5.2 and older) which may permit an attacker to amass a password by brute drive.
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and eight.5.1 to eight.5.56 didn’t launch the HTTP/1.1 processor after the improve to HTTP/2. If a enough variety of such requests have been made, an OutOfMemoryException may happen resulting in a denial of service.
The payload size in a WebSocket body was not appropriately validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to eight.5.56 and seven.0.27 to 7.0.104. Invalid payload lengths may set off an infinite loop. Multiple requests with invalid payload lengths may result in a denial of service.
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 modified the permissions of momentary information it created in order that solely the present consumer was allowed to entry them. Unfortunately the fixcrlf job deleted the momentary file and created a brand new one with out mentioned safety, successfully nullifying the hassle. This would nonetheless permit an attacker to inject modified supply information into the construct course of.
Shibboleth Identify Provider 3.x earlier than 3.4.6 has a denial of service flaw. A distant unauthenticated attacker could cause a login circulation to set off Java heap exhaustion because of the creation of objects within the Java Servlet container session.
Apache Batik is susceptible to server-side request forgery, attributable to improper enter validation by the “xlink:href” attributes. By utilizing a specially-crafted argument, an attacker may exploit this vulnerability to trigger the underlying server to make arbitrary GET requests.
A CWE-120: Buffer Copy with out Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all variations) that might trigger a crash of the PLC simulator current in EcoStruxureª Control Expert software program when receiving a specifically crafted request over Modbus.
A flaw was present in FasterXML Jackson Databind, the place it didn’t have entity growth secured correctly. This flaw permits vulnerability to XML exterior entity (XXE) assaults. The highest menace from this vulnerability is information integrity.
While investigating bug 64830 it was found that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and eight.5.0 to eight.5.59 may re-use an HTTP request header worth from the earlier stream obtained on an HTTP/2 connection for the request related to the next stream. While this might probably result in an error and the closure of the HTTP/2 connection, it’s doable that info may leak between requests.
The iconv perform within the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid enter sequences within the ISO-2022-JP-3 encoding, fails an assertion within the code path and aborts this system, probably leading to a denial of service.
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC shoppers may ship quick messages which might lead to a big reminiscence allocation, probably resulting in denial of service.
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate might overflow the output size argument in some instances the place the enter size is near the utmost permissable size for an integer on the platform. In such instances the return worth from the perform name will likely be 1 (indicating success), however the output size worth will likely be unfavourable. This may trigger purposes to behave incorrectly or crash. OpenSSL variations 1.1.1i and beneath are affected by this concern. Users of those variations ought to improve to OpenSSL 1.1.1j. OpenSSL variations 1.0.2x and beneath are affected by this concern. However OpenSSL 1.0.2 is out of help and not receiving public updates. Premium help prospects of OpenSSL 1.0.2 ought to improve to 1.0.2y. Other customers ought to improve to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
This impacts the bundle com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and earlier than 2.11.4, from 2.12.0-rc1 and earlier than 2.12.1. Unchecked allocation of byte buffer could cause a java.lang.OutOfMemoryError exception.
A CWE-319: Cleartext transmission of delicate info vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected variations), that might trigger disclosure of consumer credentials when a malicious actor intercepts Telnet community site visitors between a consumer and the gadget.
A CWE-319: Cleartext transmission of delicate info vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected variations), that might trigger disclosure of consumer credentials when a malicious actor intercepts HTTP community site visitors between a consumer and the gadget.
When responding to new h2c connection requests, Apache Tomcat variations 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and eight.5.0 to eight.5.61 may duplicate request headers and a restricted quantity of request physique from one request to a different which means consumer A and consumer B may each see the outcomes of consumer A’s request.
A CWE-119:Improper restriction of operations inside the bounds of a reminiscence buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see safety notifcation for affected variations), which may trigger the meter to reboot.
XStream is a Java library to serialize objects to XML and again once more. In XStream earlier than model 1.4.16, there’s vulnerability which can permit a distant attacker to allocate 100% CPU time on the goal system relying on CPU sort or parallel execution of such a payload leading to a denial of service solely by manipulating the processed enter stream. No consumer is affected who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. If you depend on XStream’s default blacklist of the Security Framework, you’ll have to use not less than model 1.4.16.
XStream is a Java library to serialize objects to XML and again once more. In XStream earlier than model 1.4.16, there’s a vulnerability the place the processed stream at unmarshalling time accommodates sort info to recreate the previously written objects. XStream creates subsequently new cases based mostly on these sort info. An attacker can manipulate the processed enter stream and substitute or inject objects, that consequence within the deletion of a file on the native host. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. If you depend on XStream’s default blacklist of the Security Framework, you’ll have to use not less than model 1.4.16.
XStream is a Java library to serialize objects to XML and again once more. In XStream earlier than model 1.4.16, there’s a vulnerability which can permit a distant attacker to occupy a thread that consumes most CPU time and can by no means return. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. If you depend on XStream’s default blacklist of the Security Framework, you’ll have to use not less than model 1.4.16.
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU utilization can attain 100% upon receiving a big invalid TLS body.
Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware previous to V5.1.9.1 that might trigger denial of service when particular crafted requests are despatched to the controller over HTTP.
A vulnerability was found within the indexOf perform of JSONParserByteArray in JSON Smart variations 1.3 and a pair of.4 which causes a denial of service (DOS) by way of a crafted internet request.
Libgcrypt earlier than 1.8.8 and 1.9.x earlier than 1.9.3 mishandles ElGamal encryption as a result of it lacks exponent blinding to handle a side-channel assault towards mpi_powm, and the window measurement shouldn’t be chosen appropriately. This, for instance, impacts use of ElGamal in OpenPGP.
Spring Security variations 5.5.x prior to five.5.1, 5.4.x prior to five.4.7, 5.3.x prior to five.3.10 and 5.2.x prior to five.2.11 are prone to a Denial-of-Service (DoS) assault by way of the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux software. A malicious consumer or attacker can ship a number of requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system sources utilizing a single session or a number of periods.
A vulnerability in Apache Tomcat permits an attacker to remotely set off a denial of service. An error launched as a part of a change to enhance error dealing with throughout non-blocking I/O meant that the error flag related to the Request object was not reset between requests. This meant that after a non-blocking I/O error occurred, all future requests dealt with by that request object would fail. Users have been in a position to set off non-blocking I/O errors, e.g. by dropping a connection, thereby creating the potential for triggering a DoS. Applications that don’t use non-blocking I/O usually are not uncovered to this vulnerability. This concern impacts Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.
When studying a specifically crafted 7Z archive, the development of the checklist of codecs that decompress an entry may end up in an infinite loop. This could possibly be used to mount a denial of service assault towards companies that use Compress’ sevenz bundle.
When studying a specifically crafted 7Z archive, Compress could be made to allocate massive quantities of reminiscence that lastly results in an out of reminiscence error even for very small inputs. This could possibly be used to mount a denial of service assault towards companies that use Compress’ sevenz bundle.
When studying a specifically crafted TAR archive, Compress could be made to allocate massive quantities of reminiscence that lastly results in an out of reminiscence error even for very small inputs. This could possibly be used to mount a denial of service assault towards companies that use Compress’ tar bundle.
When studying a specifically crafted ZIP archive, Compress could be made to allocate massive quantities of reminiscence that lastly results in an out of reminiscence error even for very small inputs. This could possibly be used to mount a denial of service assault towards companies that use Compress’ zip bundle.
libcurl-using purposes can ask for a selected shopper certificates for use in a switch. This is completed with the `CURLOPT_SSLCERT` choice (`–cert` with the command line instrument).When libcurl is constructed to make use of the macOS native TLS library Secure Transport, an software can ask for the shopper certificates by title or with a file title – utilizing the identical choice. If the title exists as a file, it is going to be used as an alternative of by title.If the appliction runs with a present working listing that’s writable by different customers (like `/tmp`), a malicious consumer can create a file title with the identical title because the app desires to make use of by title, and thereby trick the applying to make use of the file based mostly cert as an alternative of the one referred to by title making libcurl ship the incorrect shopper certificates within the TLS connection handshake.
Go earlier than 1.17 doesn’t correctly contemplate extraneous zero characters in the beginning of an IP handle octet, which (in some conditions) permits attackers to bypass entry management that’s based mostly on IP addresses, due to surprising octal interpretation. This impacts internet.ParseIP and internet.ParseCIDR.
An concern was found in Foxit PDF Editor earlier than 11.0.1 and PDF Reader earlier than 11.0.1 on macOS. It mishandles lacking dictionary entries, resulting in a NULL pointer dereference, aka CNVD-C-2021-95204.
A crafted methodology despatched by way of HTTP/2 will bypass validation and be forwarded by mod_proxy, which might result in request splitting or cache poisoning. This concern impacts Apache HTTP Server 2.4.17 to 2.4.48.
Node.js earlier than 16.6.1, 14.17.5, and 12.22.5 is susceptible to a use after free assault the place an attacker would possibly be capable to exploit the reminiscence corruption, to alter course of conduct.
jsoup is a Java library for working with HTML. Those utilizing jsoup variations previous to 1.14.2 to parse untrusted HTML or XML could also be susceptible to DOS assaults. If the parser is run on consumer provided enter, an attacker could provide content material that causes the parser to get caught (loop indefinitely till cancelled), to finish extra slowly than common, or to throw an surprising exception. This impact might help a denial of service assault. The concern is patched in model 1.14.2. There are just a few obtainable workarounds. Users might fee restrict enter parsing, restrict the dimensions of inputs based mostly on system sources, and/or implement thread watchdogs to cap and timeout parse runtimes.
A race situation was addressed with improved state dealing with. This concern is mounted in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted internet content material might result in arbitrary code execution.
An concern was found in SaltStack Salt earlier than 3003.3. A consumer who has management of the supply, and source_hash URLs can acquire full file system entry as root on a salt minion.
A fastidiously crafted request uri-path could cause mod_proxy_uwsgi to learn above the allotted reminiscence and crash (DoS). This concern impacts Apache HTTP Server variations 2.4.30 to 2.4.48 (inclusive).
While fuzzing the two.4.49 httpd, a brand new null pointer dereference was detected throughout HTTP/2 request processing, permitting an exterior supply to DoS the server. This requires a specifically crafted request. The vulnerability was lately launched in model 2.4.49. No exploit is thought to the venture.
A flaw was present in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker may use a path traversal assault to map URLs to information exterior the directories configured by Alias-like directives. If information exterior of those directories usually are not protected by the same old default configuration “require all denied”, these requests can succeed. If CGI scripts are additionally enabled for these aliased pathes, this might permit for distant code execution. This concern is thought to be exploited within the wild. This concern solely impacts Apache 2.4.49 and never earlier variations. The repair in Apache HTTP Server 2.4.50 was discovered to be incomplete, see CVE-2021-42013.
The repair for bug 63362 current in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and eight.5.60 to eight.5.71 launched a reminiscence leak. The object launched to gather metrics for HTTP improve connections was not launched for WebSocket connections as soon as the connection was closed. This created a reminiscence leak that, over time, may result in a denial of service by way of an OutOfMemoryError.
The gmp plugin in strongSwan earlier than 5.9.4 has a distant integer overflow by way of a crafted certificates with an RSASSA-PSS signature. For instance, this may be triggered by an unrelated self-signed CA certificates despatched by an initiator. Remote code execution can not happen.
The in-memory certificates cache in strongSwan earlier than 5.9.4 has a distant integer overflow upon receiving many requests with completely different certificates to fill the cache and later set off the alternative of cache entries. The code makes an attempt to pick out a less-often-used cache entry by way of a random quantity generator, however this isn’t finished appropriately. Remote code execution is perhaps a slight chance.
The Bzip2 decompression decoder perform would not permit setting measurement restrictions on the decompressed output information (which impacts the allocation measurement used throughout decompression). All customers of Bzip2Decoder are affected. The malicious enter can set off an OOME and so a DoS assault
The Snappy body decoder perform would not prohibit the chunk size which can result in extreme reminiscence utilization. Beside this it additionally might buffer reserved skippable chunks till the entire chunk was obtained which can result in extreme reminiscence utilization as properly. This vulnerability could be triggered by supplying malicious enter that decompresses to a really massive measurement (by way of a community stream or a file) or by sending an enormous skippable chunk.
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT previous to variations V2.4.7.56 unauthenticated crafted invalid requests might lead to a number of denial-of-service situations. Running PLC packages could also be stopped, reminiscence could also be leaked, or additional communication shoppers could also be blocked from accessing the PLC.
Adobe Campaign model 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that might result in studying arbitrary server information. By leveraging an uncovered XML file, an unauthenticated attacker can enumerate different information on the server.
The TCP Server module in toxcore earlier than 0.2.8 would not free the TCP precedence queue beneath sure situations, which permits a distant attacker to exhaust the system’s reminiscence, inflicting a denial of service (DoS).
JMSAppender in Log4j 1.2 is susceptible to deserialization of untrusted information when the attacker has write entry to the Log4j configuration. The attacker can present TopicBindingName and TopicConnectionFactoryBindingName configurations inflicting JMSAppender to carry out JNDI requests that lead to distant code execution similarly to CVE-2021-44228. Note this concern solely impacts Log4j 1.2 when particularly configured to make use of JMSAppender, which isn’t the default. Apache Log4j 1.2 reached finish of life in August 2015. Users ought to improve to Log4j 2 because it addresses quite a few different points from the earlier variations.
Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a consumer logged out of Boards, which permits an attacker to reuse previous session token for authorization.
In api.rb in Sidekiq earlier than 5.2.10 and 6.4.0, there isn’t any restrict on the variety of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to customers.
The Protect WP Admin WordPress plugin earlier than 3.6.2 doesn’t test for authorisation within the lib/pwa-deactivate.php file, which may permit unauthenticated customers to disable the plugin (and subsequently the safety supplied) by way of a crafted request
Xerox VersaLink units on particular variations of firmware earlier than 2022-01-26 permit distant attackers to brick the gadget by way of a crafted TIFF file in an unauthenticated HTTP POST request. There is a everlasting denial of service as a result of picture parsing causes a reboot, however picture parsing is restarted as quickly because the boot course of finishes. However, this boot loop could be resolved by a area technician. The TIFF file should have an incomplete Image Directory. Affected firmware variations embody xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included “believed to have an effect on all earlier and later variations as of the date of this posting” however a 2022-01-26 vendor assertion reviews “the newest variations of firmware usually are not susceptible to this concern.”
Nullptr dereference when a null char is current in a proto image. The image is parsed incorrectly, resulting in an unchecked name into the proto file’s title throughout era of the ensuing error message. Since the image is incorrectly parsed, the file is nullptr. We advocate upgrading to model 3.15.0 or larger.
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The influence is: get hold of delicate info (distant). The part is: internet.mingsoft.mdiy.motion.internet.DictAction#checklist. The assault vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability by way of which attacker can get delicate info from the database.
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The influence is: get hold of delicate info (distant). The part is: internet.mingsoft.mdiy.motion.FormDataMotion#questionData. The assault vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability by way of which attacker can get delicate info from the database.
An insecure direct object reference for the file-download URL in Synametrics SynaMan earlier than 5.0 permits a distant attacker to entry unshared information by way of a modified base64-encoded filename string.
Single Connect doesn’t carry out an authorization test when utilizing the sc-reports-ui” module. A distant attacker may exploit this vulnerability to entry the gadget configuration web page and export the info to an exterior file. The exploitation of this vulnerability would possibly permit a distant attacker to acquire delicate info together with the database credentials. Since the database runs with excessive privileges it’s doable to execute instructions with the attained credentials.
Single Connect doesn’t carry out an authorization test when utilizing the “sc-assigned-credential-ui” module. A distant attacker may exploit this vulnerability to switch customers permissions. The exploitation of this vulnerability would possibly permit a distant attacker to delete permissions from different customers with out authenticating.
From model 0.2.14 to 0.2.16 for Solana rBPF, perform “relocate” within the file src/elf.rs has an integer overflow bug as a result of the sym.st_value is learn instantly from ELF file with out checking. If the sym.st_value is relatively massive, an integer overflow is triggered whereas calculating the variable “addr” by way of “addr = (sym.st_value + refd_pa) as u64”;
An concern was found within the DNS proxy in Connman by way of 1.40. The TCP server reply implementation has an infinite loop if no information is obtained.
A file disclosure vulnerability within the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET earlier than 5.052.000 permits a distant, unauthenticated attacker to retrieve survey consumer submitted information by modifying the worth of the ID parameter in sequential order starting from 1.
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that might trigger a Denial of Service of the RTU when receiving a specifically crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E and 357E RTUs with firmware V8.18.1 and prior
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that might permit an attacker to achieve unauthorized entry to the charging station internet interface by performing brute drive assaults. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All variations previous to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All variations previous to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All variations previous to R8 V3.4.0.2)
Configuration vulnerability in Hitachi Energy LinkOne software because of the lack of HTTP Headers, permits an attacker that manages to take advantage of this vulnerability to retrieve delicate info. This concern impacts: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
Information Exposure vulnerability in Hitachi Energy LinkOne software, on account of a misconfiguration within the ASP server exposes server and ASP.internet info, an attacker that manages to take advantage of this vulnerability can use the uncovered info as a reconnaissance for additional exploitation. This concern impacts: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
A denial of service vulnerability exists within the cgiserver.cgi session creation performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in forestall customers from logging in. An attacker can ship an HTTP request to set off this vulnerability.
A firmware replace vulnerability exists within the ‘manufacturing unit’ binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted collection of community requests can result in arbitrary firmware replace. An attacker can ship a sequence of requests to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi API command parser performance of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted collection of HTTP requests can result in denial of service. An attacker can ship an HTTP request to set off this vulnerability.
A firmware replace vulnerability exists within the "replace" firmware checks performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in firmware replace. An attacker can ship a sequence of requests to set off this vulnerability.
An info disclosure vulnerability exists on account of an internet server misconfiguration within the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a disclosure of delicate info. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the netserver recv_command performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted community request can result in a reboot. An attacker can ship a malicious packet to set off this vulnerability.
SYNEL – eharmony Directory Traversal. Directory Traversal – is an assault towards a server or a Web software geared toward unauthorized entry to the file system. on the “Name” parameter the attacker can return to the basis listing and open the host file. The path exposes delicate information that customers add
A restricted SSRF vulnerability was found on Western Digital My Cloud units that might permit an attacker to impersonate a server and attain any web page on the server by bypassing entry controls. The vulnerability was addressed by making a whitelist for legitimate parameters.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetPtzTattern param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
Next.js is a React framework. Starting with model 12.0.0 and previous to model 12.0.9, susceptible code may permit a nasty actor to set off a denial of service assault for anybody utilizing i18n performance. In order to be affected by this CVE, one should use subsequent begin or a customized server and the built-in i18n help. Deployments on Vercel, together with comparable environments the place invalid requests are filtered earlier than reaching Next.js, usually are not affected. A patch has been launched, `[email protected]`, that mitigates this concern. As a workaround, one might guarantee `/${locale}/_next/` is blocked from reaching the Next.js occasion till it turns into possible to improve.
The question API in Casdoor earlier than 1.13.1 has a SQL injection vulnerability associated to the sphere and worth parameters, as demonstrated by api/get-organizations.
An concern was found in FAUST iServer earlier than 9.0.019.019.7. For every URL request, it accesses the corresponding .fau file on the working system with out stopping %2epercent2epercent5c listing traversal.
Victor CMS v1.0 was found to include a number of SQL injection vulnerabilities within the part admin/customers.php?supply=add_user. These vulnerabilities could be exploited by way of a crafted POST request by way of the user_name, user_firstname,user_lastname, or user_email parameters.
Cuppa CMS v1.0 was found to include a SQL injection vulnerability in /administrator/elements/menu/ by way of the trail=part/menu/&menu_filter=3 parameter.
MariaDB by way of 10.5.9 permits an software crash in find_field_in_tables and find_order_in_list by way of an unused widespread desk expression (CTE).
MariaDB by way of 10.5.9 permits an software crash by way of sure lengthy SELECT DISTINCT statements that improperly work together with storage-engine useful resource limitations for momentary information constructions.
XStream is an open supply java library to serialize objects to XML and again once more. Versions previous to 1.4.19 might permit a distant attacker to allocate 100% CPU time on the goal system relying on CPU sort or parallel execution of such a payload leading to a denial of service solely by manipulating the processed enter stream. XStream 1.4.19 screens and accumulates the time it takes so as to add parts to collections and throws an exception if a set threshold is exceeded. Users are suggested to improve as quickly as doable. Users unable to improve might set the NO_REFERENCE mode to forestall recursion. See GHSA-rmr5-cpv2-vgjf for additional particulars on a workaround if an improve shouldn’t be doable.
Junrar is an open supply java RAR archive library. In affected variations A fastidiously crafted RAR archive can set off an infinite loop whereas extracting mentioned archive. The influence relies upon solely on how the applying makes use of the library, and whether or not information could be offered by malignant customers. The drawback is patched in 7.4.1. There are not any recognized workarounds and customers are suggested to improve as quickly as doable.
The Link Library WordPress plugin earlier than 7.2.8 doesn’t have authorisation in place when deleting hyperlinks, permitting unauthenticated customers to delete arbitrary hyperlinks by way of a crafted request
Codesys Profinet in model V4.2.0.0 is susceptible to null pointer dereference that permits a denial of service (DoS) assault of an unauthenticated consumer by way of SNMP.
PrinterLogic Web Stack variations 19.1.1.13 SP9 and beneath are susceptible to an Insecure Direct Object Reference (IDOR) vulnerability that permits an unauthenticated attacker to reveal the username and e mail handle of all customers.
PrinterLogic Web Stack variations 19.1.1.13 SP9 and beneath are susceptible to an Insecure Direct Object Reference (IDOR) vulnerability that permits an unauthenticated attacker to reveal the plaintext console username and password for a printer.
An concern was found in MultiPartParser in Django 2.2 earlier than 2.2.27, 3.2 earlier than 3.2.12, and 4.0 earlier than 4.0.2. Passing sure inputs to multipart kinds may lead to an infinite loop when parsing information.
SQL Injection vulnerability found in Unified Office Total Connect Now that will permit an attacker to extract delicate info by way of a cookie parameter.
TOTOLINK X5000R v9.1.0u.6118_B20201102 was found to include a stack overflow within the perform setUrlFilterGuidelines. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the url parameter.
TOTOLINK X5000R v9.1.0u.6118_B20201102 was found to make use of the HTTP protocol for authentication into the admin interface, permitting attackers to intercept consumer credentials by way of packet seize software program.
TOTOLINK X5000R v9.1.0u.6118_B20201102 was found to include a stack overflow within the perform setL2tpServerCfg. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the eip, sip, server parameters.
