KDDI CORPORATION, NTT DOCOMO, INC., And SoftBank Corp. Security Vulnerabilities

CVE-2023-2420

A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to sql injection. The attack may be...

Important: container-tools:rhel8 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fix(es): container_init_t does not possess ptrace process context [almalinux-8.9.0.z] (JIRA:AlmaLinux-28923) Security Fix(es): podman: full container escape at build time...

Low: openssl and openssl-fips-provider security update

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data.....

Vitess vulnerable to infinite memory consumption and vtgate crash

Summary When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will OOM. Details When running the following query, the evalengine will try evaluate it and runs forever. select _utf16 0xFF The source of the bug lies in the.....

Neos Flow Arbitrary file upload and XML External Entity processing

It has been discovered that Flow 3.0.0 allows arbitrary file uploads, inlcuding server-side scripts, posing the risk of attacks. If those scripts are executed by the server when accessed through their public URL, anything not blocked through other means is possible (information disclosure,...

Important: container-tools:rhel8 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fix(es): container_init_t does not possess ptrace process context [almalinux-8.9.0.z] (JIRA:AlmaLinux-28923) Security Fix(es): podman: full container escape at build time...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2024-25046)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2024-25046 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service by an authenticated user using a specially...

RCE (Remote Code Execution) in Confluence Data Center and Server

This High severity RCE (Remote Code Execution) vulnerability was introduced in version of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of , allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality,...

Important: container-tools:rhel8 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fix(es): container_init_t does not possess ptrace process context [rhel-8.9.0.z] (JIRA:Rocky Linux-28923) Security Fix(es): podman: full container escape at build time...

Unencrypted traffic between pods when using Wireguard and an external kvstore

Impact For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. Patches This issue affects Cilium v1.14 before v1.14.7. This issue has been patched in Cilium v1.14.7. Workarounds There is no...

Veeam Agent for Linux - veeamsnap and blksnap Extended Linux Distribution Support

This article describesVeeam Agent for Linux support for distribution versions released after the latest release of Veeam Agent for...

Important: pcp security, bug fix, and enhancement update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

Path traversal and user privilege escalation in github.com/IceWhaleTech/CasaOS-UserService

The UserService API contains a path traversal vulnerability that allows an attacker to obtain any file on the system, including the user database and system configuration. This can lead to privilege escalation and compromise of the...

OpenStack Glance Bypass the storage quota and Denial of service

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving...

(RHSA-2024:2968) Moderate: fence-agents security and bug fix update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...

(RHSA-2024:3324) Important: pcp security, bug fix, and enhancement update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

[Out of Bounds Read and Write in configureProducer in C2BqBuffer.cpp in libcodec2_vndk]

In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for...

Important: pcp security, bug fix, and enhancement update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

CVE-2024-1415

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers....

openssl and openssl-fips-provider security update

openssl [1:3.0.7-27.0.3] - Enable openssl-fips-provider dependency [Orabug: 36504822] [1:3.0.7-27.0.2] - Temporary disable openssl-fips-provider dependency [Orabug: 36504822] [1:3.0.7-27.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-27] - Use certified FIPS module instead of...

Directory traversal in github.com/kataras/iris and github.com/kataras/iris/v12

The Context.UploadFormFiles function is vulnerable to directory traversal attacks, and can be made to write to arbitrary locations outside the destination directory. This vulnerability only occurs when built with Go versions prior to 1.17. Go 1.17 and later strip directory paths from filenames...

device-mapper-persistent-data bug fix and enhancement update

An update is available for device-mapper-persistent-data. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release,...

Exploit for Improper Input Validation in Microsoft

Pachine Python implementation for CVE-2021-42278 (Active...

Information Disclosure org.eclipse.jetty:jetty-util Dependency in Crowd Data Center and Server

This High severity org.eclipse.jetty:jetty-util Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-util Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2024-33221

An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

CVE-2024-33220

An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

(RHSA-2024:2952) Moderate: resource-agents security and bug fix update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...

gcc-toolset-13-annobin bug fix and enhancement update

An update is available for gcc-toolset-13-annobin. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the.....

python-into-dbus-python bug fix and enhancement update

An update is available for python-into-dbus-python. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the....

Excessive resource consumption in net/http, net/textproto and mime/multipart

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of...

Excessive memory growth in net/http and golang.org/x/net/http2

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate.....

Unbounded memory growth in net/http and golang.org/x/net/http2

An attacker can cause unbounded memory growth in servers accepting HTTP/2...

CVE-2024-28042

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096) kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size...

[Out of Bounds Read and Write in onQueueFilled in outQueue in libstagefright_soft_mpeg4dec]

In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

mingw-qemu-ga-win bug fix and enhancement update

An update is available for mingw-qemu-ga-win. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky....

Reviews and Rating – Google Reviews < 5.3 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated.....

Vitess vulnerable to infinite memory consumption and vtgate crash

Summary When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will OOM. Details When running the following query, the evalengine will try evaluate it and runs forever. select _utf16 0xFF The source of the bug lies in the.....

miekg/dns parsing error leads to nil pointer dereference and DoS

An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of...

SQLi (SQL Injection) org.postgresql:postgresql Dependency in Jira Software Data Center and Server

This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, and 9.14.0 of Jira Software Data Center and Server. Jira Software Data Center is unaffected by.....

Security Misconfiguration org.eclipse.jetty:jetty-server Dependency in Crowd Data Center and Server

This High severity org.eclipse.jetty:jetty-server Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-server Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

(RHSA-2023:7370) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812) kernel: net/sched: multiple vulnerabilities (CVE-2023-3609, CVE-2023-4128,...

CVE-2024-33223

An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

CVE-2024-33222

An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

Build Numbers and Versions of Veeam Plug-ins for Enterprise Applications

Build Numbers and Versions of Veeam Plug-ins for Enterprise Applications (Veeam Plug-in for SAP HANA, Veeam Plug-in for Oracle RMAN, Veeam Plug-in for SAP on Oracle, Veeam Plug-in for Microsoft SQL...

(RHSA-2024:2845) Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744) kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628) Bug Fix(es): kernel: untrusted...

Denial of service in net/http and golang.org/x/net/http2

HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of...

WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting

WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin...

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution

Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input......

Improve one-time permissions handling and revoking mechanism to prevent security issues

In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...