TOTOLINK A720R v4.1.5cu.470_B20200911 was found to include a stack overflow within the Form_Login perform. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the Host parameter.
TOTOLINK A720R v4.1.5cu.470_B20200911 was found to include a stack overflow within the Form_Login perform. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the flag parameter.
TOTOLINK X5000R v9.1.0u.6118_B20201102 was found to include a stack overflow within the perform setIpv6Cfg. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the relay6to4 parameters.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform formAddDnsForward. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the DnsForwardRule parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform guestWifiRuleRefresh. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the qosGuestUpstream and qosGuestDownstream parameters.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform formAddVpnUsers. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the vpnUsers parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform typeSetQvlanList. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the qvlanName parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform formIPMacBindModify. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the IPMacBindRuleIP and IPMacBindRuleMac parameters.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform formDelDhcpRule. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the delDhcpIndex parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform typeSetStaticRoute. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the staticRouteNet, staticRouteMask, and staticRouteGateway parameters.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform typeSetPortMapping. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform typeSetPortMapping. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform typeSetFirewallCfg. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the firewallEn parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform form_fast_setting_wifi_set. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the timeZone parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform formWifiBasicSet. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the safety and security_5g parameters.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform typeSetQosBand. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the checklist parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform fromAdvSetMacMtuWan. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the wanMTU, wanSpeed, cloneType, mac, and repairName parameters.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform fromSetWirelessRepeat. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the wpapsk_crypto parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform fromSetWifiGusetBasic. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the shareSpeed parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform fromSetRouteStatic. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the checklist parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform formAddMacfilterRule. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the devName parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform typeSetRebootTimer. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the rebootTime parameter.
Tenda AX3 v16.03.12.10_CN was found to include a heap overflow within the perform setSchedWifi. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the schedStartTime and schedEndTime parameters.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform typeSetVirtualSer. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the checklist parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform typeSetMacFilterCfg. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the deviceList parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform fromSetIpMacBind. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the checklist parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform typeSetPPTPServer. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the startIp and endIp parameters.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform typeSetGadgetName. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the devName parameter.
Tenda AX3 v16.03.12.10_CN was found to include a heap overflow within the perform GetGuardianControlInfo. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the mac parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform saveParentControlInfo. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the time parameter.
Tenda AX3 v16.03.12.10_CN was found to include a stack overflow within the perform fromSetSysTime. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the timeZone parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform typeSetVirtualSer. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the DnsHijackRule parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform typeSetSysTime. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the manualTime parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform formIPMacBindAdd. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the IPMacBindRule parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN have been found to include a stack overflow within the perform formAddDhcpBindRule. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the addDhcpRules parameter.
Directory travesal in /northstar/filemanager/obtain.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 permits distant unauthenticated customers to obtain arbitrary information, together with JSP supply code, throughout the filesystem of the host of the online software.
Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 permits distant native consumer to intercept customers credentials transmitted in cleartext over HTTP.
ntpd in ntp earlier than 4.2.8p14 and 4.3.x earlier than 4.3.100 permits distant attackers to trigger a denial of service (daemon exit or system time change) by predicting transmit timestamps to be used in spoofed packets. The sufferer should be counting on unauthenticated IPv4 time sources. There should be an off-path attacker who can question time from the sufferer’s ntpd occasion.
ASN.1 strings are represented internally inside OpenSSL as an ASN1_STRING construction which accommodates a buffer holding the string information and a area holding the buffer size. This contrasts with regular C strings that are repesented as a buffer for the string information which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings which can be parsed utilizing OpenSSL’s personal “d2i” capabilities (and different comparable parsing capabilities) in addition to any string whose worth has been set with the ASN1_STRING_set() perform will moreover NUL terminate the byte array within the ASN1_STRING construction. However, it’s doable for purposes to instantly assemble legitimate ASN1_STRING constructions which don’t NUL terminate the byte array by instantly setting the “information” and “size” fields within the ASN1_STRING array. This can even occur by utilizing the ASN1_STRING_set0() perform. Numerous OpenSSL capabilities that print ASN.1 information have been discovered to imagine that the ASN1_STRING byte array will likely be NUL terminated, despite the fact that this isn’t assured for strings which have been instantly constructed. Where an software requests an ASN.1 construction to be printed, and the place that ASN.1 construction accommodates ASN1_STRINGs which have been instantly constructed by the applying with out NUL terminating the “information” area, then a learn buffer overrun can happen. The identical factor can even happen throughout title constraints processing of certificates (for instance if a certificates has been instantly constructed by the applying as an alternative of loading it by way of the OpenSSL parsing capabilities, and the certificates accommodates non NUL terminated ASN1_STRING constructions). It can even happen within the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() capabilities. If a malicious actor could cause an software to instantly assemble an ASN1_STRING after which course of it by way of one of many affected OpenSSL capabilities then this concern could possibly be hit. This would possibly lead to a crash (inflicting a Denial of Service assault). It may additionally consequence within the disclosure of personal reminiscence contents (corresponding to personal keys, or delicate plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
Adobe Creative Cloud Desktop Application model 5.4 (and earlier) is affected by a file dealing with vulnerability that might permit an attacker to arbitrarily overwrite a file. Exploitation of this concern requires native entry, administrator privileges and consumer interplay.
treq is an HTTP library impressed by requests however written on high of Twisted’s Agents. Treq’s request strategies (`treq.get`, `treq.put up`, and so forth.) and `treq.shopper.HTTPClient` constructor settle for cookies as a dictionary. Such cookies usually are not certain to a single area, and are subsequently despatched to *each* area (“supercookies”). This can probably trigger delicate info to leak upon an HTTP redirect to a special area., e.g. ought to `https://instance.com` redirect to `http://cloudstorageprovider.com` the latter will obtain the cookie `session`. Treq 2021.1.0 and later bind cookies given to request strategies (`treq.request`, `treq.get`, `HTTPClient.request`, `HTTPClient.get`, and so forth.) to the origin of the *url* parameter. Users are suggested to improve. For customers unable to improve Instead of passing a dictionary because the *cookies* argument, go a `http.cookiejar.CookieJar` occasion with correctly domain- and scheme-scoped cookies in it.
An unspecified ActiveX management in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers earlier than 2.1.0 permits distant attackers to execute arbitrary code by way of unknown vectors, associated to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka protected for scripting) flag.
In Apache Commons Beanutils 1.9.2, a particular BeanIntrospector class was added which permits suppressing the power for an attacker to entry the classloader by way of the category property obtainable on all Java objects. We, nonetheless weren’t utilizing this by default attribute of the PropertyUtilsBean.
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all variations) that might permit the attacker to interrupt the encryption key when the attacker has captured the site visitors between EcoStruxure Machine – Basic software program and Modicon M221 controller.
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all variations) that might permit the attacker to interrupt the encryption keys when the attacker has captured the site visitors between EcoStruxure Machine – Basic software program and Modicon M221 controller.
An concern was found in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to set off push notifications for VeridiumAD enrolled customers doesn’t implement correct entry management. A consumer can set off push notifications for every other consumer. The textual content contained within the push notification may also be modified. If a consumer who receives the notification accepts it, then the consumer who triggered the notification can get hold of the accepting consumer’s login certificates.
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all variations) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and beneath is susceptible to a number of authenticated command injections.
A file add restriction bypass vulnerability in Pluck CMS earlier than 4.7.13 permits an admin privileged consumer to achieve entry within the host by way of the “handle information” performance, which can lead to distant code execution.
The Catch Themes Demo Import WordPress plugin is susceptible to arbitrary file uploads by way of the import performance discovered within the ~/inc/CatchThemesDemoImport.php file, in variations as much as and together with 1.7, on account of inadequate file sort validation. This makes it doable for an attacker with administrative privileges to add malicious information that can be utilized to attain distant code execution.
The RegistrationMagic WordPress plugin earlier than 5.0.1.6 doesn’t escape consumer enter in its rm_chronos_ajax AJAX motion earlier than utilizing it in a SQL assertion when duplicating duties in batches, which may result in a SQL injection concern
jpress 4.2.0 is susceptible to distant code execution by way of io.jpress.internet.admin._TemplateController#doInstall. The admin panel gives a perform by way of which attackers can set up templates and inject some malicious code.
jpress 4.2.0 is susceptible to distant code execution by way of io.jpress.module.article.equipment.ArticleNotifyKit#doSendEmail. The admin panel gives a perform by way of which attackers can edit the e-mail templates and inject some malicious code.
controller/org.controller/org.controller.js within the CVE Services API 1.1.1 earlier than 5c50baf3bda28133a3bc90b854765a64fb538304 permits an organizational administrator to switch a consumer account to an arbitrary new group, and thereby obtain unintended entry inside the context of that new group.
Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is susceptible to Remote Code Execution (RCE). Any consumer with the “Zabbix Admin” function is ready to run customized shell script on the applying server within the context of the applying consumer.
Liferay Portal Server examined on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator consumer can inject Groovy script to execute any OS command on the Liferay Portal Sever.
Liferay Portal Server examined on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator consumer can inject instructions by way of the Gogo Shell module to execute any OS command on the Liferay Portal Sever.
An OS command injection vulnerability exists within the gadget community settings performance of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the worth of the dns1 parameter offered by way of the SetLocal API, shouldn’t be validated correctly. This would result in an OS command injection.
An OS command injection vulnerability exists within the gadget community settings performance of reolink RLC-410W v3.0.0.136_20121102. At [6] the dns_data->dns2 variable, that has the worth of the dns2 parameter offered by way of the SetLocalLink API, shouldn’t be validated correctly. This would result in an OS command injection.
An OScommand injection vulnerability exists within the gadget community settings performance of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the worth of the title parameter offered by way of the SetDevName API, shouldn’t be validated correctly. This would result in an OS command injection.
Authenticated distant code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 permits a distant attacker to add a configuration backup file containing a malicious python pickle file which is able to execute arbitrary code on the server.
Multiple stack-based buffer overflows within the command line interpreter of FortiWeb earlier than 6.4.2 might permit an authenticated attacker to attain arbitrary code execution by way of specifically crafted instructions.
curl 7.20.0 by way of 7.70.0 is susceptible to improper restriction of names for information and different sources that may lead too overwriting an area file when the -J flag is used.
When utilizing Apache Tomcat variations 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to eight.5.54 and seven.0.0 to 7.0.103 if a) an attacker is ready to management the contents and title of a file on the server; and b) the server is configured to make use of the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=”null” (the default except a SecurityManager is used) or a sufficiently lax filter to permit the attacker offered object to be deserialized; and d) the attacker is aware of the relative file path from the storage location utilized by FileStore to the file the attacker has management over; then, utilizing a particularly crafted request, the attacker will be capable to set off distant code execution by way of deserialization of the file beneath their management. Note that each one of situations a) to d) should be true for the assault to succeed.
In Eclipse Jetty variations 1.0 through 9.4.32.v20200930, 10.0.0.alpha1 through 10.0.0.beta2, and 11.0.0.alpha1 through 11.0.0.beta2O, on Unix like techniques, the system’s momentary listing is shared between all customers on that system. A collocated consumer can observe the method of making a short lived sub listing within the shared momentary listing and race to finish the creation of the momentary subdirectory. If the attacker wins the race then they are going to have learn and write permission to the subdirectory used to unpack internet purposes, together with their WEB-INF/lib jar information and JSP information. If any code is ever executed out of this momentary listing, this may result in an area privilege escalation vulnerability.
The repair for CVE-2020-9484 was incomplete. When utilizing Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to eight.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was extremely unlikely for use, the Tomcat occasion was nonetheless susceptible to CVE-2020-9494. Note that each the beforehand revealed stipulations for CVE-2020-9484 and the beforehand revealed mitigations for CVE-2020-9484 additionally apply to this concern.
In PHP variations 7.3.x as much as and together with 7.3.31, 7.4.x beneath 7.4.25 and eight.0.x beneath 8.0.12, when working PHP FPM SAPI with essential FPM daemon course of working as root and little one employee processes working as lower-privileged customers, it’s doable for the kid processes to entry reminiscence shared with the primary course of and write to it, modifying it in a method that will trigger the basis course of to conduct invalid reminiscence reads and writes, which can be utilized to escalate privileges from native unprivileged consumer to the basis consumer.
The repair for bug CVE-2020-9484 launched a time of test, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and eight.5.55 to eight.5.73 that allowed an area attacker to carry out actions with the privileges of the consumer that the Tomcat course of is utilizing. This concern is simply exploitable when Tomcat is configured to persist periods utilizing the FileStore.
A CWE-119: Improper Restriction of Operations inside the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All variations previous to V5.0.4.11) and SoMachine/SoMachine Motion software program (All variations), that might trigger a buffer overflow when the size of a file transferred to the webserver shouldn’t be verified.
Authenticated (admin+) Arbitrary File Download vulnerability found in Download Monitor WordPress plugin (variations <= 4.4.6). The plugin permits arbitrary information, together with delicate configuration information corresponding to wp-config.php, to be downloaded by way of the &downloadable_file_urls[0] parameter information. It's additionally doable to flee from the online server residence listing and obtain any file inside the OS.
An concern was found in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior variations, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior variations, and Proficy Historian Version 6.0 and prior variations. An attacker might be able to retrieve consumer passwords if she or he has entry to an authenticated session.
Insecure default variable initialization for the Intel BSSA DFT function might permit a privileged consumer to probably allow an escalation of privilege by way of native entry.
Insecure default variable initialization for the Intel BSSA DFT function might permit a privileged consumer to probably allow an escalation of privilege by way of native entry.
NVIDIA GPU and Tegra {hardware} include a vulnerability within the inside microcontroller, which can permit a consumer with elevated privileges to instantiate a DMA write operation solely inside a selected time window timed to deprave code execution, which can influence confidentiality, integrity, or availability. The scope influence might lengthen to different elements.
Dell BIOS accommodates an improper enter validation vulnerability. An area authenticated malicious consumer might probably exploit this vulnerability by utilizing an SMI to achieve arbitrary code execution in SMRAM.
Dell BIOS accommodates an improper enter validation vulnerability. An area authenticated malicious consumer might probably exploit this vulnerability by utilizing an SMI to achieve arbitrary code execution in SMRAM.
Apache Log4j2 variations 2.0-beta7 by way of 2.17.0 (excluding safety repair releases 2.3.2 and a pair of.12.4) are susceptible to a distant code execution (RCE) assault when a configuration makes use of a JDBC Appender with a JNDI LDAP information supply URI when an attacker has management of the goal LDAP server. This concern is mounted by limiting JNDI information supply names to the java protocol in Log4j2 variations 2.17.1, 2.12.4, and a pair of.3.2.
A Predictable Value Range from Previous Values concern was found in Schneider Electric Modicon PLCs Modicon M221, firmware variations previous to Version 1.5.0.0, Modicon M241, firmware variations previous to Version 4.0.5.11, and Modicon M251, firmware variations previous to Version 4.0.5.11. The affected merchandise generate insufficiently random TCP preliminary sequence numbers which will permit an attacker to foretell the numbers from earlier values. This might permit an attacker to spoof or disrupt TCP connections.
VMware ESXi 6.7 with out ESXi670-201811401-BG and VMware ESXi 6.5 with out ESXi650-201811301-BG include uninitialized stack reminiscence utilization within the vmxnet3 digital community adapter which can result in an info leak from host to visitor.
CWE-330: Use of Insufficiently Random Values vulnerability, which may trigger the hijacking of the TCP connection when utilizing Ethernet communication in Modicon M580 firmware variations previous to V2.30, and all firmware variations of Modicon M340, Modicon Premium, Modicon Quantum.
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware variations), which may trigger info disclosure when utilizing the FTP protocol.
A CWE-863: Incorrect Authorization vulnerability exists in U.movement Servers and Touch Panels (affected variations listed within the safety notification) which may trigger unauthorized entry when a low privileged consumer makes unauthorized adjustments.
In Spring Framework variations 5.2.0 – 5.2.8, 5.1.0 – 5.1.17, 5.0.0 – 5.0.18, 4.3.0 – 4.3.28, and older unsupported variations, the protections towards RFD assaults from CVE-2015-5211 could also be bypassed relying on the browser used by way of using a jsessionid path parameter.
It was doable to execute a ReDoS-type assault inside CKEditor 4 earlier than 4.16 by persuading a sufferer to stick crafted URL-like textual content into the editor, after which press Enter or Space (within the Autolink plugin).
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with sure permissions may carry out particular SQL assertion to take advantage of this vulnerability. Due to inadequate safety design, profitable exploit could cause service irregular. Affected product variations embody: ManageOne variations 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.
Directory traversal in Eclipse Mojarra earlier than 2.3.14 permits attackers to learn arbitrary information by way of the loc parameter or con parameter.
Prism is a syntax highlighting library. Some languages earlier than 1.24.0 are susceptible to Regular Expression Denial of Service (ReDoS). When Prism is used to spotlight untrusted (user-given) textual content, an attacker can craft a string that can take a really very very long time to spotlight. This drawback has been mounted in Prism v1.24. As a workaround, don’t use ASCIIDoc or ERB to spotlight untrusted textual content. Other languages usually are not affected and can be utilized to spotlight untrusted textual content.
A flaw was present in libxml2. Exponential entity growth assault its doable bypassing all present safety mechanisms and resulting in denial of service.
A vulnerability within the JNDI Realm of Apache Tomcat permits an attacker to authenticate utilizing variations of a sound consumer title and/or to bypass among the safety offered by the LockOut Realm. This concern impacts Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to eight.5.65.
The crypto/tls bundle of Go by way of 1.16.5 doesn’t correctly assert that the kind of public key in an X.509 certificates matches the anticipated sort when doing a RSA based mostly key alternate, permitting a malicious TLS server to trigger a TLS shopper to panic.
A logic concern was addressed with improved restrictions. This concern is mounted in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted internet content material might result in unexpectedly unenforced Content Security Policy.
A flaw has been present in libssh in variations previous to 0.9.6. The SSH protocol retains monitor of two shared secrets and techniques throughout the lifetime of the session. One of them known as secret_hash and the opposite session_id. Initially, each of them are the identical, however after key re-exchange, earlier session_id is saved and used as an enter to new secret_hash. Historically, each of those buffers had shared size variable, which labored so long as these buffers have been identical. But the important thing re-exchange operation can even change the important thing alternate methodology, which could be based mostly on hash of various measurement, ultimately creating “secret_hash” of various measurement than the session_id has. This turns into a problem when the session_id reminiscence is zeroed or when it’s used once more throughout second key re-exchange.
Acrobat Reader DC ActiveX Control variations 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker may leverage this vulnerability to acquire NTLMv2 credentials. Exploitation of this concern requires consumer interplay in {that a} sufferer should open a maliciously crafted Microsoft Office file, or go to an attacker managed internet web page.
Acrobat Reader DC ActiveX Control variations 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker may leverage this vulnerability to acquire NTLMv2 credentials. Exploitation of this concern requires consumer interplay in {that a} sufferer should go to an attacker managed internet web page.
The parse perform in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the physique of chunked requests. This results in HTTP Request Smuggling (HRS) beneath sure situations.
The parser in accepts requests with an area (SP) proper after the header title earlier than the colon. This can result in HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
Netty is an asynchronous event-driven community software framework for fast improvement of maintainable excessive efficiency protocol servers & shoppers. Netty previous to model 4.1.71.Final skips management chars when they’re current in the beginning / finish of the header title. It ought to as an alternative fail quick as these usually are not allowed by the spec and will result in HTTP request smuggling. Failing to do the validation would possibly trigger netty to “sanitize” header names earlier than it ahead these to a different distant system when used as proxy. This distant system cannot see the invalid utilization anymore, and subsequently doesn’t do the validation itself. Users ought to improve to model 4.1.71.Final to obtain a patch.
A flaw was present in podman. The `podman machine` perform (used to create and handle Podman digital machine containing a Podman course of) spawns a `gvproxy` course of on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host’s firewall, an attacker can probably use the `gvproxy` API to ahead ports on the host to ports within the VM, making personal companies on the VM accessible to the community. This concern could possibly be additionally used to interrupt the host’s companies by forwarding all ports to the VM.
In WebKitGTK earlier than 2.32.4, there’s incorrect reminiscence allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, resulting in a segmentation violation and software crash, a special vulnerability than CVE-2021-30889.
An incorrect default permission vulnerability exists within the cgiserver.cgi cgi_check_ability performance of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API doesn’t have a selected case, the consumer permission will default to 7. This will give non-administrative customers the chance to format the SD card and reboot the gadget.
VMware Workstation (16.x previous to 16.2.2) and Horizon Client for Windows (5.x prior to five.5.3) accommodates a denial-of-service vulnerability within the Cortado ThinPrint part. The concern exists in TrueType font parser. A malicious actor with entry to a digital machine or distant desktop might exploit this concern to set off a denial-of-service situation within the Thinprint service working on the host machine the place VMware Workstation or Horizon Client for Windows is put in.
YzmCMS v6.3 was found to include a Cross-Site Request Forgery (CSRF) which permits attackers to arbitrarily delete consumer accounts by way of /admin/admin_manage/delete.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetRec param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetCrop param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetNorm param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. Set3G param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetCloudSchedule param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetPush param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetWifi param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetDevName param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetUpnp param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetNetPort param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetNtp param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetFtp param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetEmail param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetLocalLink param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetAutoFocus param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetMasks param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetIsp param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetImage param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetEnc param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetAutoMaint param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetTime param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetPowerLed param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot.SetIrLights param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetAutoUpgrade param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetPtzSerial param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetPtzPatrol param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. SetPtzPreset param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. Login param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetCapability param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. Format param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetEnc param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetImage param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetIsp param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetMasks param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. Preview param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. rtmp=begin param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. rtmp=cease param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetPtzPreset param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetPtzPatrol param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. PtzCtrl param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetPtzSerial param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetPtzTattern param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetZoomFocus param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. StartZoomFocus param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetAutoFocus param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. Take a look atEmail param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. TestFtp param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. TestWifi param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. UpgradePut together param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. Search param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetRec param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. AddUser param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. DelUser param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. ModifyUser param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. Disconnect param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetAlarm param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetMdState param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
A denial of service vulnerability exists within the cgiserver.cgi JSON command parser performance of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can result in a reboot. GetMdAlarm param shouldn’t be object. An attacker can ship an HTTP request to set off this vulnerability.
gh-ost is a triggerless on-line schema migration answer for MySQL. Versions previous to 1.1.3 are topic to an arbitrary file learn vulnerability. The attacker should have entry to the goal host or trick an administrator into executing a malicious gh-ost command on a number working gh-ost, plus community entry from host working gh-ost to the assault’s malicious MySQL server. The `-database` parameter doesn’t correctly sanitize consumer enter which might result in arbitrary file reads.
The Error Log Viewer WordPress plugin by way of 1.1.1 doesn’t carry out nonce test when deleting a log file and doesn’t have path traversal prevention, which may permit attackers to make a logged in admin delete arbitrary textual content information on the net server.
The NextScripts: Social Networks Auto-Poster WordPress plugin earlier than 4.3.25 doesn’t have CSRF test in place when deleting gadgets, permitting attacker to make a logged in admin delete arbitrary posts by way of a CSRF assault
The Link Library WordPress plugin earlier than 7.2.8 doesn’t have CSRF test when resetting library settings, permitting attackers to make a logged in admin reset arbitrary settings by way of a CSRF assault
The LabTools WordPress plugin by way of 1.0 doesn’t have correct authorisation and CSRF test in place when deleting publications, permitting any authenticated customers, corresponding to subscriber to delete arbitrary publication
Apache Superset as much as and together with 1.3.2 allowed for registered database connections password leak for authenticated customers. This info could possibly be accessed in a non-trivial method. Users ought to improve to Apache Superset 1.4.0 or greater.
iText v7.1.17 was found to include an out-of-memory error by way of the part readStreamBytesRaw, which permits attackers to trigger a Denial of Service (DoS) by way of a crafted PDF file.
iText v7.1.17 was found to include a stack-based buffer overflow by way of the part ByteBuffer.append, which permits attackers to trigger a Denial of Service (DoS) by way of a crafted PDF file.
iText v7.1.17 was found to include an out-of-bounds exception by way of the part ARCFOUREncryption.encryptARCFOUR, which permits attackers to trigger a Denial of Service (DoS) by way of a crafted PDF file.
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 permits distant authenticated customers to alter the password of any focused consumer accounts by way of lack of correct authorization within the user-controlled “userID” parameter of the HTTP POST request.
General Electric (GE) Digital Proficy HMI/SCADA – CIMPLICITY earlier than 8.2 SIM 27 mishandles service DACLs, which permits native customers to switch a service configuration by way of unspecified vectors.
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 makes use of the default momentary listing recognized by the Java system property java.io.tmpdir for a number of duties and will thus leak delicate info. The fixcrlf and replaceregexp duties additionally copy information from the momentary listing again into the construct tree permitting an attacker to inject modified supply information into the construct course of.
XStream is a straightforward library to serialize objects to XML and again once more. In affected variations this vulnerability might permit a distant attacker to allocate 100% CPU time on the goal system relying on CPU sort or parallel execution of such a payload leading to a denial of service solely by manipulating the processed enter stream. No consumer is affected, who adopted the advice to setup XStream’s safety framework with a whitelist restricted to the minimal required varieties. XStream 1.4.18 makes use of not a blacklist by default, because it can’t be secured for common goal.
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 permit distant attackers to inject arbitrary internet script or HTML by way of (1) the list_1680466951_oldfilterval parameter to techniques/PhysicalList.do or (2) unspecified vectors involving techniques/VirtualSystemsRecord.do.
Multiple cross-site scripting (XSS) vulnerabilities within the Web UI in Spacewalk and Red Hat Satellite 5.7 permit distant attackers to inject arbitrary internet script or HTML by way of (1) the PATH_INFO to techniques/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the title of a (3) snapshot tag or (4) system group in System Set Manager (SSM).
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 permits distant attackers to inject arbitrary internet script or HTML by way of the (1) RHNMD User or (2) Filesystem parameters, associated to show of monitoring probes.
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 permits distant attackers to inject arbitrary internet script or HTML by way of a bunch title, associated to viewing snapshot information.
Cross-site scripting (XSS) vulnerability in jQuery UI earlier than 1.12.0 would possibly permit distant attackers to inject arbitrary internet script or HTML by way of the shutText parameter of the dialog perform.
The ESXi Host Client in VMware ESXi (6.5 earlier than ESXi650-201712103-SG, 5.5 earlier than ESXi600-201711103-SG and 5.5 earlier than ESXi550-201709102-SG) accommodates a vulnerability which will permit for saved cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which could get executed when different customers entry the Host Client.
jQuery earlier than 3.4.0, as utilized in Drupal, Backdrop CMS, and different merchandise, mishandles jQuery.lengthen(true, {}, …) due to Object.prototype air pollution. If an unsanitized supply object contained an enumerable __proto__ property, it may lengthen the native Object.prototype.
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as utilized in Mojarra for Eclipse EE4J earlier than 2.3.10 and Mojarra JavaServer Faces earlier than 2.2.20, permits Reflected XSS as a result of a shopper window area is mishandled.
A vulnerability was present in Hibernate-Validator. The SafeHtml validator annotation fails to correctly sanitize payloads consisting of probably malicious code in HTML feedback and directions. This vulnerability may end up in an XSS assault.
A cross-site scripting (XSS) vulnerability within the HTML Data Processor for CKEditor 4.0 earlier than 4.14 permits distant attackers to inject arbitrary internet script by way of a crafted “protected” remark (with the cke_protected syntax).
In jQuery variations larger than or equal to 1.2 and earlier than 3.5.0, passing HTML from untrusted sources – even after sanitizing it – to considered one of jQuery’s DOM manipulation strategies (i.e. .html(), .append(), and others) might execute untrusted code. This drawback is patched in jQuery 3.5.0.
A cross-site scripting (XSS) concern within the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 permits distant attackers to inject JavaScript by way of the signalIn.do urll parameter.
OWASP AntiSamy earlier than 1.6.4 permits XSS by way of HTML attributes when utilizing the HTML output serializer (XHTML shouldn’t be affected). This was demonstrated by a javascript: URL with : because the alternative for the : character.
Under sure situations, NetWeaver Enterprise Portal, variations – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, doesn’t sufficiently encode report information. An attacker can craft malicious information and print it to the report. In a profitable assault, a sufferer opens the report, and the malicious script will get executed within the sufferer’s browser, leading to a Stored Cross-Site Scripting (XSS) vulnerability.
Under sure situations, NetWeaver Enterprise Portal, variations – 7.30, 7.31, 7.40, 7.50, doesn’t sufficiently encode URL parameters. An attacker can craft a malicious hyperlink and ship it to a sufferer. A profitable assault leads to Reflected Cross-Site Scripting (XSS) vulnerability.
A logic concern was addressed with improved state administration. This concern is mounted in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted internet content material might result in common cross website scripting.
Adobe Experience Manager model 6.5.9.0 (and earlier) is affected by a mirrored Cross-Site Scripting (XSS) vulnerability by way of the accesskey parameter. If an attacker is ready to persuade a sufferer to go to a URL referencing a susceptible web page, malicious JavaScript content material could also be executed inside the context of the sufferer’s browser
Acrobat Reader DC variations 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability on account of insecure dealing with of a crafted PDF file, probably leading to reminiscence corruption within the context of the present consumer. Exploitation requires consumer interplay in {that a} sufferer should open a crafted PDF file in Acrobat Reader.
Acrobat Reader DC variations 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability on account of insecure dealing with of a crafted PDF file, probably leading to reminiscence corruption within the context of the present consumer. Exploitation requires consumer interplay in {that a} sufferer should open a crafted PDF file in Acrobat Reader.
XMP Toolkit model 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that might lead to leaking information from sure reminiscence places and inflicting an area denial of service within the context of the present consumer. User interplay is required to take advantage of this vulnerability in that the sufferer might want to open a specifically crafted MXF file.
Adobe Connect model 11.2.3 (and earlier) is affected by a mirrored Cross-Site Scripting (XSS) vulnerability. If an attacker is ready to persuade a sufferer to go to a URL referencing a susceptible web page, malicious JavaScript content material could also be executed inside the context of the sufferer’s browser.
In MediaWiki by way of 1.37, XSS can happen in Wikibase as a result of an exterior identifier property can have a URL format that features a $1 formatter substitution marker, and the javascript: URL scheme (amongst others) can be utilized.
In MediaWiki by way of 1.37, Wikibase merchandise descriptions permit XSS, which is triggered upon a go to to an motion=information URL (aka a page-information sidebar).
A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software model 6.0.1 and older, which permits the injection of unauthenticated, specially-crafted internet requests with out correct sanitization.
GLPI is a free asset and IT administration software program bundle. All GLPI variations previous to 9.5.7 are susceptible to mirrored cross-site scripting. Version 9.5.7 accommodates a patch for this concern. There are not any recognized workarounds.
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that might trigger arbritrary script execution when a privileged account clicks on a malicious URL particularly crafted for the NMC pointing to a delete coverage file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC3 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products utilizing NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for collection ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for collection ACRC10x SKUs (RC10X2G), InRow Cooling for collection ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for collection ACRD3xx (ACRC2G), InRow Cooling for collection ACSC1xx SKUs (SC2G), InRow Cooling for collection ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that might trigger script execution when the request of a privileged account accessing the susceptible internet web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC3 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products utilizing NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for collection ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for collection ACRC10x SKUs (RC10X2G), InRow Cooling for collection ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for collection ACRD3xx (ACRC2G), InRow Cooling for collection ACSC1xx SKUs (SC2G), InRow Cooling for collection ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that might trigger arbritrary script execution when a privileged account clicks on a malicious URL particularly crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC3 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products utilizing NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for collection ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for collection ACRC10x SKUs (RC10X2G), InRow Cooling for collection ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for collection ACRD3xx (ACRC2G), InRow Cooling for collection ACSC1xx SKUs (SC2G), InRow Cooling for collection ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that might trigger arbritrary script execution when a privileged account clicks on a malicious URL particularly crafted for the NMC pointing to an edit coverage file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC3 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products utilizing NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for collection ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for collection ACRC10x SKUs (RC10X2G), InRow Cooling for collection ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for collection ACRD3xx (ACRC2G), InRow Cooling for collection ACSC1xx SKUs (SC2G), InRow Cooling for collection ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists which may trigger arbritrary script execution when a malicious file is learn and displayed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC3 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products utilizing NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for collection ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for collection ACRC10x SKUs (RC10X2G), InRow Cooling for collection ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for collection ACRD3xx (ACRC2G), InRow Cooling for collection ACSC1xx SKUs (SC2G), InRow Cooling for collection ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
A CWE-79 Improper Neutralization of Input During Web Page Generation (?Cross-site Scripting?) vulnerability exists that might permit an attacker to impersonate the consumer who manages the charging station or perform actions on their behalf when crafted malicious parameters are submitted to the charging station internet server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All variations previous to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All variations previous to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All variations previous to R8 V3.4.0.2)
HTML code injection vulnerability in Android Application, Bosch Video Security, model 3.2.3. or earlier, when efficiently exploited permits an attacker to inject random HTML code right into a part loaded by WebView, thus permitting the Application to show internet sources managed by the attacker.
laminas-form is a bundle for validating and displaying easy and complicated kinds. When rendering validation error messages by way of the `typeElementErrors()` view helper shipped with laminas-form, many messages will include the submitted worth. However, in laminas-form previous to model 3.1.1, the worth was not being escaped for HTML contexts, which may probably result in a mirrored cross-site scripting assault. Versions 3.1.1 and above include a patch to mitigate the vulnerability. A workaround is out there. One might manually place code on the high of a view script the place one calls the `typeElementErrors()` view helper. More details about this workaround is out there on the GitHub Security Advisory.
Products.ATContentTypes are the core content material varieties for Plone 2.1 – 4.3. Versions of Plone which can be depending on Products.ATContentTypes previous to model 3.0.6 are susceptible to mirrored cross website scripting and open redirect when an attacker can get a compromised model of the image_view_fullscreen web page in a cache, for instance in Varnish. The method is called cache poisoning. Any later customer can get redirected when clicking on a hyperlink on this web page. Usually solely nameless customers are affected, however this is dependent upon the consumer’s cache settings. Version 3.0.6 of Products.ATContentTypes has been launched with a repair. This model works on Plone 5.2, Python 2 solely. As a workaround, be sure the image_view_fullscreen web page shouldn’t be saved within the cache. More details about the vulnerability and cvmitigation measures is out there within the GitHub Security Advisory.
iTunesRPC-Remastered is a discord wealthy presence software to be used with iTunes & Apple Music. In code earlier than commit 24f43aa consumer enter shouldn’t be correctly sanitized and code injection is feasible. Users are suggested to improve as quickly as is feasible. There are not any recognized workarounds for this concern.
The RegistrationMagic WordPress plugin earlier than 5.0.1.9 doesn’t sanitise and escape the rm_search_value parameter earlier than outputting again in an attribute, resulting in a Reflected Cross-Site Scripting
The Perfect Survey WordPress plugin earlier than 1.5.2 doesn’t sanitise and escape a number of parameters (id and filters[session_id] of single_statistics web page, sort and message of importexport web page) earlier than outputting them again in pages/attributes within the admin dashboard, resulting in Reflected Cross-Site Scripting points
The Perfect Survey WordPress plugin by way of 1.5.2 doesn’t validate and escape the X-Forwarded-For header worth earlier than outputting it within the statistic web page when the Anonymize IP setting of a survey is turned off, resulting in a Stored Cross-Site Scripting concern
The Domain Check WordPress plugin earlier than 1.0.17 doesn’t sanitise and escape the area parameter earlier than outputting it again within the web page, resulting in a Reflected Cross-Site Scripting concern
6.1
(*9*)
CVE-2021-24934
The Visual CSS Style Editor WordPress plugin earlier than 7.5.4 doesn’t sanitise and escape the wyp_page_type parameter earlier than outputting it again in an admin web page, resulting in a Reflected Cross-Site Scripting concern
The Asset CleanUp: Page Speed Booster WordPress plugin earlier than 1.3.8.5 doesn’t escape the wpacu_selected_sub_tab_area parameter earlier than outputting it again in an attribute in an admin web page, resulting in a Reflected Cross-Site Scripting concern
The NextScripts: Social Networks Auto-Poster WordPress plugin earlier than 4.3.24 doesn’t sanitise and escape logged requests earlier than outputting them within the associated admin dashboard, resulting in an Unauthenticated Stored Cross-Site Scripting concern
The Asset CleanUp: Page Speed Booster WordPress plugin earlier than 1.3.8.5 doesn’t sanitise and escape POSted parameters despatched to the wpassetcleanup_fetch_active_plugins_icons AJAX motion (obtainable to admin customers), resulting in a Reflected Cross-Site Scripting concern
The Contact Form 7 Skins WordPress plugin by way of 2.5.0 doesn’t sanitise and escape the tab parameter earlier than outputting it again in an admin web page, resulting in a Reflected Cross-Site Scripting
The WOOF WordPress plugin earlier than 1.2.6.3 doesn’t sanitise and escape the woof_redraw_elements earlier than outputing again in an admin web page, resulting in a Reflected Cross-Site Scripting
The UpdraftPlus WordPress Backup Plugin WordPress plugin earlier than 1.16.69 doesn’t sanitise and escape the updraft_restore parameter earlier than outputting it again within the Restore web page, resulting in a Reflected Cross-Site Scripting
The Link Library WordPress plugin earlier than 7.2.9 doesn’t sanitise and escape the settingscopy parameter earlier than outputting it again in an admin web page, resulting in a Reflected Cross-Site Scripting
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 permits attackers to inject arbitrary HTML by way of the search_term parameter within the modules/Scheduling/Courses.php script.
The check_privacy_settings AJAX motion of the WordPress GDPR WordPress plugin earlier than 1.9.27, obtainable to each unauthenticated and authenticated customers, responds with JSON information with out an “software/json” content-type. Since an HTML payload is not correctly escaped, it could be interpreted by an internet browser led to this endpoint. Javascript code could also be executed on a sufferer’s browser. Due to v1.9.26 including a CSRF test, the XSS is simply exploitable towards unauthenticated customers (as all of them share the identical nonce)
Ivanti Service Manager 2021.1 permits mirrored XSS by way of the appName parameter related to ConfigDB calls, corresponding to in RelocateAttachments.aspx.
A improper neutralization of enter throughout internet web page era (‘cross-site scripting’) in Fortinet FortiMail model 7.0.1 and seven.0.0, model 6.4.5 and beneath, model 6.3.7 and beneath, model 6.0.11 and beneath permits attacker to execute unauthorized code or instructions by way of crafted HTTP GET requests to the FortiGuard URI safety service.
JHEAD is a straightforward command line instrument for displaying and a few manipulation of EXIF header information embedded in Jpeg photos from digital cameras. In affected variations there’s a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg photos could be offered to the consumer leading to a program crash or probably incorrect exif info retrieval. Users are suggested to improve. There isn’t any recognized workaround for this concern.
PrinterLogic Web Stack variations 19.1.1.13 SP9 and beneath are susceptible to a number of mirrored cross website scripting vulnerabilities. Attacker managed enter is mirrored again within the web page with out sanitization.
The {% debug %} template tag in Django 2.2 earlier than 2.2.27, 3.2 earlier than 3.2.12, and 4.0 earlier than 4.0.2 doesn’t correctly encode the present context. This might result in XSS.
A Cross Site Scripting (XSS) vulnerability exists in Codex earlier than 1.4.0 by way of Notebook/Page title area, which permits malicious customers to execute arbitrary code by way of a crafted http code in a .json file.
NVIDIA GPU Display Driver for Linux accommodates a vulnerability within the kernel driver, the place improper dealing with of inadequate permissions or privileges might permit an unprivileged native consumer restricted write entry to protected reminiscence, which might result in denial of service.
NVIDIA GPU Display Driver for Linux accommodates a vulnerability within the kernel driver bundle, the place improper dealing with of inadequate permissions or privileges might permit an unprivileged native consumer restricted write entry to protected reminiscence, which might result in denial of service.
The bundle python/cpython from 0 and earlier than 3.6.13, from 3.7.0 and earlier than 3.7.10, from 3.8.0 and earlier than 3.8.8, from 3.9.0 and earlier than 3.9.2 are susceptible to Web Cache Poisoning by way of urllib.parse.parse_qsl and urllib.parse.parse_qs by utilizing a vector known as parameter cloaking. When the attacker can separate question parameters utilizing a semicolon (;), they’ll trigger a distinction within the interpretation of the request between the proxy (working with default configuration) and the server. This may end up in malicious requests being cached as fully protected ones, because the proxy would normally not see the semicolon as a separator, and subsequently wouldn’t embody it in a cache key of an unkeyed parameter.
Netty is an open-source, asynchronous event-driven community software framework for fast improvement of maintainable excessive efficiency protocol servers & shoppers. In Netty (io.netty:netty-codec-http2) earlier than model 4.1.61.Final there’s a vulnerability that allows request smuggling. The content-length header shouldn’t be appropriately validated if the request solely makes use of a single Http2HeaderFrame with the endStream set to to true. This may result in request smuggling if the request is proxied to a distant peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to repair this one case. This was mounted as a part of 4.1.61.Final.
A vulnerability was found in XNIO the place file descriptor leak attributable to rising quantities of NIO Selector file handles between rubbish assortment cycles. It might permit the attacker to trigger a denial of service. It impacts XNIO variations 3.6.0.Beta1 by way of 3.8.1.Final.
The aaugustin websockets library earlier than 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=…). An attacker might be able to guess a password by way of a timing assault.
Go earlier than 1.15.15 and 1.16.x earlier than 1.16.7 has a race situation that may result in a internet/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
Some elements in Apache Kafka use `Arrays.equals` to validate a password or key, which is susceptible to timing assaults that make brute drive assaults for such credentials extra probably to achieve success. Users ought to improve to 2.8.1 or greater, or 3.0.0 or greater the place this vulnerability has been mounted. The affected variations embody Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and a pair of.8.0.
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve information utilizing STARTTLS to improve to TLS safety, the server can reply and ship again a number of responses directly that curl caches. curl would then improve to TLS however not flush the in-queue of cached responses however as an alternative proceed utilizing and trustingthe responses it bought *earlier than* the TLS handshake as in the event that they have been authenticated.Using this flaw, it permits a Man-In-The-Middle attacker to first inject the pretend responses, then pass-through the TLS site visitors from the respectable server and trick curl into sending information again to the consumer pondering the attacker's injected information comes from the TLS-protected server.
Vulnerability within the MySQL Connectors product of Oracle MySQL (part: Connector/J). Supported variations which can be affected are 8.0.26 and prior. Difficult to take advantage of vulnerability permits excessive privileged attacker with community entry by way of a number of protocols to compromise MySQL Connectors. Successful assaults of this vulnerability may end up in unauthorized entry to crucial information or full entry to all MySQL Connectors accessible information and unauthorized means to trigger a grasp or often repeatable crash (full DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
Apache Log4j2 variations 2.0-alpha1 by way of 2.16.0 (excluding 2.12.3 and a pair of.3.1) didn’t shield from uncontrolled recursion from self-referential lookups. This permits an attacker with management over Thread Context Map information to trigger a denial of service when a crafted string is interpreted. This concern was mounted in Log4j 2.17.0, 2.12.3, and a pair of.3.1.
IBM Security Guardium Insights 3.0 may permit a distant attacker to acquire delicate info, attributable to the failure to correctly allow HTTP Strict Transport Security. An attacker may exploit this vulnerability to acquire delicate info utilizing man within the center strategies.
An info disclosure vulnerability exists because of the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle assault can result in a disclosure of delicate info. An attacker can carry out a man-in-the-middle assault to set off this vulnerability.
There is a carry propagation bug within the MIPS32 and MIPS64 squaring process. Many EC algorithms are affected, together with among the TLS 1.3 default curves. Impact was not analyzed intimately, as a result of the pre-requisites for assault are thought of unlikely and embody reusing personal keys. Analysis means that assaults towards RSA and DSA because of this defect could be very tough to carry out and usually are not believed probably. Attacks towards DH are thought of simply possible (though very tough) as a result of many of the work essential to deduce details about a personal key could also be carried out offline. The quantity of sources required for such an assault could be important. However, for an assault on TLS to be significant, the server must share the DH personal key amongst a number of shoppers, which is not an choice since CVE-2016-0701. This concern impacts OpenSSL variations 1.0.2, 1.1.1 and three.0.0. It was addressed within the releases of 1.1.1m and three.0.1 on the fifteenth of December 2021. For the 1.0.2 launch it’s addressed in git commit 6fc1aaaf3 that’s obtainable to premium help prospects solely. It will likely be made obtainable in 1.0.2zc when it’s launched. The concern solely impacts OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).
h2o is an open supply http server. In code previous to the `8c0eca3` commit h2o might try and entry uninitialized reminiscence. When receiving QUIC frames in sure order, HTTP/3 server-side implementation of h2o could be misguided to deal with uninitialized reminiscence as HTTP/3 frames which have been obtained. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to ship inside state of h2o to backend servers managed by the attacker or third occasion. Also, if there’s an HTTP endpoint that displays the site visitors despatched from the shopper, an attacker can use that reflector to acquire inside state of h2o. This inside state contains site visitors of different connections in unencrypted type and TLS session tickets. This vulnerability exists in h2o server with HTTP/3 help, between commit 93af138 and d1f0f65. None of the launched variations of h2o are affected by this vulnerability. There are not any recognized workarounds. Users of unreleased variations of h2o utilizing HTTP/3 are suggested to improve instantly.
An info disclosure vulnerability exists within the Web Server performance of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle assault can result in a disclosure of delicate info. An attacker can carry out a man-in-the-middle assault to set off this vulnerability.
Various Vembu merchandise permit an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other merchandise or variations of merchandise on this household could also be affected too.)
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all variations) that might permit the attacker to seek out the password hash when the attacker has captured the site visitors between EcoStruxure Machine – Basic software program and Modicon M221 controller and broke the encryption keys.
There’s a flaw in Python 3’s pydoc. An area or adjoining attacker who discovers or is ready to persuade one other native or adjoining consumer to start out a pydoc server may entry the server and use it to reveal delicate info belonging to the opposite consumer that they might not usually be capable to entry. The highest threat of this flaw is to information confidentiality. This flaw impacts Python variations earlier than 3.8.9, Python variations earlier than 3.9.3 and Python variations earlier than 3.10.0a7.
VMware ESXi 6.5 with out patch ESXi650-201703410-SG, 6.0 U3 with out patch ESXi600-201703401-SG, 6.0 U2 with out patch ESXi600-201703403-SG, 6.0 U1 with out patch ESXi600-201703402-SG, 5.5 with out patch ESXi550-201703401-SG; Workstation Pro / Player 12.x previous to 12.5.5; and Fusion Pro / Fusion 8.x prior to eight.5.6 have uninitialized reminiscence utilization. This concern might result in an info leak.
VMware ESXi 6.5 with out patch ESXi650-201707101-SG, ESXi 6.0 with out patch ESXi600-201706101-SG, ESXi 5.5 with out patch ESXi550-201709101-SG, Workstation (12.x earlier than 12.5.3), Fusion (8.x earlier than 8.5.4) include a NULL pointer dereference vulnerability. This concern happens when dealing with visitor RPC requests. Successful exploitation of this concern might permit attackers with regular consumer privileges to crash their VMs.
A specifically crafted ZIP archive can be utilized to trigger an infinite loop within Apache Commons Compress’ further area parser utilized by the ZipFile and ZipArchiveInputStream courses in variations 1.11 to 1.15. This can be utilized to mount a denial of service assault towards companies that use Compress’ zip bundle.
When studying a specifically crafted ZIP archive, the learn methodology of Apache Commons Compress 1.7 to 1.17’s ZipArchiveInputStream can fail to return the proper EOF indication after the tip of the stream has been reached. When mixed with a java.io.InputStreamReader this may result in an infinite stream, which can be utilized to mount a denial of service assault towards companies that use Compress’ zip bundle.
A path validation concern in WhatsApp for iOS previous to v2.20.61 and WhatsApp Business for iOS previous to v2.20.61 may have allowed for listing traversal overwriting information when sending specifically crafted docx, xlsx, and pptx information as attachments to messages.
Apache Groovy gives extension strategies to help with creating momentary directories. Prior to this repair, Groovy’s implementation of these extension strategies was utilizing a now outdated Java JDK methodology name that’s probably not safe on some working techniques in some contexts. Users not utilizing the extension strategies talked about within the advisory usually are not affected, however might want to learn the advisory for additional particulars. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to three.0.6, and 4.0.0-alpha-1. Fixed in variations 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all variations), that might permit an attacker to pre-compute the hash worth utilizing dictionary assault method corresponding to rainbow tables, successfully disabling the safety that an unpredictable salt would offer.
The iconv perform within the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte enter sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the enter state, which may result in an infinite loop in purposes, leading to a denial of service, a special vulnerability from CVE-2016-10228.
In Apache PDFBox, a fastidiously crafted PDF file can set off an OutOfMemory-Exception whereas loading the file. This concern impacts Apache PDFBox model 2.0.23 and prior 2.0.x variations.
In Apache PDFBox, a fastidiously crafted PDF file can set off an infinite loop whereas loading the file. This concern impacts Apache PDFBox model 2.0.23 and prior 2.0.x variations.
When studying a specifically crafted TAR archive an Apache Ant construct could be made to allocate massive quantities of reminiscence that lastly results in an out of reminiscence error, even for small inputs. This can be utilized to disrupt builds utilizing Apache Ant. Apache Ant previous to 1.9.16 and 1.10.11 have been affected.
When studying a specifically crafted ZIP archive, or a derived codecs, an Apache Ant construct could be made to allocate massive quantities of reminiscence that results in an out of reminiscence error, even for small inputs. This can be utilized to disrupt builds utilizing Apache Ant. Commonly used derived codecs from ZIP archives are for example JAR information and plenty of workplace information. Apache Ant previous to 1.9.16 and 1.10.11 have been affected.
SheetJS and SheetJS Pro by way of 0.16.9 permits attackers to trigger a denial of service (reminiscence consumption) by way of a crafted .xlsx doc that’s mishandled when learn by xlsx.js (concern 1 of two).
SheetJS and SheetJS Pro by way of 0.16.9 permits attackers to trigger a denial of service (reminiscence consumption) by way of a crafted .xlsx doc that’s mishandled when learn by xlsx.js (concern 2 of two).
SheetJS and SheetJS Pro by way of 0.16.9 permits attackers to trigger a denial of service (CPU consumption) by way of a crafted .xlsx doc that’s mishandled when learn by xlsx.js.
A logic concern was addressed with improved restrictions. This concern is mounted in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. A malicious software might be able to bypass sure Privacy preferences.
Acrobat Pro DC variations 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker may leverage this vulnerability to reveal delicate consumer reminiscence. Exploitation of this concern requires consumer interplay in {that a} sufferer should open a malicious file.
Acrobat Reader DC variations 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds learn vulnerability that might result in disclosure of arbitrary reminiscence info within the context of the present consumer. Exploitation of this concern requires consumer interplay in {that a} sufferer should open a malicious file.
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 permits attackers to carry out a Denial of Service by way of a crafted script file.
Adobe Audition model 14.2 (and earlier) is affected by an out-of-bounds learn vulnerability when parsing a specifically crafted file. An unauthenticated attacker may leverage this vulnerability to reveal arbitrary reminiscence info within the context of the present consumer. Exploitation of this concern requires consumer interplay in {that a} sufferer should open a malicious file.
Adobe Prelude model 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specifically crafted file. An unauthenticated attacker may leverage this vulnerability to attain an software denial-of-service within the context of the present consumer. Exploitation of this concern requires consumer interplay in {that a} sufferer should open a malicious file.
Adobe Premiere Rush variations 1.5.16 (and earlier) permits entry to an uninitialized pointer vulnerability that permits distant attackers to reveal delicate info on affected installations. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the parsing of MP4 information. The concern outcomes from the shortage of correct initialization of reminiscence previous to accessing it.
A Denial of Service vulnerability exists in Binaryen 103 on account of an Invalid reminiscence handle dereference in wasm::WasmBinaryBuilder::visitLet.
UltraJSON (aka ujson) by way of 5.1.0 has a stack-based buffer overflow in Buffer_AppfinishIndentUnchecked (known as from encode). Exploitation can, for instance, use a considerable amount of indentation.
Qt SVG in Qt 5.0.0 by way of 5.15.2 and 6.0.0 by way of 6.2.1 has an out-of-bounds write in QtNon-public::QCommonArrayOps::developAppfinish (known as from QPainterPath::addPath and QPathClipper::intersect).
The bundle nanoid from 3.0.0 and earlier than 3.1.31 are susceptible to Information Exposure by way of the valueOf() perform which permits to breed the final id generated.
Jsish v3.5.0 was found to include a heap-use-after-free by way of Jsi_IncrRefCount in src/jsiValue.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a SEGV vulnerability by way of Jsi_ValueIsNumber at src/jsiValue.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a SEGV vulnerability by way of jsi_ArraySpliceCmd at src/jsiArray.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a SEGV vulnerability by way of /lib/x86_64-linux-gnu/libc.so.6+0x18e506. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a SEGV vulnerability by way of jsi_ArrayConcatCmd at src/jsiArray.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a heap-use-after-free by way of Jsi_DecrRefCount in src/jsiValue.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a SEGV vulnerability by way of NumberConstructor at src/jsiNumber.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a SEGV vulnerability by way of Jsi_CommandPkgOpts at src/jsiCmds.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a SEGV vulnerability by way of Jsi_FunctionInvoke at src/jsiFunc.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a heap-use-after-free by way of jsi_ValueLookupBase in src/jsiValue.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a heap-use-after-free by way of DeleteTreeValue in src/jsiObj.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a heap-use-after-free by way of Jsi_ObjFree in src/jsiObj.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a heap-use-after-free by way of jsi_UserObjDelete in src/jsiUserObj.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a heap-use-after-free by way of jsi_wswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a heap-use-after-free by way of jsi_ValueCopyTransfer in src/jsiValue.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a heap-use-after-free by way of jsi_ArgTypeCheck in src/jsiFunc.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a heap-use-after-free by way of SortSubCmd in src/jsiArray.c. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a heap-use-after-free by way of /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d. This vulnerability can result in a Denial of Service (DoS).
Jsish v3.5.0 was found to include a heap-use-after-free by way of /usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732. This vulnerability can result in a Denial of Service (DoS).
A CWE-125:Out-of-Bounds Read vulnerability exists that might trigger unintended information disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon instrument. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior
A specifically crafted script may trigger the DeltaV Distributed Control System Controllers (All Versions) to restart and trigger a denial-of-service situation.
save_window_function_values in MariaDB earlier than 10.6.3 permits an software crash due to incorrect dealing with of with_window_func=true for a subquery.
xterm by way of Patch 370, when Sixel help is enabled, permits attackers to set off a buffer overflow in set_sixel in graphics_sixel.c by way of crafted textual content.
There is an info publicity vulnerability on a number of Huawei Products. The vulnerability is because of that the software program doesn’t correctly shield sure info. Successful exploit may trigger info disclosure. Affected product variations embody: CloudEngine 12800 V200R005C10SPC800; CloudEngine 5800 V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 V200R005C10SPC800, V200R019C00SPC800.
NVIDIA GPU Display Driver for Windows accommodates a vulnerability within the kernel mode layer (nvlddmkm.sys) handler for personal IOCTLs the place a NULL pointer dereference within the kernel, created inside consumer mode code, might result in a denial of service within the type of a system crash.
NVIDIA vGPU software program accommodates a vulnerability within the Virtual GPU Manager (nvidia.ko), the place a consumer within the visitor OS could cause a GPU interrupt storm on the hypervisor host, resulting in a denial of service.
Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 permits distant authenticated customers to inject arbitrary internet script or HTML by way of crafted XML information to the XMLRPC API, involving consumer particulars. NOTE: this vulnerability exists due to an incomplete repair for CVE-2014-7811.
In Valve Steam 1528829181 BETA, it’s doable to carry out a homograph / homoglyph assault to create pretend URLs within the shopper, which can trick customers into visiting unintended web pages.
The iFlyChat WordPress plugin earlier than 4.7.0 doesn’t sanitise its APP ID setting earlier than outputting it again within the web page, resulting in an authenticated Stored Cross-Site Scripting concern
ckeditor is an open supply WYSIWYG HTML editor with wealthy content material help. A vulnerability has been found within the clipboard Widget plugin if used alongside the undo function. The vulnerability permits a consumer to abuse undo performance utilizing malformed widget HTML, which may lead to executing JavaScript code. It impacts all customers utilizing the CKEditor 4 plugins listed above at model >= 4.13.0. The drawback has been acknowledged and patched. The repair will likely be obtainable in model 4.16.2.
ckeditor is an open supply WYSIWYG HTML editor with wealthy content material help. A possible vulnerability has been found in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) bundle. The vulnerability allowed to abuse paste performance utilizing malformed HTML, which may lead to injecting arbitrary HTML into the editor. It impacts all customers utilizing the CKEditor 4 plugins listed above at model >= 4.5.2. The drawback has been acknowledged and patched. The repair will likely be obtainable in model 4.16.2.
ckeditor is an open supply WYSIWYG HTML editor with wealthy content material help. A possible vulnerability has been found in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) bundle. The vulnerability allowed to inject malformed Fake Objects HTML, which may lead to executing JavaScript code. It impacts all customers utilizing the CKEditor 4 plugins listed above at model < 4.16.2. The drawback has been acknowledged and patched. The repair will likely be obtainable in model 4.16.2.
Adobe Experience Manager model 6.5.9.0 (and earlier) is affected by a saved XSS vulnerability when creating Content Fragments. An authenticated attacker can ship a malformed POST request to attain arbitrary code execution. Malicious JavaScript could also be executed in a sufferer’s browser after they browse to the web page containing the susceptible area.
CKEditor4 is an open supply WYSIWYG HTML editor. In affected variations a vulnerability has been found within the Advanced Content Filter (ACF) module and will have an effect on all plugins utilized by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content material sanitization, which may lead to executing JavaScript code. It impacts all customers utilizing the CKEditor 4 at model < 4.17.0. The drawback has been acknowledged and patched. The repair will likely be obtainable in model 4.17.0.
CKEditor4 is an open supply WYSIWYG HTML editor. In affected model a vulnerability has been found within the core HTML processing module and will have an effect on all plugins utilized by CKEditor 4. The vulnerability allowed to inject malformed feedback HTML bypassing content material sanitization, which may lead to executing JavaScript code. It impacts all customers utilizing the CKEditor 4 at model < 4.17.0. The drawback has been acknowledged and patched. The repair will likely be obtainable in model 4.17.0.
Cross-site Scripting (XSS) – Stored in GitHub repository zulip/zulip greater than and together with 44f935695d452cc3fb16845a0c6af710438b153d and previous to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital’s Patient Records Management System 1.0 by way of the outline parameter in room_types.
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital’s Patient Records Management System 1.0 by way of the outline parameter in room_list.
A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 by way of the Category parameter in an add perform in class/index.php.
SYNEL – eharmony Authenticated Blind & Stored XSS. Inject JS code into the “feedback” area may result in potential stealing of cookies, loading of HTML tags and JS code onto the system.
A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and beneath permits attackers to execute arbitrary internet scripts or HTML by way of a crafted payload inserted into the State parameter beneath the Address Book module.
Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was found to include a cross-site scripting (XSS) vulnerability by way of the Ping diagnostic choice.
A cross-site scripting (XSS) vulnerability within the Create Post perform of Anchor CMS v0.12.7 permits attackers to execute arbitrary internet scripts or HTML.
Multiple cross-site scripting (XSS) vulnerabilities within the part outcomes_addProcess.php of Gibbon CMS v22.0.01 permit attackers to execute arbitrary internet scripts or HTML by way of a crafted payload insterted into the title, class, description parameters.
An concern was found in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all variations, Magelis GTU Universal Panel, all variations, Magelis STO5xx and STU Small panels, all variations, Magelis XBT GH Advanced Hand-held Panels, all variations, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all variations, Magelis XBT GT Advanced Touchscreen Panels, all variations, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open a number of connections to a focused internet server and maintain connections open stopping new connections from being made, rendering the online server unavailable throughout an assault.
zzcms 8.2 permits distant attackers to find the complete path by way of a direct request to three/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/buddy.php.
A vulnerability exists in Schneider Electric’s Pelco Sarix Professional in all firmware variations prior to three.29.67 which may permit retrieving of specifically crafted URLs with out authentication that may reveal delicate info to an attacker.
A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all variations of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which may trigger invalid info displayed in Unity Pro software program.
VMware ESXi and vCenter Server include a partial denial of service vulnerability of their respective authentication companies. VMware has evaluated the severity of this concern to be within the Moderate severity vary with a most CVSSv3 base rating of 5.3.
Apache HttpClient variations previous to model 4.5.13 and 5.0.3 can misread malformed authority part in request URIs handed to the library as java.internet.URI object and choose the incorrect goal host for request execution.
In JetBrains Kotlin earlier than 1.4.21, a susceptible Java API was used for momentary file and folder creation. An attacker was in a position to learn information from such information and checklist directories on account of insecure permissions.
A frame-injection concern within the on-line assist in Redwood Report2Web 4.3.4.5 permits distant attackers to render an exterior useful resource inside a body by way of the assistance/Online_Help/NetAssist/default.htm turl parameter.
Lodash variations previous to 4.17.21 are susceptible to Regular Expression Denial of Service (ReDoS) by way of the toNumber, trim and trimEnd capabilities.
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode permits requests with URIs that include %2e or %2epercent2e segments to entry protected sources inside the WEB-INF listing. For instance a request to /context/%2e/WEB-INF/internet.xml can retrieve the online.xml file. This can reveal delicate info concerning the implementation of an internet software.
For Eclipse Jetty variations <= 9.4.40, <= 10.0.2, <= 11.0.2, it's doable for requests to the ConcatServlet with a doubly encoded path to entry protected sources inside the WEB-INF listing. For instance a request to `/concat?/%2557EB-INF/internet.xml` can retrieve the online.xml file. This can reveal delicate info concerning the implementation of an internet software.
curl 7.61.0 by way of 7.76.1 suffers from publicity of information factor to incorrect session on account of a mistake within the code for CURLOPT_SSL_CIPHER_LIST when libcurl is constructed to make use of the Schannel TLS library. The chosen cipher set was saved in a single “static” variable within the library, which has the shocking side-effect that if an software units up a number of concurrent transfers, the final one which units the ciphers will by chance management the set utilized by all transfers. In a worst-case state of affairs, this weakens transport safety considerably.
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and eight.5.0 to eight.5.66 didn’t appropriately parse the HTTP transfer-encoding request header in some circumstances resulting in the chance to request smuggling when used with a reverse proxy. Specifically: – Tomcat incorrectly ignored the switch encoding header if the shopper declared it might solely settle for an HTTP/1.0 response; – Tomcat honoured the establish encoding; and – Tomcat didn’t be sure that, if current, the chunked encoding was the ultimate encoding.
For Eclipse Jetty variations 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs could be crafted utilizing some encoded characters to entry the content material of the WEB-INF listing and/or bypass some safety constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
curl helps the `-t` command line choice, often known as `CURLOPT_TELNETOPTIONS`in libcurl. This hardly ever used choice is used to ship variable=content material pairs toTELNET servers.Due to flaw within the choice parser for sending `NEW_ENV` variables, libcurlcould be made to go on uninitialized information from a stack based mostly buffer to theserver. Therefore probably revealing delicate inside info to theserver utilizing a clear-text community protocol.This may occur as a result of curl didn’t name and use sscanf() appropriately whenparsing the string offered by the applying.
If the Node.js https API was used incorrectly and “undefined” was in handed for the “rejectUnauthorized” parameter, no error was returned and connections to servers with an expired certificates would have been accepted.
The BulletProof Security WordPress plugin is susceptible to delicate info disclosure on account of a file path disclosure within the publicly accessible ~/db_backup_log.txt file which grants attackers the complete path of the positioning, along with the trail of database backup information. This impacts variations as much as, and together with, 5.1.
In PHP variations 7.3.x beneath 7.3.29, 7.4.x beneath 7.4.21 and eight.0.x beneath 8.0.8, when utilizing URL validation performance by way of filter_var() perform with FILTER_VALIDATE_URL parameter, an URL with invalid password area could be accepted as legitimate. This can result in the code incorrectly parsing the URL and probably resulting in different safety implications – like contacting a incorrect server or making a incorrect entry resolution.
After the preliminary setup course of, some steps of setup.php file are reachable not solely by super-administrators, however by unauthenticated customers as properly. Malicious actor can go step checks and probably change the configuration of Zabbix Frontend.
Apache Karaf obr:* instructions and run aim on the karaf-maven-plugin have partial path traversal which permits to interrupt out of anticipated folder. The threat is low as obr:* instructions usually are not very used and the entry is ready by consumer. This has been mounted in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf customers ought to improve to 4.2.15 or 4.3.6 or later as quickly as doable, or use right path. JIRA Tickets: https://points.apache.org/jira/browse/KARAF-7326
BuddyBoss Platform by way of 1.8.0 permits distant attackers to acquire the e-mail handle of every consumer. When creating a brand new consumer, it generates a Unique ID for his or her profile. This UID is their personal e mail handle with symbols eliminated and durations changed with hyphens. For instance. [email protected] would turn into /members/johndoeexample-com and [email protected] would turn into /members/jo-testexample-com. The members checklist is out there to everybody and (in a default configuration) usually with out authentication. It is subsequently trivial to gather an inventory of e mail addresses.
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting model 1.0.0 and previous to model 1.3.3, a test was added if the vacation spot file is beneath a vacation spot listing. However, it’s not enforced that `_baseDirectory` ends with slash. If the _baseDirectory shouldn’t be slash terminated like `/residence/consumer/dir` it’s doable to create a file with a reputation thats begins because the vacation spot listing one degree up from the listing, i.e. `/residence/consumer/dir.sh`. Because of the file title and vacation spot listing constraints, the arbitrary file creation influence is restricted and is dependent upon the use case. Version 1.3.3 mounted this vulnerability.
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting model 1.3.0 and previous to model 1.3.3, a test was added if the vacation spot file is beneath vacation spot listing. However, it’s not enforced that `destDir` ends with slash. If the `destDir` shouldn’t be slash terminated like `/residence/consumer/dir` it’s doable to create a file with a reputation thats begins with the vacation spot listing, i.e. `/residence/consumer/dir.sh`. Because of the file title and vacation spot listing constraints, the arbitrary file creation influence is restricted and is dependent upon the use case. Version 1.3.3 accommodates a patch for this vulnerability.
The Nextcloud Android app is the Android shopper for Nextcloud, a self-hosted productiveness platform. An concern in variations prior to three.17.1 might result in delicate info disclosure. An unauthorized app that doesn’t have the in any other case required `MANAGE_DOCUMENTS` permission might view picture thumbnails for photos it doesn’t have permission to view. Version 3.17.1 accommodates a patch. There are not any recognized workarounds.
Single Connect doesn’t carry out an authorization test when utilizing the “log-monitor” module. A distant attacker may exploit this vulnerability to entry the logging interface. The exploitation of this vulnerability would possibly permit a distant attacker to acquire delicate info.
Single Connect doesn’t carry out an authorization test when utilizing the “sc-diagnostic-ui” module. A distant attacker may exploit this vulnerability to entry the gadget info web page. The exploitation of this vulnerability would possibly permit a distant attacker to acquire delicate info.
An concern was found in Stormshield SNS earlier than 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection desk. This would consequence within the proxy denying any new connections.
A CWE-200: Information Exposure vulnerability exists which may trigger the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) utilizing NMC2 together with Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) utilizing NMC3 together with Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) utilizing NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products utilizing NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for collection ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for collection ACRC10x SKUs (RC10X2G), InRow Cooling for collection ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for collection ACRD3xx (ACRC2G), InRow Cooling for collection ACSC1xx SKUs (SC2G), InRow Cooling for collection ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
Hitachi Energy LinkOne product, has a vulnerability on account of an internet server misconfiguration, that allows debug mode and divulges the complete path of the filesystem listing when an attacker generates errors throughout a question operation. This concern impacts: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
The remark perform in YzmCMS v6.3 was found as with the ability to be operated concurrently, permitting attackers to create an unusually massive variety of feedback.
Adenza AxiomSL ControllerView by way of 10.8.1 is susceptible to consumer enumeration. An attacker can establish legitimate usernames on the platform as a result of a failed login try produces a special error message when the username is legitimate.
Flask-AppBuilder is an software improvement framework, constructed on high of the Flask internet framework. In affected variations there exists a consumer enumeration vulnerability. This vulnerability permits for a non authenticated consumer to enumerate present accounts by timing the response time from the server if you find yourself logging in. Users are suggested to improve to model 3.4.4 as quickly as doable. There are not any recognized workarounds for this concern.
The Document Embedder WordPress plugin earlier than 1.7.5 accommodates a REST endpoint, which may permit unauthenticated customers to enumerate the title of arbitrary personal and draft posts.
UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior permits a distant attacker who can entry to the interior community, the configuration info could also be obtained.
PrinterLogic Web Stack variations 19.1.1.13 SP9 and beneath are susceptible to SQL Injection, which can permit an attacker to entry further audit data.
IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves otherwise or sends completely different responses beneath completely different circumstances in a method that’s observable to an unauthorized actor, which may facilitate username enumeration. IBM X-Force ID: 213856.
Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 permits distant unauthenticated customers to browse and checklist the directories throughout your entire filesystem of the host of the online software.
Kubernetes API server in all variations permit an attacker who is ready to create a ClusterIP service and set the spec.externalIPs area, to intercept site visitors to that IP handle. Additionally, an attacker who is ready to patch the standing (which is taken into account a privileged operation and mustn’t sometimes be granted to customers) of a LoadBalancer service can set the standing.loadBalancer.ingress.ip to comparable impact.
RSA BSAFE Crypto-C Micro Edition, all variations previous to 4.1.4, is susceptible to 3 (3) completely different Improper Clearing of Heap Memory Before Release vulnerability, also referred to as ‘Heap Inspection vulnerability’. A malicious distant consumer may probably exploit this vulnerability to extract info leaving information vulnerable to publicity.
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (model previous to V3.10), Modicon M340 (all firmware variations), and Modicon BMxCRA and 140CRA modules (all firmware variations), which may trigger a Denial of Service assault on the PLC when upgrading the firmware with no firmware picture contained in the bundle utilizing FTP protocol.
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware variations), which may trigger a Denial of Service assault on the PLC when upgrading the firmware with a lacking internet server picture contained in the bundle utilizing FTP protocol.
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (model previous to V3.10), Modicon M340 (all firmware variations), and Modicon BMxCRA and 140CRA modules (all firmware variations), which may trigger a Denial of Service assault on the PLC when upgrading the controller with an empty firmware bundle utilizing FTP protocol.
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware variations), which may trigger a Denial of Service atack on the PLC when upgrading the controller with a firmware bundle containing an invalid internet server picture utilizing FTP protocol.
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware variations), which may trigger a Denial of Service assault on the FTP service when upgrading the firmware with a model incompatible with the applying within the controller utilizing FTP protocol.
GLPI is a free asset and IT administration software program bundle. Prior to model 9.5.7, an entity administrator is able to retrieving usually inaccessible information by way of SQL injection. Version 9.5.7 accommodates a patch for this concern. As a workaround, disabling the `Entities` replace proper prevents exploitation of this vulnerability.
The Logs plugin earlier than 3.0.4 for Craft CMS permits distant attackers to learn arbitrary information by way of enter to actionStream in Controller.php.
An concern was found in taoCMS v3.0.2. There is an arbitrary file learn vulnerability that may learn any information by way of admin.php?motion=file&ctrl=obtain&path=../../1.txt.
In Apache Commons IO earlier than 2.7, When invoking the strategy FileNameUtils.normalize with an improper enter string, like “//../foo”, or “..foo”, the consequence could be the identical worth, thus presumably offering entry to information within the dad or mum listing, however not additional above (thus “restricted” path traversal), if the calling code would use the consequence to assemble a path worth.
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 permits an attackers to inject arbitrary JavaScript code.
Gibbon CMS v22.0.01 was found to include a cross-site scripting (XSS) vulnerability, that permits attackers to inject arbitrary script by way of title parameters.
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which permits distant malicious customers to execute arbitrary distant code execution by way of create consumer perform.
Emlog professional v1.1.1 was found to include a saved cross-site scripting (XSS) vulnerability within the part /admin/configure.php by way of the parameter footer_info.
The SVG Support WordPress plugin earlier than 2.3.20 doesn’t escape the “CSS Class to focus on” setting earlier than outputting it in an attribute, which may permit excessive privilege customers to carry out Cross-Site Scripting assaults even when the unfiltered_html functionality is disallowed.
The Learning Courses WordPress plugin earlier than 5.0 doesn’t sanitise and escape the Email PDT identification token settings, which may permit excessive privilege customers to carry out cross-Site Scripting assaults even when the unfiltered_html functionality is disallowed
The Ninja Tables WordPress plugin earlier than 4.1.8 doesn’t sanitise and escape a few of its desk fields, which may permit excessive privilege customers to carry out Cross-Site Scripting assaults even when the unfiltered_html functionality is disallowed
The Custom Dashboard & Login Page WordPress plugin earlier than 7.0 doesn’t sanitise a few of its settings, permitting excessive privilege customers to carry out Cross-Site Scripting assaults even when the unfiltered_html functionality is disallowed.
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected variations), that might trigger a consumer to carry out an unintended motion on the goal gadget when utilizing the HTTP internet interface.
NVIDIA GPU and Tegra {hardware} include a vulnerability within the inside microcontroller, which can permit a consumer with elevated privileges to entry protected info by figuring out, exploiting, and loading susceptible microcode. Such an assault might result in info disclosure.
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all variations) that might permit non delicate info disclosure when the attacker has captured the site visitors between EcoStruxure Machine – Basic software program and Modicon M221 controller.
The MAZ Loader WordPress plugin earlier than 1.4.1 doesn’t implement nonce checks, which permits attackers to make directors delete arbitrary loaders by way of a CSRF assault
The WP Post Page Clone WordPress plugin earlier than 1.2 permits customers with a task as little as Contributor to clone and look at different customers’ draft and password-protected posts which they can’t view usually.
A Built-in extension in Whale browser earlier than 3.12.129.46 permits attackers to compromise the rendering course of which may result in controlling browser inside APIs.
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that might trigger unintended modifications of the product settings or consumer accounts when deceiving the consumer to make use of the online interface rendered inside iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All variations previous to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All variations previous to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All variations previous to R8 V3.4.0.2)
The Document Embedder WordPress plugin earlier than 1.7.9 accommodates a AJAX motion endpoint, which may permit any authenticated consumer, corresponding to subscriber to enumerate the title of arbitrary personal and draft posts.
An improper entry management vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and beneath, 6.2.x, 6.1.x, 6.0.x might permit an attacker on the identical vlan because the HA administration interface to make an unauthenticated direct connection to the FAC’s database.
Adobe Creative Cloud model 5.5 (and earlier) are affected by an Application denial of service vulnerability within the Creative Cloud Desktop installer. An authenticated attacker with root privileges may leverage this vulnerability to attain denial of service by planting a malicious file on the sufferer’s native machine. User interplay is required earlier than product set up to abuse this vulnerability.
A flaw was present in dnsmasq in variations earlier than 2.85. When configured to make use of a selected server for a given community interface, dnsmasq makes use of a hard and fast port whereas forwarding queries. An attacker on the community, capable of finding the outgoing port utilized by dnsmasq, solely must guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning assault a lot simpler. The highest menace from this vulnerability is to information integrity.
A CWE-331: Insufficient Entropy vulnerability exists that might trigger unintended connection from an inside community to an exterior community when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 by way of V2.5.1
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting again to a given IP handle and port, and this manner probably make curl extract details about companies which can be in any other case personal and never disclosed, for instance doing port scanning and repair banner extractions.
libcurl retains beforehand used connections in a connection pool for subsequenttransfers to reuse, if considered one of them matches the setup.Due to errors within the logic, the config matching perform didn’t take ‘issuercert’ into consideration and it in contrast the concerned paths *case insensitively*,which may result in libcurl reusing incorrect connections.File paths are, or could be, case delicate on many techniques however not all, and caneven fluctuate relying on used file techniques.The comparability additionally did not embody the ‘issuer cert’ which a switch can setto qualify how you can confirm the server certificates.
For Eclipse Jetty variations <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() methodology, then the session ID shouldn't be invalidated within the session ID supervisor. On deployments with clustered periods and a number of contexts this may end up in a session not being invalidated. This may end up in an software used on a shared laptop being left logged in.
In the IPv4 implementation within the Linux kernel earlier than 5.12.4, internet/ipv4/route.c has an info leak as a result of the hash desk may be very small.
A temp listing creation vulnerability exists in all variations of Guava, permitting an attacker with entry to the machine to probably entry information in a short lived listing created by the Guava API com.google.widespread.io.Files.createTempDir(). By default, on unix-like techniques, the created listing is world-readable (readable by an attacker with entry to the system). The methodology in query has been marked @Deprecated in variations 30.0 and later and shouldn’t be used. For Android builders, we advocate selecting a short lived listing API offered by Android, corresponding to context.getCacheDir(). For different Java builders, we advocate migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime’s java.io.tmpdir system property to level to a location whose permissions are appropriately configured.
Adobe Premiere Rush variations 1.5.16 (and earlier) permits entry to an uninitialized pointer vulnerability that permits distant attackers to reveal arbitrary information on affected installations. User interplay is required to take advantage of this vulnerability in that the goal should go to a malicious web page or open a malicious file. The particular flaw exists inside the parsing of MP4 information. The concern outcomes from the shortage of correct initialization of reminiscence previous to accessing it.
curl 7.7 by way of 7.76.1 suffers from an info disclosure when the `-t` command line choice, often known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to ship variable=content material pairs to TELNET servers. Due to a flaw within the choice parser for sending NEW_ENV variables, libcurl could possibly be made to go on uninitialized information from a stack based mostly buffer to the server, leading to probably revealing delicate inside info to the server utilizing a clear-text community protocol.
The Onion module in toxcore earlier than 0.2.2 would not prohibit which packets could be onion-routed, which permits a distant attacker to find a goal consumer’s IP handle (when figuring out solely their Tox Id) by positioning themselves shut to focus on’s Tox Id within the DHT for the goal to ascertain an onion reference to the attacker, guessing the goal’s DHT public key and making a DHT node with public key near it, and at last onion-routing a NAT Ping Request to the goal, requesting it to ping the simply created DHT node.
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes makes an attempt to forestall proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service suppliers. As a part of this mitigation Kubernetes does a DNS title decision test and validates that response IPs usually are not within the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) vary. Kubernetes then performs a second DNS decision with out validation for the precise connection. If a non-standard DNS server returns completely different non-cached responses, a consumer might be able to bypass the proxy IP restriction and entry personal networks on the management airplane.
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a consumer makes use of a webapps listing that may be a symlink, the contents of the webapps listing is deployed as a static webapp, inadvertently serving the webapps themselves and anything that is perhaps in that listing.
Vulnerability within the Database Vault part of Oracle Database Server. Supported variations which can be affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability permits excessive privileged attacker having Create Any View, Select Any View privilege with community entry by way of Oracle Net to compromise Database Vault. Successful assaults of this vulnerability may end up in unauthorized learn entry to a subset of Database Vault accessible information. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
IBM Security Guardium Insights 3.0 may permit an authenticated consumer to acquire delicate info on account of inadequate session expiration. IBM X-Force ID: 205256.
RSA BSAFE Micro Edition Suite variations previous to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are susceptible to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious consumer with adjoining community entry may probably exploit this vulnerability to trigger a crash within the library of the affected system.
Skype 0.92.0.12 and 1.0.0.1 for Linux, and presumably different variations, creates the /usr/share/skype/lang listing with world-writable permissions, which permits native customers to switch language information and presumably conduct social engineering or different assaults.
gifload.exe in GIMP 2.0.5, 2.2.3, and presumably 2.2.4 permits distant attackers or native customers to trigger a denial of service (software crash) by way of the picture descriptor (1) top or (2) width fields set to zero.
The AJP connector in Apache Tomcat 4.0.1 by way of 4.0.6 and 4.1.0 by way of 4.1.36, as utilized in Hitachi Cosminexus Application Server and standalone, doesn’t correctly deal with when a connection is damaged earlier than request physique information is distributed in a POST request, which might result in an info leak when “unsuitable request physique information” is used for a special request, presumably associated to Java Servlet pages.
Buffer overflow within the xcf_load_vector perform in app/xcf/xcf-load.c for gimp earlier than 2.2.12 permits user-assisted attackers to trigger a denial of service (crash) and presumably execute arbitrary code by way of an XCF file with a big num_axes worth within the VECTORS property.
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and presumably different distributions doesn’t return an error situation when an LDAP listing server responds with a PasswordPolicyResponse management response, which causes the pam_authenticate perform to return a hit code even when authentication has failed, as initially reported for xscreensaver.
The GdkPixbufLoader perform in GIMP ToolEquipment (GTK+) in GTK 2 (gtk2) earlier than 2.4.13 permits context-dependent attackers to trigger a denial of service (crash) by way of a malformed picture file.
PerlRun.pm in Apache mod_perl earlier than 1.30, and RegistryCooker.pm in mod_perl 2.x, doesn’t correctly escape PATH_INFO earlier than use in an everyday expression, which permits distant attackers to trigger a denial of service (useful resource consumption) by way of a crafted URI.
Stack-based buffer overflow within the set_color_table perform in sunras.c within the SUNRAS plugin in Gimp 2.2.14 permits user-assisted distant attackers to execute arbitrary code by way of a crafted RAS file.
Gimp earlier than 2.8.22 permits context-dependent attackers to trigger a denial of service (crash) by way of an ICO file with an InfoHeader containing a Height of zero, an identical concern to CVE-2007-2237.
Integer overflow within the seek_to_and_unpack_pixeldata perform within the psd.c plugin in Gimp 2.2.15 permits distant attackers to execute arbitrary code by way of a crafted PSD file that accommodates a big (1) width or (2) top worth.
Multiple integer overflows within the picture loader plug-ins in GIMP earlier than 2.2.16 permit user-assisted distant attackers to execute arbitrary code by way of crafted size values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD information.
Integer overflow within the TIFF parser in OpenOffice.org (OOo) earlier than 2.3; and Sun StarOffice 6, 7, and eight Office Suite (StarSuite); permits distant attackers to execute arbitrary code by way of a TIFF file with crafted values of unspecified size fields, which triggers allocation of an incorrect quantity of reminiscence, leading to a heap-based buffer overflow.
Audacity 1.3.2 creates a short lived listing with a predictable title with out checking for earlier existence of that listing, which permits native customers to trigger a denial of service (recording impasse) by creating the listing earlier than Audacity is run. NOTE: this concern could be leveraged to delete arbitrary information or directories by way of a symlink assault.
Red Hat Enterprise Linux 5 and Fedora set up the Bind /and so forth/rndc.key file with world-readable permissions, which permits native customers to carry out unauthorized named instructions, corresponding to inflicting a denial of service by stopping named.
Apache Tomcat 6.0.0 by way of 6.0.14, 5.5.0 by way of 5.5.25, and 4.1.0 by way of 4.1.36 doesn’t correctly deal with (1) double quote (“) characters or (2) %5C (encoded backslash) sequences in a cookie worth, which could trigger delicate info corresponding to session IDs to be leaked to distant attackers and allow session hijacking assaults. NOTE: this concern exists due to an incomplete repair for CVE-2007-3385.
Multiple stack-based buffer overflows within the legacy mod_jk2 2.0.3-DEV and earlier Apache module permit distant attackers to execute arbitrary code by way of an extended (1) Host header, or (2) Hostname inside a Host header.
dbus-daemon in D-Bus earlier than 1.0.3, and 1.1.x earlier than 1.1.20, acknowledges send_interface attributes in permit directives within the safety coverage just for absolutely certified methodology calls, which permits native customers to bypass meant entry restrictions by way of a technique name with a NULL interface.
The default IPSec ifup script in Red Hat Enterprise Linux 3 by way of 5 configures racoon to make use of aggressive IKE mode as an alternative of essential IKE mode, which makes it simpler for distant attackers to conduct brute drive assaults by sniffing an unencrypted preshared key (PSK) hash.
The Replace perform within the capp-lspp-config script within the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages earlier than 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 makes use of lstat as an alternative of stat to find out the /and so forth/pam.d/system-auth file permissions, resulting in a change to world-writable permissions for the /and so forth/pam.d/system-auth-ac file, which permits native customers to achieve privileges by modifying this file.
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as utilized by Red Hat Directory Server 8.0 EL4 and EL5, permits distant attackers to execute arbitrary instructions.
Buffer overflow within the common expression handler in Red Hat Directory Server 8.0 and seven.1 earlier than SP6 permits distant attackers to trigger a denial of service (slapd crash) and presumably execute arbitrary code by way of a crafted LDAP question that triggers the overflow throughout translation to an everyday expression.
OpenSSL 0.9.8c-1 as much as variations earlier than 0.9.8g-9 on Debian-based working techniques makes use of a random quantity generator that generates predictable numbers, which makes it simpler for distant attackers to conduct brute drive guessing assaults towards cryptographic keys.
OpenSSL 0.9.8f and 0.9.8g permits distant attackers to trigger a denial of service (crash) by way of a TLS handshake that omits the Server Key Exchange message and makes use of “specific cipher suites,” which triggers a NULL pointer dereference.
Double free vulnerability within the utrace help within the Linux kernel, in all probability 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) permits native customers to trigger a denial of service (oops), as demonstrated by a crash when working the GNU GDB testsuite, a special vulnerability than CVE-2008-2365.
arch/x86_64/lib/copy_user.S within the Linux kernel earlier than 2.6.19 on some AMD64 techniques doesn’t erase vacation spot reminiscence places after an exception throughout kernel reminiscence copy, which permits native customers to acquire delicate info.
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 by way of 4.1.37, 5.5.0 by way of 5.5.26, and 6.0.0 by way of 6.0.16 permits distant attackers to inject arbitrary internet script or HTML by way of a crafted string that’s used within the message argument to the HttpServletResponse.shipError methodology.
Directory traversal vulnerability in Apache Tomcat 4.1.0 by way of 4.1.37, 5.5.0 by way of 5.5.26, and 6.0.0 by way of 6.0.16, when permitLinking and UTF-8 are enabled, permits distant attackers to learn arbitrary information by way of encoded listing traversal sequences within the URI, a special vulnerability than CVE-2008-2370. NOTE: variations sooner than 6.0.18 have been reported affected, however the vendor advisory lists 6.0.16 because the final affected model.
manzier.pxt in Red Hat Network Satellite Server earlier than 5.1.1 has a hard-coded authentication key, which permits distant attackers to connect with the server and acquire delicate details about consumer accounts and entitlements.
dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and presumably Fedora, makes use of world-readable permissions for dovecot.conf, which permits native customers to acquire the ssl_key_password parameter worth.
Stack-based buffer overflow within the String_parse::get_nonspace_quoted perform in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and different variations earlier than 1.3.6 permits distant attackers to trigger a denial of service (crash) and presumably execute arbitrary code by way of a .gro file containing an extended string.
Memory leak in LittleCMS (aka lcms or liblcms) earlier than 1.18beta2, as utilized in Firefox 3.1beta, OpenJDK, and GIMP, permits context-dependent attackers to trigger a denial of service (reminiscence consumption and software crash) by way of a crafted picture file.
Multiple integer overflows in LittleCMS (aka lcms or liblcms) earlier than 1.18beta2, as utilized in Firefox 3.1beta, OpenJDK, and GIMP, permit context-dependent attackers to execute arbitrary code by way of a crafted picture file that triggers a heap-based buffer overflow. NOTE: a few of these particulars are obtained from third occasion info.
Multiple stack-based buffer overflows within the ReadSetOfCurves perform in LittleCMS (aka lcms or liblcms) earlier than 1.18beta2, as utilized in Firefox 3.1beta, OpenJDK, and GIMP, permit context-dependent attackers to execute arbitrary code by way of a crafted picture file related to a big integer worth for the (1) enter or (2) output channel, associated to the ReadLUT_A2B and ReadLUT_B2A capabilities.
The dtls1_buffer_record perform in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 variations permits distant attackers to trigger a denial of service (reminiscence consumption) by way of a big collection of “future epoch” DTLS data which can be buffered in a queue, aka “DTLS document buffer limitation bug.”
Multiple reminiscence leaks within the dtls1_process_out_of_seq_message perform in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 variations permit distant attackers to trigger a denial of service (reminiscence consumption) by way of DTLS data that (1) are duplicates or (2) have sequence numbers a lot larger than present sequence numbers, aka “DTLS fragment dealing with reminiscence leak.”
ssl/s3_pkt.c in OpenSSL earlier than 0.9.8i permits distant attackers to trigger a denial of service (NULL pointer dereference and daemon crash) by way of a DTLS ChangeCipherSpec packet that happens earlier than ClientHi there.
The dtls1_retrieve_buffered_fragment perform in ssl/d1_both.c in OpenSSL earlier than 1.0.0 Beta 2 permits distant attackers to trigger a denial of service (NULL pointer dereference and daemon crash) by way of an out-of-sequence DTLS handshake message, associated to a “fragment bug.”
agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 permits distant attackers to trigger a denial of service (daemon crash) by way of a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists due to an incorrect repair for CVE-2008-4309.
Integer overflow within the ReadImage perform in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 would possibly permit distant attackers to execute arbitrary code by way of a BMP file with crafted width and top values that set off a heap-based buffer overflow.
Integer overflow within the read_channel_data perform in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 would possibly permit distant attackers to execute arbitrary code by way of a crafted PSD file that triggers a heap-based buffer overflow.
Integer overflow within the XPMReader::ReadXPM perform in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) earlier than 3.2 permits distant attackers to execute arbitrary code by way of a crafted XPM file that triggers a heap-based buffer overflow.
Heap-based buffer overflow within the GIFLZWDecompressor::GIFLZWDecompressor perform in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) earlier than 3.2 permits distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of a crafted GIF file, associated to LZW decompression.
Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) earlier than 3.2 permits distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of a crafted sprmTDefTable desk property modifier in a Word doc.
filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) earlier than 3.2 permits distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of a crafted sprmTSetBrc desk property modifier in a Word doc, associated to a “boundary error flaw.”
OpenOffice.org (OOo) 2.0.4, 2.4.1, and three.1.1 doesn’t correctly implement Visual Basic for Applications (VBA) macro safety settings, which permits distant attackers to run arbitrary macros by way of a crafted doc.
Cerulean Studios Trillian 3.1 Basic doesn’t test SSL certificates throughout MSN authentication, which permits distant attackers to acquire MSN credentials by way of a man-in-the-middle assault with a spoofed SSL certificates.
OpenOffice.org 2.x and three.0 earlier than 3.2.1 permits user-assisted distant attackers to bypass Python macro safety restrictions and execute arbitrary Python code by way of a crafted OpenDocument Text (ODT) file that triggers code execution when the macro listing construction is previewed.
Stack-based buffer overflow within the load_preset_response perform in plug-ins/lighting/lighting-ui.c within the “LIGHTING EFFECTS > LIGHT” plugin in GIMP 2.6.11 permits user-assisted distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of an extended Position area in a plugin configuration file. NOTE: it could be unusual to acquire a GIMP plugin configuration file from an untrusted supply that’s separate from the distribution of the plugin itself. NOTE: a few of these particulars are obtained from third occasion info.
Stack-based buffer overflow within the loadit perform in plug-ins/widespread/sphere-designer.c within the SPHERE DESIGNER plugin in GIMP 2.6.11 permits user-assisted distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of an extended “Number of lights” area in a plugin configuration file. NOTE: it could be unusual to acquire a GIMP plugin configuration file from an untrusted supply that’s separate from the distribution of the plugin itself.
Stack-based buffer overflow within the gfig_read_parameter_gimp_rgb perform in plug-ins/gfig/gfig-style.c within the GFIG plugin in GIMP 2.6.11 permits user-assisted distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of an extended Foreground area in a plugin configuration file. NOTE: it could be unusual to acquire a GIMP plugin configuration file from an untrusted supply that’s separate from the distribution of the plugin itself. NOTE: a few of these particulars are obtained from third occasion info.
Heap-based buffer overflow within the read_channel_data perform in file-psp.c within the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 permits distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of a PSP_COMP_RLE (aka RLE compression) picture file that begins a long term depend on the finish of the picture. NOTE: a few of these particulars are obtained from third occasion info.
Multiple listing traversal vulnerabilities in OpenOffice.org (OOo) 2.x and three.x earlier than 3.3 permit distant attackers to overwrite arbitrary information by way of a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified different (3) JAR or (4) ZIP information.
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and three.x earlier than 3.3 permits distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of malformed tables in an RTF doc.
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and three.x earlier than 3.3 permits distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of crafted tags in an RTF doc.
The WW8ListManager::WW8ListManager perform in oowriter in OpenOffice.org (OOo) 2.x and three.x earlier than 3.3 doesn’t correctly deal with an unspecified variety of checklist ranges in user-defined checklist types in WW8 information in a Microsoft Word doc, which permits distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of a crafted .DOC file that triggers an out-of-bounds write.
Multiple off-by-one errors within the WW8DopTypography::ReadFromMem perform in oowriter in OpenOffice.org (OOo) 2.x and three.x earlier than 3.3 permit distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of crafted typography info in a Microsoft Word .DOC file that triggers an out-of-bounds write.
soffice in OpenOffice.org (OOo) 3.x earlier than 3.3 locations a zero-length listing title within the LD_LIBRARY_PATH, which permits native customers to achieve privileges by way of a Trojan horse shared library within the present working listing.
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and three.x earlier than 3.3 permits distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of a crafted PNG file in an ODF or Microsoft Office doc, as demonstrated by a PowerLevel (aka PPT) doc.
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and three.x earlier than 3.3 permits distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office doc.
Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a harmful, out of date XML-RPC API, which permits distant authenticated customers to entry arbitrary information and trigger a denial of service (failed yum operations) by way of vectors associated to configuration and bundle group (comps.xml) information for channels.
Multiple integer overflows within the load_image perform in file-pcx.c within the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier permit distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of a crafted PCX picture that triggers a heap-based buffer overflow.
Heap-based buffer overflow within the read_channel_data perform in file-psp.c within the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 permits distant attackers to trigger a denial of service (software crash) or presumably execute arbitrary code by way of a PSP_COMP_RLE (aka RLE compression) picture file that begins a long term depend on the finish of the picture. NOTE: a few of these particulars are obtained from third occasion info. NOTE: this vulnerability exists due to an incomplete repair for CVE-2010-4543.
The LZW decompressor within the LWZReadByte perform in giftoppm.c within the David Koblas GIF decoder in PBMPLUS, as used within the gif_read_lzw perform in filter/image-gif.c in CUPS earlier than 1.4.7, the LZWReadByte perform in plug-ins/widespread/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte perform in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and different merchandise, doesn’t correctly deal with code phrases which can be absent from the decompression desk when encountered, which permits distant attackers to set off an infinite loop or a heap-based buffer overflow, and presumably execute arbitrary code, by way of a crafted compressed stream, a associated concern to CVE-2006-1168 and CVE-2011-2895.
Cross-site scripting (XSS) vulnerability within the internet interface in Red Hat Network (RHN) Satellite 5.4.1 permits distant authenticated customers to inject arbitrary internet script or HTML by way of the Description area of the asset tag in a Custom Info web page.
ipmievd (aka the IPMI occasion daemon) in OpenIPMI, as used within the ipmitool bundle 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and different merchandise makes use of 0666 permissions for its ipmievd.pid PID file, which permits native customers to kill arbitrary processes by writing to this file.
spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 doesn’t correctly authorize or authenticate uploads to the NULL group when mod_wsgi is used, which permits distant attackers to trigger a denial of service (/var partition disk consumption and failed updates) by way of numerous bundle uploads.
Buffer overflow within the readstr_upto perform in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and presumably 2.6.13, permits distant attackers to execute arbitrary code by way of an extended string in a command to the script-fu server.
fits-io.c in GIMP earlier than 2.8.1 permits distant attackers to trigger a denial of service (NULL pointer dereference and software crash) by way of a malformed XTENSION header of a .match file, as demonstrated utilizing an extended string.
Multiple heap-based buffer overflows within the XML manifest encryption tag parsing performance in OpenOffice.org and LibreOffice earlier than 3.5.5 permit distant attackers to trigger a denial of service and presumably execute arbitrary code by way of a crafted Open Document Text (.odt) file with (1) a toddler tag inside an incorrect dad or mum tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose size shouldn’t be evenly divisible by 4.
Integer overflow in plug-ins/widespread/psd.c within the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier permits distant attackers to trigger a denial of service and presumably execute arbitrary code by way of a crafted channels header worth in a PSD picture file, which triggers a heap-based buffer overflow, a special vulnerability than CVE-2009-3909.
Heap-based buffer overflow within the KiSS CEL file format plug-in in GIMP 2.8.x and earlier permits distant attackers to trigger a denial of service and presumably execute arbitrary code by way of a crafted KiSS palette file, which triggers an “invalid free.”
Integer overflow within the ReadImage perform in plug-ins/widespread/file-gif-load.c within the GIF picture format plug-in in GIMP 2.8.x and earlier permits distant attackers to trigger a denial of service (software crash) and presumably execute arbitrary code by way of crafted top and len properties in a GIF picture file, which triggers a heap-based buffer overflow. NOTE: a few of these particulars are obtained from third occasion info.
The scriptfu community server in GIMP 2.6 doesn’t require authentication, which permits distant attackers to execute arbitrary instructions by way of the python-fu-eval command.
Stack-based buffer overflow within the HMIWeb Browser HSCDSPRenderDLL ActiveX management in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 permits distant attackers to execute arbitrary code by way of unspecified vectors.
Trillian 5.1.0.19 doesn’t confirm that the server hostname matches a website title within the topic’s Common Name (CN) or subjectAltName area of the X.509 certificates, which permits man-in-the-middle attackers to spoof SSL servers by way of an arbitrary legitimate certificates, a special vulnerability than CVE-2009-4831.
Multiple stack-based buffer overflows in file-xwd.c within the X Window Dump (XWD) plug-in in GIMP 2.8.2 permit distant attackers to trigger a denial of service (crash) and presumably execute arbitrary code by way of a big (1) crimson, (2) inexperienced, or (3) blue shade masks in an XWD file.
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 doesn’t correctly test shopper “authenticity,” which permits distant attackers to acquire channel content material by skipping the preliminary authentication name.
Apache OpenOffice.org (OOo) earlier than 4.0 permits distant attackers to trigger a denial of service (reminiscence corruption) or presumably have unspecified different influence by way of invalid PLCF information in a DOC doc file.
Apache OpenOffice.org (OOo) earlier than 4.0 permits distant attackers to trigger a denial of service (reminiscence corruption) or presumably have unspecified different influence by way of a crafted factor in an OOXML doc file.
The Kepware DNP Master Driver for the KEPServerEX Communications Platform earlier than 5.12.140.0 permits distant attackers to trigger a denial of service (master-station infinite loop) by way of crafted DNP3 packets to TCP port 20000 and permits bodily proximate attackers to trigger a denial of service (master-station infinite loop) by way of crafted enter over a serial line.
Red Hat Satellite 5.6 and earlier doesn’t disable the online interface that’s used to create the primary consumer for a satellite tv for pc, which permits distant attackers to create administrator accounts.
Integer overflow within the load_image perform in file-xwd.c within the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib earlier than 2.24, permits distant attackers to trigger a denial of service (crash) and presumably execute arbitrary code by way of a big shade entries worth in an X Window System (XWD) picture dump.
Heap-based buffer overflow within the read_xwd_cols perform in file-xwd.c within the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier permits distant attackers to trigger a denial of service (crash) and presumably execute arbitrary code by way of an X Window System (XWD) picture dump with extra colours than shade map entries.
Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 contains cleartext consumer passwords in an error message when a system registration XML-RPC name fails, which permits distant directors to acquire the password by studying (1) the server log and (2) an e mail.
Multiple cross-site scripting (XSS) vulnerabilities in techniques/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 permit distant attackers to inject arbitrary internet script or HTML by way of the (1) topic or (2) content material values of a word in a system.addNote XML-RPC name.
Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 permits distant attackers to inject arbitrary internet script or HTML by way of the kind parameter.
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java earlier than 2.6.1 set the developEntityReferences property to true, which permits distant attackers to conduct XML exterior entity (XXE) assaults by way of a crafted XML DOCTYPE declaration.
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 by way of 3.2 permit distant attackers to execute arbitrary code by way of a big buffer-size worth in a Modbus Application Header.
CRLF injection vulnerability in spacewalk-java earlier than 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 permits distant attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting assaults and cross-site scripting (XSS) assaults, by way of the return_url parameter.
The monitoring probe show in spacewalk-java earlier than 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 by way of 4.2.0 and 5.1.0 by way of 5.3.0, and Proxy 5.3.0, permits distant authenticated customers with permissions to manage monitoring probes to execute arbitrary code by way of unspecified vectors, associated to backticks.
Apache OpenOffice earlier than 4.1.1 permits distant attackers to execute arbitrary instructions and presumably produce other unspecified influence by way of a crafted Calc spreadsheet.
The OLE preview era in Apache OpenOffice earlier than 4.1.1 and OpenOffice.org (OOo) would possibly permit distant attackers to embed arbitrary information into paperwork by way of crafted OLE objects.
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and a pair of.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 by way of 5.6 permits distant attackers to inject arbitrary internet script or HTML by way of a crafted request that’s not correctly dealt with when logging.
The femanager extension earlier than 1.0.9 for TYPO3 permits distant frontend customers to switch or delete the data of different frontend customers by way of unspecified vectors.
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 permit distant attackers to inject arbitrary internet script or HTML by way of unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software program/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.
Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite earlier than 5.7.0 permits distant authenticated customers to inject arbitrary internet script or HTML by way of the System Groups area.
Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs earlier than 7.8.90 permits distant attackers to execute arbitrary code by way of unspecified vectors.
The HWP filter in LibreOffice earlier than 4.3.7 and 4.4.x earlier than 4.4.2 and Apache OpenOffice earlier than 4.1.2 permits distant attackers to trigger a denial of service (crash) or presumably execute arbitrary code by way of a crafted HWP doc, which triggers an out-of-bounds write.
The shopper detection protocol in Valve Steam permits distant attackers to trigger a denial of service (course of crash) by way of a crafted response to a broadcast packet.
Schneider Electric StruxureWare Building Expert MPM earlier than 2.15 doesn’t use encryption for the client-server information stream, which permits distant attackers to find credentials by sniffing the community.
LibreOffice earlier than 4.4.5 and Apache OpenOffice earlier than 4.1.2 makes use of the saved LinkUpdateMode configuration info in OpenDocument Format information and templates when dealing with hyperlinks, which could permit distant attackers to acquire delicate info by way of a crafted doc, which embeds information from native information into (1) Calc or (2) Writer.
Integer underflow in LibreOffice earlier than 4.4.5 and Apache OpenOffice earlier than 4.1.2, when the configuration setting “Load printer settings with the doc” is enabled, permits distant attackers to trigger a denial of service (reminiscence corruption and software crash) or presumably execute arbitrary code by way of crafted PrinterSetup information in an ODF doc.
Valve Steam 2.10.91.91 makes use of weak permissions (Users: learn and write) for the Install folder, which permits native customers to achieve privileges by way of a Trojan horse steam.exe file.
An concern was found in Insyde InsydeH2O with kernel 5.1 by way of 2021-11-08, 5.2 by way of 2021-11-08, and 5.3 by way of 2021-11-08. A StorageSecurityCommandDxe SMM reminiscence corruption vulnerability permits an attacker to jot down mounted or predictable information to SMRAM. Exploiting this concern may result in escalating privileges to SMM.
An concern was found in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 earlier than 05.08.41, 5.1 earlier than 05.16.29, 5.2 earlier than 05.26.29, 5.3 earlier than 05.35.29, 5.4 earlier than 05.43.29, and 5.5 earlier than 05.51.29. An SMM callout vulnerability permits an attacker to hijack the execution circulation of code working in System Management Mode. Exploiting this concern may result in escalating privileges to SMM.
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code situated in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to name a GetVariable service, which is situated exterior of SMRAM. This may end up in code execution in SMM (escalating privilege from ring 0 to ring -2).
An concern was found in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI companies that use the Communicate() perform of the EFI_SMM_COMMUNICATION_PROTOCOL don’t test whether or not the handle of the buffer is legitimate, which permits use of SMRAM, MMIO, or OS kernel addresses.
A vulnerability exists in SMM (System Management Mode) department that registers a SWSMI handler that doesn’t sufficiently test or validate the allotted buffer pointer(CommBuffer). This can be utilized by an attacker to deprave information in SMRAM reminiscence and even result in arbitrary code execution.
An unsafe pointer vulnerability exists in SMM (System Management Mode) department that registers a SWSMI handler. An attacker can use this unsafe pointer “current_ptr” to learn or write or manipulate information into SMRAM. Exploitation of this vulnerability can result in escalation of privileges reserved just for SMM utilizing the SwSMI handler.
An unsafe pointer vulnerability exists in SMM (System Management Mode) department that registers a SWSMI handler. An attacker can use this unsafe pointer “ptr” to learn or write or manipulate information within the SMRAM. Exploitation of this vulnerability can result in escalation of privileges reserved just for SMM utilizing the SwSMI handler.
A vulnerability exists in SMM (System Management Mode) department that registers a SWSMI handler that doesn’t sufficiently test or validate the allotted desk variable EFI_BOOT_SERVICES. This can be utilized by an attacker to overwrite handle location of any of the capabilities (FreePool,FindHandleBuffer,HandleProtocol) to the handle location of arbitrary code managed by the attacker. On system name to SWSMI handler, the arbitrary code could be triggered to execute.
A vulnerability exists in SMM (System Management Mode) department that registers a SWSMI handler that doesn’t sufficiently test or validate the allotted desk variable EFI_BOOT_SERVICES. This permits an attacker who’s able to executing code in DXE part to take advantage of this vulnerability to escalate privileges to SMM. The attacker can overwrite the FindProtocol or Freepool reminiscence handle location to execute undesirable code.
A vulnerability exists in SMM (System Management Mode) department that registers a SWSMI handler that doesn’t sufficiently test or validate the allotted desk variables EFI_BOOT_SERVICES and EFI_RUNTIME_SERVICES. This can be utilized by an attacker to overwrite handle location of the perform (FindHandleBuffer) to the handle location of arbitrary code managed by the attacker. On system name to SWSMI handler, the arbitrary code could be triggered to execute.
SMM callout vulnerability permitting a doable attacker to hijack execution circulation of a code working in System Management Mode. Exploiting this concern may result in escalating privileges to SMM.
SMM callout vulnerability permitting a doable attacker to hijack execution circulation of a code working in System Management Mode. Exploiting this concern may result in escalating privileges to SMM.
An concern was found in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 earlier than 05.51.45, 5.4 earlier than 05.43.45, 5.3 earlier than 05.35.45, 5.2 earlier than 05.26.45, 5.1 earlier than 05.16.45, and 5.0 earlier than 05.08.45. An SMM callout vulnerability permits an attacker to hijack execution circulation of code working in System Management Mode. Exploiting this concern may result in escalating privileges to SMM.
SMM reminiscence corruption vulnerability permitting a doable attacker to jot down mounted or predictable information to SMRAM. Exploiting this concern may result in escalating privileges to SMM.
Tensorflow is an Open Source Machine Learning Framework. The implementation of form inference for `ConcatV2` can be utilized to set off a denial of service assault by way of a segfault attributable to a sort confusion. The `axis` argument is translated into `concat_dim` within the `ConcatShapeHelper` helper perform. Then, a worth for `min_rank` is computed based mostly on `concat_dim`. This is then used to validate that the `values` tensor has not less than the required rank. However, `WithRankAtLeast` receives the decrease certain as a 64-bits worth after which compares it towards the utmost 32-bits integer worth that could possibly be represented. Due to the truth that `min_rank` is a 32-bits worth and the worth of `axis`, the `rank` argument is a unfavourable worth, so the error test is bypassed. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be utilized to set off a denial of service assault by allocating an excessive amount of reminiscence. This is as a result of the `num_threads` argument is simply checked to not be unfavourable, however there isn’t any higher certain on its worth. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be utilized to set off a denial of service assault by inflicting an out of reminiscence situation after an integer overflow. We are lacking a validation on `pad_witdh` and that lead to computing a unfavourable worth for `ngram_width` which is later used to allocate elements of the output. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined conduct: beneath sure situation it may be made to dereference a `nullptr` worth. The 3 enter arguments to `SparseTensorSliceDataset` characterize a sparse tensor. However, there are some preconditions that these arguments should fulfill however these usually are not validated within the implementation. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are susceptible to integer overflows. These can be utilized to set off massive allocations (so, OOM based mostly denial of service) or `CHECK`-fails when constructing new `TensorForm` objects (so, assert failures based mostly denial of service). We are lacking some validation on the shapes of the enter tensors in addition to instantly establishing a big `TensorForm` with user-provided dimensions. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is susceptible to an integer overflow which leads to a `CHECK`-fail when constructing new `TensorForm` objects (so, an assert failure based mostly denial of service). We are lacking some validation on the shapes of the enter tensors in addition to instantly establishing a big `TensorForm` with user-provided dimensions. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The estimator for the price of some convolution operations could be made to execute a division by 0. The perform fails to test that the stride argument is strictly optimistic. Hence, the repair is so as to add a test for the stride argument to make sure it’s legitimate. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is susceptible to a division by zero attributable to an integer overflow bug. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is susceptible a `CHECK`-fail if the important thing tensor shouldn’t be a scalar. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` could be made to crash a TensorMove course of by way of a division by 0. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorMove can be utilized to set off a denial of service by way of `CHECK`-fails (i.e., assertion failures). This is much like TFSA-2021-198 and has comparable fixes. We have patched the reported points in a number of GitHub commits. It is feasible that different comparable cases exist in TensorMove, we’ll concern fixes as these are found. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
An concern was found in Online-Movie-Ticket-Booking-System 1.0. The file about.php doesn’t carry out enter validation on the ‘id’ paramter. An attacker can append SQL queries to the enter to extract delicate info from the database.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations permits malicious customers to trigger denial of service by passing in arguments which might set off a `CHECK`-fail. There are a number of situations that the enter arguments should fulfill. Some usually are not caught throughout form inference and others usually are not caught throughout kernel implementation. This leads to `CHECK` failures later when the output tensors get allotted. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseRelySparseOutput` could be made to crash a TensorMove course of by an integer overflow whose result’s then utilized in a reminiscence allocation. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined conduct the place consumer managed inputs can set off a reference binding to null pointer. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseRelySparseOutput` is susceptible to a heap overflow. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite mannequin that will set off a division by zero within the implementation of depthwise convolutions. The parameters of the convolution could be consumer managed and are additionally used inside a division operation to find out the dimensions of the padding that must be added earlier than making use of the convolution. There isn’t any test earlier than this division that the divisor is strictly optimistic. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Mastodon earlier than 3.3.2 and three.4.x earlier than 3.4.6 has incorrect entry management as a result of it doesn’t compact incoming signed JSON-LD actions. (JSON-LD signing has been supported since model 1.6.0.)
Totolink units A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 have been found to include a stack overflow within the perform setNoticeCfg. This vulnerability permits attackers to trigger a Denial of Service (DoS) by way of the IpTo parameter.
In OpenZeppelin <=v4.4.0, initializer capabilities which can be invoked separate from contract creation (probably the most outstanding instance being minimal proxies) could also be reentered in the event that they make an untrusted non-view exterior name. Once an initializer has completed working it will probably by no means be re-executed. However, an exception put in place to help a number of inheritance made reentrancy doable, breaking the expectation that there's a single execution.
In Zammad 5.0.2, brokers can configure “out of workplace” durations and substitute individuals. If the substitute individuals did not have the identical permissions as the unique agent, they might obtain ticket notifications for tickets that they don’t have any entry to.
A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that permits attackers to create a backdoor consumer with admin privilege and get entry to the filesystem by way of a malicious HTML webpage that's despatched to the sufferer. An admin can run instructions utilizing the FileBrowser and therefore it results in RCE.
An incorrect test within the part cdr.php of Voipmonitor GUI earlier than v24.96 permits unauthenticated attackers to escalate privileges by way of a crafted request.
The config restore perform of Voipmonitor GUI earlier than v24.96 doesn’t correctly test information despatched as restore archives, permitting distant attackers to execute arbitrary instructions by way of a crafted file within the internet root.
Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 permits distant unauthenticated customers to inject and execute arbitrary system instructions by way of the unsanitized user-controlled “command” and “commandvalues” parameters.
A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 by way of yr_set_configuration in yara/libyara/libyara.c, which may trigger a Denial of Service.
A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 by way of the xtra_box_write perform in /box_code_base.c, which causes a Denial of Service. This vulnerability was mounted in commit 71f9871.
This impacts the bundle putil-merge earlier than 3.8.0. The merge() perform doesn’t test the values handed into the argument. An attacker can provide a malicious worth by adjusting the worth to incorporate the constructor property. Note: This vulnerability derives from an incomplete repair in https://safety.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077
The bundle object-path-set earlier than 1.0.2 are susceptible to Prototype Pollution by way of the setPath methodology, because it permits an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete repair in https://safety.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908
Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows distant malicious customers to redirect customers to malicious websites utilizing the “referuri” parameter.
The OIDC OP plugin earlier than 3.0.4 for Shibboleth Identity Provider permits server-side request forgery (SSRF) on account of inadequate restriction of the request_uri parameter. This permits attackers to work together with arbitrary third-party HTTP companies.
An concern was found in fs/nfs/dir.c within the Linux kernel earlier than 5.16.5. If an software units the O_DIRECTORY flag, and tries to open an everyday file, nfs_atomic_open() performs an everyday lookup. If an everyday file is discovered, ENOTDIR ought to happen, however the server as an alternative returns uninitialized information within the file descriptor.
choices.c in atftp earlier than 0.7.5 reads previous the tip of an array, and consequently discloses server-side /and so forth/group information to a distant shopper.
Argo CD earlier than 2.1.9 and a pair of.2.x earlier than 2.2.4 permits listing traversal associated to Helm charts due to an error in helmTemplate in repository.go. For instance, an attacker might be able to uncover credentials saved in a YAML file.
A vulnerability in ${“freemarker.template.utility.Execute”?new() of UJCMS Jspxcms v10.2.0 permits attackers to execute arbitrary instructions by way of importing malicious information.
A distant code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 permits attackers to execute arbitrary code by way of a crafted JAR bundle.
Z-Wave units from Sierra Designs (circa 2013) and Silicon Labs (utilizing S0 safety) might use a recognized, shared community key of all zeros, permitting an attacker inside radio vary to spoof Z-Wave site visitors.
The Z-Wave specification requires that S2 safety could be downgraded to S0 or different much less safe protocols, permitting an attacker inside radio vary throughout pairing to downgrade after which exploit a special vulnerability (CVE-2013-20003) to intercept and spoof site visitors.
AMD Radeon Software could also be susceptible to DLL Hijacking by way of path variable. An unprivileged consumer might be able to drop its malicious DLL file in any location which is in path surroundings variable.
When mixed with particular software program sequences, AMD CPUs might transiently execute non-canonical hundreds and retailer utilizing solely the decrease 48 handle bits probably leading to information leakage.
AMD EPYC™ Processors include an info disclosure vulnerability within the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). An area authenticated attacker may probably exploit this vulnerability resulting in leaking visitor information by the malicious hypervisor.
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the net server used, that might trigger a leak of delicate information or unauthorized actions on the net server throughout the time the consumer is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with built-in Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with built-in Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium manufacturing unit forged communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)
A misconfiguration exists within the MQTTS performance of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration considerably simplifies a man-in-the-middle assault, which instantly results in management of gadget performance.
A stack-based buffer overflow vulnerability exists in each the LLMNR performance of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted community packet can result in distant code execution. An attacker can ship a malicious packet to set off this vulnerability.
A denial of service vulnerability exists within the Modbus configuration performance of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted community packets can result in denial of service. An attacker can ship a malicious packet to set off this vulnerability.
A denial of service vulnerability exists within the SeaMax distant configuration performance of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted community packets can result in denial of service. An attacker can ship a malicious packet to set off this vulnerability.
A file write vulnerability exists within the OTA replace job performance of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can result in arbitrary file overwrite. An attacker can carry out a man-in-the-middle assault to set off this vulnerability.
An out-of-bounds write vulnerability exists within the HandleSeaCloudMessage performance of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage perform makes use of at [4] the json_object_get_string to populate the p_payload international variable. The p_payload is simply 0x100 bytes lengthy, and the whole MQTT message could possibly be as much as 0x201 bytes. Because the perform json_object_get_string will fill str based mostly on the size of the json’s worth and never the precise str measurement, this might lead to a doable out-of-bounds write.
An out-of-bounds write vulnerability exists within the HandleSeaCloudMessage performance of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage perform makes use of at [3] the json_object_get_string to populate the p_name international variable. The p_name is simply 0x80 bytes lengthy, and the whole MQTT message could possibly be as much as 0x201 bytes. Because the perform json_object_get_string will fill str based mostly on the size of the json’s worth and never the precise str measurement, this might lead to a doable out-of-bounds write.
An out-of-bounds write vulnerability exists within the URL_decode performance of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can result in an out-of-bounds write. An attacker can carry out a man-in-the-middle assault to set off this vulnerability.
Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M permits an attacker to execute arbitrary code within the node working the AC800M OPC Server.
Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability within the ABB SPIET800 and PNI800 module that permits an attacker to trigger the denial of service or make the module unresponsive.
Improper Input Validation vulnerability within the ABB SPIET800 and PNI800 module permits an attacker to trigger the denial of service or make the module unresponsive.
Improper Input Validation vulnerability within the ABB SPIET800 and PNI800 module permits an attacker to trigger the denial of service or make the module unresponsive.
The influence of this vulnerability is that Arista’s EOS eAPI might skip re-evaluating consumer credentials when certificates based mostly authentication is used, which permits distant attackers to entry the gadget by way of eAPI.
An area unquoted search path safety vulnerability has been recognized in HPE Agentless Management Service for Windows model(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could possibly be exploited domestically by a consumer with excessive privileges to execute malware which will result in a lack of confidentiality, integrity, and availability. HPE has offered software program updates to resolve the vulnerability in HPE Agentless Management Service for Windows.
A possible native buffer overflow vulnerability has been recognized in HPE FlexNetwork 5130 EL Switch Series model: Prior to 5130_EI_7.10.R3507P02. HPE has made the next software program replace to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series model 5130_EL_7.10.R3507P02.
An authenticated consumer with none particular authorizations might be able to repeatedly invoke the options command the place at a excessive quantity might result in useful resource depletion or generate excessive lock rivalry. This might lead to denial of service and in uncommon instances may lead to id area collisions.
### Impact It’s doable to know if a consumer has or not an account in a wiki associated to an e mail handle, and which username(s) is definitely tied to that e mail by forging a request to the Forgot username web page. Note that since this web page doesn’t have a CSRF test it is fairly straightforward to carry out a number of these requests. ### Patches This concern has been patched in XWiki 12.10.5 and 13.2RC1. Two completely different patches are offered: – a primary one to repair the CSRF drawback – a extra advanced one which now depends on sending an e mail for the Forgot username course of. ### Workarounds It’s doable to repair the issue with out uprading by enhancing the ForgotUsertitle web page in model beneath 13.x, to make use of the next code: https://github.com/xwiki/xwiki-platform/blob/69548c0320cbd772540cf4668743e69f879812cf/xwiki-platform-core/xwiki-platform-administration/xwiki-platform-administration-ui/src/essential/sources/XWiki/ForgotUsertitle.xml#L39-L123 In model after 13.x it is also doable to edit manually the forgotusername.vm file, but it surely’s actually inspired to improve the model right here. ### References * https://jira.xwiki.org/browse/XWIKI-18384 * https://jira.xwiki.org/browse/XWIKI-18408 ### For extra info If you have got any questions or feedback about this advisory: * Open a problem in [Jira XWiki](https://jira.xwiki.org) * Email us at [security ML](mailto:[email protected])
In Apache Gobblin, the Hadoop token is written to a temp file that’s seen to all native customers on Unix-like techniques. This impacts variations <= 0.15.0. Users ought to replace to model 0.16.0 which addresses this concern.
Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This impacts variations <= 0.15.0. Users ought to replace to model 0.16.0 which addresses this concern.
A possible Information leakage vulnerability has been recognized in variations of Micro Focus Voltage SecureMail Mail Relay previous to 7.3.0.1. The vulnerability could possibly be exploited to create an info leakage assault.
A use-after-free vulnerability exists within the RS-274X aperture definition tokenization performance of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can result in code execution. An attacker can present a malicious file to set off this vulnerability.
An info disclosure vulnerability exists within the pick-and-place rotation parsing performance of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the lacking initialization of a construction to leak reminiscence contents. An attacker can present a malicious file to set off this vulnerability.
A use-after-free vulnerability exists within the JavaScript engine of Foxit Software’s PDF Reader, model 11.1.0.52543. A specially-crafted PDF doc can set off the reuse of beforehand freed reminiscence, which might result in arbitrary code execution. An attacker must trick the consumer to open the malicious file to set off this vulnerability. Exploitation can be doable if a consumer visits a specially-crafted, malicious website if the browser plugin extension is enabled.
XWiki is a generic wiki platform providing runtime companies for purposes constructed on high of it. When utilizing default XWiki configuration, it is doable for an attacker to add an SVG containing a script executed when executing the obtain motion on the file. This drawback has been patched in order that the default configuration would not permit to show the SVG information within the browser. Users are suggested to replace or to disallow uploads of SVG information.
Local privilege escalation by way of named pipe on account of improper entry management checks. The following merchandise are affected: Acronis Cyber Protect 15 (Windows) earlier than construct 28035, Acronis Agent (Windows) earlier than construct 27147, Acronis Cyber Protect Home Office (Windows) earlier than construct 39612, Acronis True Image 2021 (Windows) earlier than construct 39287
Local privilege escalation on account of DLL hijacking vulnerability. The following merchandise are affected: Acronis Cyber Protect Home Office (Windows) earlier than construct 39612, Acronis True Image 2021 (Windows) earlier than construct 39287
Local privilege escalation on account of DLL hijacking vulnerability in Acronis Media Builder service. The following merchandise are affected: Acronis Cyber Protect Home Office (Windows) earlier than construct 39612, Acronis True Image 2021 (Windows) earlier than construct 39287
Unauthenticated SQL Injection (SQLi) vulnerability found in [GWA] AutoResponder WordPress plugin (variations <= 2.3), susceptible at (&listid). No patched model obtainable, plugin closed.
A use-after-free flaw was present in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c within the Linux kernel’s cgroup v1 parser. An area attacker with a consumer privilege may trigger a privilege escalation by exploiting the fsconfig syscall parameter resulting in a container breakout and a denial of service on the system.
The WP HTML Mail WordPress plugin is susceptible to unauthorized entry which permits unauthenticated attackers to retrieve and modify theme settings on account of a lacking functionality test on the /themesettings REST-API endpoint discovered within the ~/contains/class-template-designer.php file, in variations as much as and together with 3.0.9. This makes it doable for attackers with no privileges to execute the endpoint and add malicious JavaScript to a susceptible WordPress website.
A vulnerability was discovered within the Linux kernel’s eBPF verifier when dealing with inside information constructions. Internal reminiscence places could possibly be returned to userspace. An area attacker with the permissions to insert eBPF code to the kernel can use this to leak inside kernel reminiscence particulars defeating among the exploit mitigations in place for the kernel. This flaws impacts kernel variations < v5.16-rc6
An improper enter validation vulnerability in go-attestation earlier than 0.3.3 permits native customers to offer a maliciously-formed Quote over no/some PCRs, inflicting AKPublic.Verify to succeed regardless of the inconsistency. Subsequent use of the identical set of PCR values in Eventlog.Verify lacks the authentication carried out by quote verification, which means an area attacker may couple this vulnerability with a maliciously-crafted TCG log in Eventlog.Verify to spoof occasions within the TCG log, therefore defeating remotely-attested measured-boot. We advocate upgrading to Version 0.4.0 or above.
The affected product is susceptible to an authenticated OS command injection, which can permit an attacker to inject and execute arbitrary shell instructions because the Admin (root) consumer.
The Fotobook WordPress plugin is susceptible to Reflected Cross-Site Scripting on account of inadequate escaping and using $_SERVER[‘PHP_SELF’] discovered within the ~/options-fotobook.php file which permits attackers to inject arbitrary internet scripts onto the web page, in variations as much as and together with 3.2.3.
The Embed Swagger WordPress plugin is susceptible to Reflected Cross-Site Scripting on account of inadequate escaping/sanitization and validation by way of the url parameter discovered within the ~/swagger-iframe.php file which permits attackers to inject arbitrary internet scripts onto the web page, in variations as much as and together with 1.0.0.
Lack of validation of URLs causes Mirantis Container Cloud Lens Extension earlier than v3.1.1 to open exterior packages aside from the default browser to carry out signal on to a brand new cluster. An attacker may host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the sufferer so as to add a brand new cluster by way of its URL. This concern impacts: Mirantis Mirantis Container Cloud Lens Extension v3 variations previous to v3.1.1.
A use-after-free vulnerability was present in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick within the Linux kernel. In this flaw, an area attacker with a consumer privilege might influence system Confidentiality. This flaw impacts kernel variations prior to five.14 rc1.
A reminiscence corruption vulnerability exists within the JavaScript engine of Foxit Software’s PDF Reader, model 11.1.0.52543. A specially-crafted PDF doc can set off an exception which is badly dealt with, leaving the engine in an invalid state, which might result in reminiscence corruption and arbitrary code execution. An attacker must trick the consumer to open the malicious file to set off this vulnerability. Exploitation can be doable if a consumer visits a specially-crafted, malicious website if the browser plugin extension is enabled.
CA Harvest Software Change Manager variations 13.0.3, 13.0.4, 14.0.0, and 14.0.1, include a vulnerability within the CSV export performance, on account of inadequate enter validation, that may permit a privileged consumer to probably execute arbitrary code or instructions.
A CWE-798: Use of Hard-coded Credentials vulnerability exists that might lead to info disclosure. If an attacker have been to acquire the SSH cryptographic key for the gadget and take lively management of the native operational community related to the product they might probably observe and manipulate site visitors related to product configuration. Affected Product: Easergy P5 (All firmware variations previous to V01.401.101)
A CWE-120: Buffer Copy with out Checking Size of Input vulnerability exists that might result in a buffer overflow inflicting program crashes and arbitrary code execution when specifically crafted packets are despatched to the gadget over the community. Protection capabilities and tripping perform by way of GOOSE could be impacted. Affected Product: Easergy P5 (All firmware variations previous to V01.401.101)
A CWE-400: Uncontrolled Resource Consumption vulnerability exists that might trigger a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending numerous TCP RST or FIN packets to any open TCP port of the PLC. Affected Product: Modicon M340 CPUs: BMXP34 (All Versions)
A CWE-120: Buffer Copy with out Checking Size of Input vulnerability exists that might result in a buffer overflow inflicting program crashes and arbitrary code execution when specifically crafted packets are despatched to the gadget over the community. Protection capabilities and tripping perform by way of GOOSE could be impacted. Affected Product: Easergy P3 (All variations previous to V30.205)
A CWE-20: Improper Input Validation vulnerability exists that might permit arbitrary information on the server to be learn by authenticated customers by way of a restricted working system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
A CWE-20: Improper Input Validation vulnerability exists that might permit an unauthenticated attacker to view information, change settings, influence availability of the software program, or probably influence a consumer?s native machine when the consumer clicks a specifically crafted hyperlink. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that might permit an authenticated attacker to view information, change settings, or influence availability of the software program when the consumer visits a web page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
VMware Cloud Foundation accommodates an info disclosure vulnerability on account of logging of credentials in plain-text inside a number of log information on the SDDC Manager. A malicious actor with root entry on VMware Cloud Foundation SDDC Manager might be able to view credentials in plaintext inside a number of log information.
The affected product has a hardcoded personal key obtainable contained in the venture folder, which can permit an attacker to attain Web Server login and carry out additional actions.
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite mannequin that will set off a division by zero in `BiasAndClamp` implementation. There isn’t any test that the `bias_size` is non zero. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite mannequin that will trigger an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` as an alternative of a `size_t. An attacker can management mannequin inputs such that `computed_size` overflows the dimensions of `int` datatype. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite mannequin that will trigger an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are merchandise of values offered by the consumer. Hence, a malicious consumer may set off overflows within the multiplication. In sure situations, this may then lead to heap OOB learn/write. Users are suggested to improve to a patched model.
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite mannequin that will permit restricted reads and writes exterior of arrays in TFLite. This exploits lacking validation within the conversion from sparse tensors to dense tensors. The repair is included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary. Users are suggested to improve as quickly as doable.
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite mannequin that will trigger a write exterior of bounds of an array in TFLite. In reality, the attacker can override the linked checklist utilized by the reminiscence allocator. This could be leveraged for an arbitrary write primitive beneath sure situations. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can set off undefined conduct or, in some situations, extraordinarily massive allocations. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. In a number of locations, TensorMove makes use of `tempfile.mktemp` to create momentary information. While that is acceptable in testing, in utilities and libraries it’s harmful as a special course of can create the file between the test for the filename in `mktemp` and the precise creation of the file by a subsequent operation (a TOC/TOU sort of weak spot). In a number of cases, TensorMove was supposed to truly create a short lived listing as an alternative of a file. This logic bug is hidden away by the `mktemp` perform utilization. We have patched the difficulty in a number of commits, changing `mktemp` with the safer `mkstemp`/`mkdtemp` capabilities, in keeping with the utilization sample. Users are suggested to improve as quickly as doable.
Tensorflow is an Open Source Machine Learning Framework. When decoding a useful resource deal with tensor from protobuf, a TensorMove course of can encounter instances the place a `CHECK` assertion is invalidated based mostly on consumer managed arguments. This permits attackers to trigger denial of companies in TensorMove processes. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. An attacker can set off denial of service by way of assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. TensorMove is susceptible to a heap OOB write in `Grappler`. The `set_output` perform writes to an array on the specified index. Hence, this provides a malicious consumer a write primitive. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorMove would possibly do a null-dereference if attributes of some mutable arguments to some operations are lacking from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in manufacturing builds and an assertion failure in debug builds. In the primary case execution proceeds to the dereferencing of the null pointer, whereas within the second case it leads to a crash because of the assertion failure. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, and TensorMove 2.6.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorMove course of can encounter instances the place a `CHECK` assertion is invalidated based mostly on consumer managed arguments, if the tensors have an invalid `dtype` and 0 parts or an invalid form. This permits attackers to trigger denial of companies in TensorMove processes. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. Under sure situations, TensorMove can fail to specialize a sort throughout form inference. This case is roofed by the `DCHECK` perform nonetheless, `DCHECK` is a no-op in manufacturing builds and an assertion failure in debug builds. In the primary case execution proceeds to the `ValueOrDie` line. This leads to an assertion failure as `ret` accommodates an error `Status`, not a worth. In the second case we additionally get a crash because of the assertion failure. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, and TensorMove 2.6.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` may end up in copying uninitialized information to a brand new tensor. This later leads to undefined conduct. The implementation has a test that the left hand aspect of the task is initialized (to reduce variety of allocations), however doesn’t test that the precise hand aspect can be initialized. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorMove’s `SpecializeType` which leads to heap OOB learn/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop the place the loop index is `j`. Hence it’s doable to assign to `arg` from exterior the vector of arguments. Since it is a mutable proto worth, it permits each learn and write to exterior of bounds information. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, and TensorMove 2.6.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is susceptible to an integer overflow if an attacker can create an operation which might contain a tensor with massive sufficient variety of parts. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is susceptible to an integer overflow if an attacker can create an operation which might contain tensors with massive sufficient variety of parts. We can have a big sufficient variety of dimensions in `output_shape.dim()` or only a small variety of dimensions being massive sufficient to trigger an overflow within the multiplication. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is susceptible to a crash attributable to dereferencing a null pointer. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorMove can leak reminiscence within the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` however it’s a easy `OpKernel*` pointer so the reminiscence that was beforehand allotted to it might leak. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorMove can be utilized to trigger a denial of service by altering a `SavedModel` such that `ProtectedToTake awayIdentity` would set off `CHECK` failures. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. During form inference, TensorMove can allocate a big vector based mostly on a worth from a tensor managed by the consumer. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorMove can be utilized to trigger a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would set off `CHECK` failures. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. A malicious consumer could cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would set off `CHECK` failures. `TensorForm` constructor throws a `CHECK`-fail if form is partial or has quite a few parts that will overflow the dimensions of an `int`. The `PartialTensorForm` constructor as an alternative doesn’t trigger a `CHECK`-abort if the form is partial, which is precisely what this perform wants to have the ability to return `-1`. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. A malicious consumer could cause a denial of service by altering a `SavedModel` such that any binary op would set off `CHECK` failures. This happens when the protobuf half similar to the tensor arguments is modified such that the `dtype` not matches the `dtype` anticipated by the op. In that case, calling the templated binary operator for the binary op would obtain corrupted information, because of the sort confusion concerned. If `Tin` and `Tout` do not match the kind of information in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most instances, this might be a silent failure, however we’ve got seen situations the place this leads to a `CHECK` crash, therefore a denial of service. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. A malicious consumer could cause a use after free conduct when decoding PNG photos. After `png::CommonFreeDecode(&decode)` will get known as, the values of `decode.width` and `decode.top` are in an unspecified state. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG photos TensorMove can produce a reminiscence leak if the picture is invalid. After calling `png::CommonInitDecode(…, &decode)`, the `decode` worth accommodates allotted buffers which might solely be freed by calling `png::CommonFreeDecode(&decode)`. However, a number of error case within the perform implementation invoke the `OP_REQUIRES` macro which instantly terminates the execution of the perform, with out permitting for the reminiscence free to happen. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. A malicious consumer could cause a denial of service by altering a `SavedModel` such that assertions in `perform.cc` could be falsified and crash the Python interpreter. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. Under sure situations, Grappler part of TensorMove is susceptible to an integer overflow throughout value estimation for crop and resize. Since the cropping parameters are consumer managed, a malicious particular person can set off undefined conduct. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. A malicious consumer could cause a denial of service by altering a `SavedModel` such that Grappler optimizer would try and construct a tensor utilizing a reference `dtype`. This would lead to a crash on account of a `CHECK`-fail within the `Tensor` constructor as reference varieties usually are not allowed. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. Under sure situations, Grappler part of TensorMove can set off a null pointer dereference. There are 2 locations the place this may happen, for a similar malicious alteration of a `SavedModel` file (fixing the primary one would set off the identical dereference within the second place). First, throughout fixed folding, the `GraphDef` won’t have the required nodes for the binary operation. If a node is lacking, the correposning `mul_*little one` could be null, and the dereference within the subsequent line could be incorrect. We have an identical concern throughout `IsIdentityConsumingSwitch`. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorMove `SavedModel` could be maliciously altered to trigger a TensorMove course of to crash on account of encountering a `StatusOr` worth that’s an error and forcibly extracting the worth from it. We have patched the difficulty in a number of GitHub commits and these will likely be included in TensorMove 2.8.0 and TensorMove 2.7.1, as each are affected.
Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorMove doesn’t permit self recursive capabilities. The runtime assumes that this invariant is glad. However, a `GraphDef` containing a fraction corresponding to the next could be consumed when loading a `SavedModel`. This would lead to a stack overflow throughout execution as resolving every `NodeDef` means resolving the perform itself and its nodes. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
Tensorflow is an Open Source Machine Learning Framework. TensorMove’s sort inference could cause a heap out of bounds learn because the bounds checking is completed in a `DCHECK` (which is a no-op throughout manufacturing). An attacker can management the `input_idx` variable such that `ix` could be bigger than the variety of values in `node_t.args`. The repair will likely be included in TensorMove 2.8.0. This is the one affected model.
Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` perform within the MLIR-TFRT infrastructure in TensorMove is susceptible to a segfault (therefore, denial of service), if known as with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we construct an empty `SmallVector`. The repair will likely be included in TensorMove 2.8.0. This is the one affected model.
Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorMove (MLIR) makes a number of assumptions concerning the incoming `GraphDef` earlier than changing it to the MLIR-based dialect. If an attacker adjustments the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then transformed to MLIR-based IR then they’ll trigger a crash within the Python interpreter. Under sure situations, heap OOB learn/writes are doable. These points have been found by way of fuzzing and it’s doable that extra weaknesses exist. We will patch them as they’re found.
Tensorflow is an Open Source Machine Learning Framework. When constructing an XLA compilation cache, if default settings are used, TensorMove triggers a null pointer dereference. In the default state of affairs, all units are allowed, so `flr->config_proto` is `nullptr`. The repair will likely be included in TensorMove 2.8.0. We can even cherrypick this commit on TensorMove 2.7.1, TensorMove 2.6.3, and TensorMove 2.5.3, as these are additionally affected and nonetheless in supported vary.
fleet is an open supply gadget administration, constructed on osquery. Versions previous to 4.9.1 expose a restricted means to spoof SAML authentication with lacking viewers verification. This impacts deployments utilizing SAML SSO in two particular instances: 1. A malicious or compromised Service Provider (SP) may reuse the SAML response to log into Fleet as a consumer — provided that the consumer has an account with the identical e mail in Fleet, _and_ the consumer indicators into the malicious SP by way of SAML SSO from the identical Identity Provider (IdP) configured with Fleet. 2. A consumer with an account in Fleet may reuse a SAML response meant for an additional SP to log into Fleet. This is simply a priority if the consumer is blocked from Fleet within the IdP, however continues to have an account in Fleet. If the consumer is blocked from the IdP completely, this can’t be exploited. Fleet 4.9.1 resolves this concern. Users unable to improve ought to: Reduce the size of periods in your IdP to scale back the window for malicious re-use, Limit the quantity of SAML Service Providers/Applications utilized by consumer accounts with entry to Fleet, and When eradicating entry to Fleet within the IdP, delete the Fleet consumer from Fleet as properly.
Wire webapp is an internet shopper for the wire messaging protocol. In variations previous to 2022-01-27-production.0 expired ephemeral messages weren’t reliably faraway from native chat historical past of Wire Webapp. In variations earlier than 2022-01-27-production.0 ephemeral messages and property would possibly nonetheless be accessible by way of the native search performance. Any try and view considered one of these message within the chat view will then set off the deletion. This concern solely impacts domestically saved messages. On premise cases of wire-webapp must be up to date to 2022-01-27-production.0, in order that their customers are not affected. There are not any recognized workarounds for this concern.
iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected variations iTunesRPC-Remastered didn’t correctly sanitize consumer enter used to take away information resulting in file deletion solely restricted by the method permissions. Users are suggested to improve as quickly as doable.
iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected variations iTunesRPC-Remastered didn’t correctly sanitize picture file paths resulting in OS degree command injection. This concern has been patched in commit cdcd48b. Users are suggested to improve.
Twig is an open supply template language for PHP. When in a sandbox mode, the `arrow` parameter of the `kind` filter should be a closure to keep away from attackers with the ability to run arbitrary PHP capabilities. In affected variations this constraint was not correctly enforced and will result in code injection of arbitrary PHP code. Patched variations now disallow calling non Closure within the `kind` filter as is the case for another filters. Users are suggested to improve.
A safety out-of-bounds learn info disclosure vulnerability in Trend Micro Worry-Free Business Security Server may permit an area attacker to ship rubbish information to a selected named pipe and crash the server. Please word: an attacker should first get hold of the power to execute low-privileged code on the goal system with a purpose to exploit this vulnerability.
In Apache ActiveMQ Artemis previous to 2.20.0 or 2.19.1, an attacker may partially disrupt availability (DoS) by way of uncontrolled useful resource consumption of reminiscence.
A stack-based buffer overflow vulnerability exists within the Gerber Viewer gerber and excellon GCodeNumber parsing performance of KiCad EDA 6.0.1 and grasp commit de006fc010. A specially-crafted gerber or excellon file can result in code execution. An attacker can present a malicious file to set off this vulnerability.
A stack-based buffer overflow vulnerability exists within the Gerber Viewer gerber and excellon DCodeNumber parsing performance of KiCad EDA 6.0.1 and grasp commit de006fc010. A specially-crafted gerber or excellon file can result in code execution. An attacker can present a malicious file to set off this vulnerability.
Local privilege escalation on account of extreme permissions assigned to little one processes. The following merchandise are affected: Acronis Cyber Protect 15 (Windows) earlier than construct 28035, Acronis Agent (Windows) earlier than construct 27147, Acronis Cyber Protect Home Office (Windows) earlier than construct 39612, Acronis True Image 2021 (Windows) earlier than construct 39287
Local privilege escalation on account of race situation on software startup. The following merchandise are affected: Acronis Cyber Protect Home Office (macOS) earlier than construct 39605, Acronis True Image 2021 (macOS) earlier than construct 39287
Local privilege escalation on account of unrestricted loading of unsigned libraries. The following merchandise are affected: Acronis Cyber Protect Home Office (macOS) earlier than construct 39605, Acronis True Image 2021 (macOS) earlier than construct 39287
In Apache Traffic Control Traffic Ops prior to six.1.0 or 5.1.6, an unprivileged consumer who can attain Traffic Ops over HTTPS can ship a specially-crafted POST request to /consumer/login/oauth to scan a port of a server that Traffic Ops can attain.
Certain Korenix JetWave units permit authenticated customers to execute arbitrary code as root by way of /syscmd.asp. This impacts 2212X earlier than 1.9.1, 2212S earlier than 1.9.1, 2212G earlier than 1.8, 3220 V3 earlier than 1.5.1, 3420 V3 earlier than 1.5.1, and 2311 by way of 2022-01-31.
CGI.escape_html in Ruby earlier than 2.7.5 and three.x earlier than 3.0.3 has an integer overflow and resultant buffer overflow by way of an extended string on platforms (corresponding to Windows) the place size_t and lengthy have completely different numbers of bytes. This additionally impacts the CGI gem earlier than 0.3.1 for Ruby.
An concern was found in Servisnet Tessa 0.0.2. An attacker can add a brand new sysadmin consumer by way of a manipulation of the Authorization HTTP header.
Exposure of delicate info to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) earlier than 7.0.1-42218-2 permits distant attackers to acquire delicate info by way of unspecified vectors.
Improper neutralization of particular parts utilized in an SQL command (‘SQL Injection’) vulnerability in Log Management performance in Synology DiskStation Manager (DSM) earlier than 7.0.1-42218-2 permits distant attackers to inject SQL instructions by way of unspecified vectors.
Improper neutralization of particular parts utilized in an SQL command (‘SQL Injection’) vulnerability in Log Management performance in Synology DiskStation Manager (DSM) earlier than 7.0.1-42218-2 permits distant attackers to inject SQL instructions by way of unspecified vectors.
Improper neutralization of particular parts utilized in an SQL command (‘SQL Injection’) vulnerability in Security Management performance in Synology DiskStation Manager (DSM) earlier than 7.0.1-42218-2 permits distant attackers to inject SQL instructions by way of unspecified vectors.
Improper neutralization of particular parts utilized in an OS command (‘OS Command Injection’) vulnerability in mail sending and receiving part in Synology Mail Station earlier than 7.0.1-42218-2 permits distant authenticated customers to execute arbitrary instructions by way of unspecified vectors.
Improper neutralization of particular parts in output utilized by a downstream part (‘Injection’) vulnerability in work circulation administration in Synology DiskStation Manager (DSM) earlier than 7.0.1-42218-2 permits distant authenticated customers to inject arbitrary internet script or HTML by way of unspecified vectors.
Improper limitation of a pathname to a restricted listing (‘Path Traversal’) vulnerability in help service administration in Synology DiskStation Manager (DSM) earlier than 7.0.1-42218-2 permits distant authenticated customers to jot down arbitrary information by way of unspecified vectors.
OTRS directors can configure dynamic area and inject malicious JavaScript code within the error message of the common expression test. When used within the agent interface, malicious code is perhaps exectued within the browser. This concern impacts: OTRS AG OTRS 7.0.x model: 7.0.31 and prior variations.
Full checklist of recipients from buyer customers in a contact area could possibly be disclosed in notification emails occasion when the notification is ready to be despatched to every recipient individually. This concern impacts: OTRS AG OTRSCustomContactFields 8.0.x model: 8.0.11 and prior variations.
XMPie uStore 12.3.7244.0 permits for directors to generate reviews based mostly on uncooked SQL queries. Since the applying ships with default administrative credentials, an attacker might authenticate into the applying and exfiltrate delicate info from the database.
FISCO-BCOS release-3.0.0-rc2 accommodates a denial of service vulnerability. Some transactions is probably not dedicated efficiently, and malicious customers might use this to attain double-spending assaults.
IIPImage High Resolution Streaming Image Server previous to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi by way of malformed HTTP question parameters.
The SupportSweet WordPress plugin earlier than 2.2.5 doesn’t have authorisation and CRSF checks in its wpsc_tickets AJAX motion, which may permit unauthenticated customers to name it and delete arbitrary tickets by way of the set_delete_permanently_bulk_ticket setting_action. Other actions could also be affected as properly.
The SupportSweet WordPress plugin earlier than 2.2.7 doesn’t have CRSF test in its wpsc_tickets AJAX motion, which may permit attackers to make a logged in admin name it and delete arbitrary tickets by way of the set_delete_permanently_bulk_ticket setting_action.
The SupportSweet WordPress plugin earlier than 2.2.7 doesn’t sanitise and escape the question string earlier than outputting it again in pages with the [wpsc_create_ticket] shortcode embed, resulting in a Reflected Cross-Site Scripting concern
The SupportSweet WordPress plugin earlier than 2.2.7 doesn’t have CSRF test within the wpsc_tickets AJAX motion, nor has any sanitisation or escaping in among the filter fields which may permit attackers to make a logged in consumer gaining access to the ticket lists dashboard set an arbitrary filter (saved of their cookies) with an XSS payload in it.
The SupportSweet WordPress plugin earlier than 2.2.7 doesn’t validate and escape the web page attribute of its shortcode, which may permit customers with a task as little as Contributor to carry out Cross-Site Scripting assaults
The Rearrange Woocommerce Products WordPress plugin earlier than 3.0.8 doesn’t have correct entry controls within the save_all_order AJAX motion, nor validation and escaping when inserting consumer information in SQL assertion, resulting in an SQL injection, and permitting any authenticated consumer, corresponding to subscriber, to switch arbitrary put up content material (for instance with an XSS payload), in addition to exfiltrate any information by copying it to a different put up.
The RVM WordPress plugin earlier than 6.4.2 doesn’t have correct authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter within the rvm_import_regions AJAX motion, permitting any authenticated consumer, corresponding to subscriber, to learn arbitrary information on the net server
The Ultimate Product Catalog WordPress plugin earlier than 5.0.26 doesn’t have authorisation and CSRF checks in some AJAX actions, which may permit any authenticated customers, corresponding to subscriber to name them and add arbitrary merchandise, or change the plugin’s settings for instance
The SEUR Oficial WordPress plugin earlier than 1.7.2 creates a PHP file with a random title when put in, despite the fact that it’s used for help functions, it permits to obtain any file from the online server with out restriction after figuring out the URL and a password than an administrator can see within the plugin settings web page.
The CLUEVO LMS, E-Learning Platform WordPress plugin earlier than 1.8.1 doesn’t sanitise and escape Course’s module, which may permit excessive privilege customers to carry out Cross-Site Scripting assaults even when the unfiltered_html functionality is disallowed
The Store Toolkit for WooCommerce WordPress plugin earlier than 2.3.2 doesn’t sanitise and escape the tab parameter earlier than outputting it again in an admin web page in an error message, resulting in a Reflected Cross-Site Scripting
The Advanced Cron Manager WordPress plugin earlier than 2.4.2, advanced-cron-manager-pro WordPress plugin earlier than 2.5.3 doesn’t have authorisation checks in a few of its AJAX actions, permitting any authenticated customers, corresponding to subscriber to name them and add or take away occasions in addition to schedules for instance
The IP2Location Country Blocker WordPress plugin earlier than 2.26.5 doesn’t have authorisation and CSRF checks within the ip2location_country_blocker_save_rules AJAX motion, permitting any authenticated customers, corresponding to subscriber to name it and block arbitrary nation, or block all of them directly, stopping customers from accessing the frontend.
The Translate WordPress with GTranslate WordPress plugin earlier than 2.9.7 doesn’t sanitise and escape the physique parameter within the url_addon/gtranslate-email.php file earlier than outputting it again within the web page, resulting in a Reflected Cross-Site Scripting concern. Note: exploitation of the difficulty requires data of the NONCE_SALT and NONCE_KEY
The Ivory Search WordPress plugin earlier than 5.4.1 doesn’t escape among the Form settings, which may permit excessive privilege customers to carry out Cross-Site Scripting assaults even when the unfiltered_html functionality is disallowed.
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin earlier than 2.7.1 doesn’t test for authorisation and has a flawed CSRF logic when saving its settings, permitting any authenticated customers, corresponding to subscriber, to replace them. Furthermore, because of the lack of sanitisation and escaping, it may result in Stored Cross-Site Scripting
The IP2Location Country Blocker WordPress plugin earlier than 2.26.6 doesn’t have CSRF test within the ip2location_country_blocker_save_rules AJAX motion, permitting attackers to make a logged in admin block arbitrary nation, or block all of them directly, stopping customers from accessing the frontend.
The Paid Memberships Pro WordPress plugin earlier than 2.6.7 doesn’t escape the discount_code in considered one of its REST route (obtainable to unauthenticated customers) earlier than utilizing it in a SQL assertion, resulting in a SQL injection
The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin earlier than 2.0.4 was susceptible to mirrored XSS on the my-sticky-elements-leads admin web page.
The WooCommerce WordPress plugin earlier than 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability within the woo_ce admin web page.
A Use of Hardcoded Credentials vulnerability exists in AquaView variations 1.60, 7.x, and eight.x that might permit an authenticated native attacker to control customers and system settings.
Fix of CVE-2021-40525 don’t prepend delimiters upon legitimate listing validations. Affected implementations embody: – maildir mailbox retailer – Sieve file repository This allows a consumer to entry different customers information shops (restricted to consumer names being prefixed by the worth of the username getting used).
Buffer overflow in usb gadget class. Zephyr variations >= v2.6.0 include Heap-based Buffer Overflow (CWE-122). For extra info, see https://github.com/zephyrproject-rtos/zephyr/safety/advisories/GHSA-fm6v-8625-99jf
The RNDIS USB gadget class features a buffer overflow vulnerability. Zephyr variations >= v2.6.0 include Heap-based Buffer Overflow (CWE-122). For extra info, see https://github.com/zephyrproject-rtos/zephyr/safety/advisories/GHSA-hvfp-w4h8-gxvj
QuickBox Pro v2.4.8 accommodates a cross-site scripting (XSS) vulnerability at “adminuseredit.php?usertoedit=XSS”, because the consumer provided enter for the worth of this parameter shouldn’t be correctly sanitized.
twisted is an event-driven networking engine written in Python. In affected variations twisted exposes cookies and authorization headers when following cross-origin redirects. This concern is current within the `twited.internet.RedirectAgent` and `twisted.internet. BrowserLikeRedirectAgent` capabilities. Users are suggested to improve. There are not any recognized workarounds.
xrdp is an open supply distant desktop protocol (RDP) server. In affected variations an integer underflow resulting in a heap overflow within the sesman server permits any unauthenticated attacker which is ready to domestically entry a sesman server to execute code as root. This vulnerability has been patched in model 0.9.18.1 and above. Users are suggested to improve. There are not any recognized workarounds.
Frourio is a full stack framework, for TypeScript. Frourio customers who makes use of frourio model previous to v0.26.0 and integration with class-validator by way of `validators/` folder are topic to a enter validation vulnerability. Validators don’t work correctly for request our bodies and queries in particular conditions and a few enter shouldn’t be validated in any respect. Users are suggested to replace frourio to v0.26.0 or later and to put in `class-transformer` and `reflect-metadata`.
Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express customers who makes use of frourio-express model previous to v0.26.0 and integration with class-validator by way of `validators/` folder are topic to a enter validation vulnerability. Validators don’t work correctly for request our bodies and queries in particular conditions and a few enter shouldn’t be validated in any respect. Users are suggested to replace frourio to v0.26.0 or later and to put in `class-transformer` and `reflect-metadata`.
NATS nats-server earlier than 2.7.2 has Incorrect Access Control. Any authenticated consumer can get hold of the privileges of the System account by misusing the “dynamically provisioned sandbox accounts” function.
Cross-site scripting vulnerability in Canon laser printers and small workplace multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw bought in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) bought within the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) bought in Europe) permits distant attackers to inject an arbitrary script by way of unspecified vectors.
Hidden performance vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) permits an attacker on the adjoining community to execute an arbitrary OS command by way of unspecified vectors.
Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 permits a distant unauthenticated attacker to acquire an arbitrary file on the server by way of unspecified vectors.
Cross-site scripting vulnerability in CSV+ previous to 0.8.1 permits a distant unauthenticated attacker to inject an arbitrary script or an arbitrary OS command by way of a specifically crafted CSV file that accommodates HTML a tag.
Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier permits an attacker on the adjoining community to inject an arbitrary script by way of unspecified vectors.
Reflected cross-site scripting vulnerability within the hooked up file title of php_mailform variations previous to Version 1.40 permits a distant unauthenticated attacker to inject an arbitrary script by way of unspecified vectors.
Reflected cross-site scripting vulnerability within the checkbox of php_mailform variations previous to Version 1.40 permits a distant unauthenticated attacker to inject an arbitrary script by way of unspecified vectors.
Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 permits a distant unauthenticated attacker to inject an arbitrary script by way of unspecified vectors.
TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is susceptible to Buffer Overflow. Authenticated attackers can crash router httpd companies by way of /userRpm/PingIframeRpm.htm request which accommodates redundant & in parameter.
Two Heap based mostly buffer overflow vulnerabilities exist in ffjpeg by way of 01.01.2021. It is much like CVE-2020-23852. Issues which can be within the jfif_decode perform at ffjpeg/src/jfif.c (line 552) may trigger a Denial of Service by utilizing a crafted jpeg file.
Global buffer overflow vulnerability exist in ffjpeg by way of 01.01.2021. It is much like CVE-2020-23705. Issue is within the jfif_encode perform at ffjpeg/src/jfif.c (line 708) may trigger a Denial of Service by utilizing a crafted jpeg file.
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea earlier than 1.5.2 by way of API routes.This could be harmful particularly with state altering POST requests.
Gitea earlier than 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the susceptible admin or consumer API. which may let a distant malisious consumer execute arbitrary code.
Grafana is an open-source platform for monitoring and observability. In affected variations an attacker may serve HTML content material through the Grafana datasource or plugin proxy and trick a consumer to go to this HTML web page utilizing a specifically crafted hyperlink and execute a Cross-site Scripting (XSS) assault. The attacker may both compromise an present datasource for a selected Grafana occasion or both arrange its personal public service and instruct anybody to set it up of their Grafana occasion. To be impacted, all the following should be relevant. For the info supply proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker must be answerable for the HTTP server serving the URL of above datasource, and a specifically crafted hyperlink pointing on the attacker managed information supply should be clicked on by an authenticated consumer. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker must be answerable for the HTTP server serving the URL of above app, and a specifically crafted hyperlink pointing on the attacker managed plugin should be clocked on by an authenticated consumer. For the backend plugin useful resource: An attacker should be capable to navigate an authenticated consumer to a compromised plugin by way of a crafted hyperlink. Users are suggested to replace to a patched model. There are not any recognized workarounds for this vulnerability.
Grafana is an open-source platform for monitoring and observability. Affected variations are topic to a cross website request forgery vulnerability which permits attackers to raise their privileges by mounting cross-origin assaults towards authenticated high-privilege Grafana customers (for instance, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated consumer into inviting the attacker as a brand new consumer with excessive privileges. Users are suggested to improve as quickly as doable. There are not any recognized workarounds for this concern.
Grafana is an open-source platform for monitoring and observability. Affected variations of Grafana expose a number of API endpoints which don’t correctly deal with consumer authorization. `/groups/:groupId` will permit an authenticated attacker to view unintended information by querying for the precise group ID, `/groups/:search` will permit an authenticated attacker to seek for groups and see the whole variety of obtainable groups, together with for these groups that the consumer doesn’t have entry to, and `/groups/:groupId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended information by querying for the precise group ID. Users are suggested to improve as quickly as doable. There are not any recognized workarounds for this concern.
m1k1o/weblog is a light-weight self-hosted facebook-styled PHP weblog. Errors from capabilities `imagecreatefrom*` and `picture*` haven’t been checked correctly. Although PHP issued warnings and the add perform returned `false`, the unique file (that might include a malicious payload) was saved on the disk. Users are suggested to improve as quickly as doable. There are not any recognized workarounds for this concern.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. Personal data/cookies will be used for personalization of ads. Our partners will collect data and use cookies for ad personalization and measurement
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
