NEC Platforms, Ltd. Security Vulnerabilities

Encoded session passwords on session storage for Virtual Fabric platforms.(CVE-2024-29953)

A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded...

CVE-2024-3016

NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated...

Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC...

Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC...

‘Operation Endgame’ Hits Malware Delivery Platforms

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort.....

CVE-2023-49801

Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the get_pfp and get_banner routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is...

CVE-2019-25086

A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml_url leads to cross site scripting. The attack can be...

whoami stack buffer overflow on several Unix platforms

With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an immediate stack buffer overflow on illumos and Solaris: whoami::username whoami::realname whoami::username_os whoami::realname_os With versions of the whoami crate >= 0.5.3 and < 1.0.1, ca...

Stack buffer overflow with whoami on several Unix platforms

With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an immediate stack buffer overflow on illumos and Solaris: whoami::username whoami::realname whoami::username_os whoami::realname_os With versions of the whoami crate >= 0.5.3 and < 1.0.1, ca...

CVE-2021-31971 Windows HTML Platforms Security Feature Bypass Vulnerability

...

CVE-2024-20652 Windows HTML Platforms Security Feature Bypass Vulnerability

...

CVE-2023-35384 Windows HTML Platforms Security Feature Bypass Vulnerability

...

whoami stack buffer overflow on several Unix platforms

With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an immediate stack buffer overflow on illumos and Solaris: whoami::username whoami::realname whoami::username_os whoami::realname_os With versions of the whoami crate >= 0.5.3 and < 1.0.1, ca...

CVE-2023-6099

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....

CVE-2022-48674 erofs: fix pcluster use-after-free on UP platforms

In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIG_SMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in...

CVE-2024-34947

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...

CVE-2024-35989 dmaengine: idxd: Fix oops during rmmod on single-CPU platforms

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid...

CVE-2024-34948

An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP...

CVE-2023-23990

Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...

CVE-2024-1067

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the...

CVE-2023-38817

An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...

CVE-2023-6363

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them...

CVE-2022-42898

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of...

CVE-2024-20652

Windows HTML Platforms Security Feature Bypass...

HP Sure Admin Security Update

A potential security vulnerability has been identified in certain HP PC products using HP Sure Admin, which might allow escalation of privilege. HP is releasing mitigation for the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that...

Mirth Connect deserialization vulnerability

Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade...

CVE-2009-0849

Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service (daemon crash) on...

Intel Thunderbolt Driver May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Thunderbolt driver software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP...

Intel Arc™ & Iris® Xe Graphics Software May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Arc™ & Iris® Xe Graphics software which may allow escalation of privilege. Intel is releasing updates to mitigate the potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

Intel Extreme Tuning Utility (XTU) May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Extreme Tuning Utility (XTU) software, which might allow escalation of privilege. Intel is releasing updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP...

Intel BIOS Guard and PPAM Firmware May 2024 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® BIOS Guard and Platform Properties Assessment Module (PPAM) firmware, which might allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates...

Intel PROSet/Wireless WiFi and Bluetooth May 2024 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Bluetooth® products, which might allow denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the...

Intel Graphics Command Center Service Software May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Graphics Command Center Service software (bundled in some Intel® Graphics Windows DCH driver software), which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential...

Intel Ethernet Controller I225 May 2024 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® Ethernet Controller I225 Manageability firmware, which might allow escalation of privilege or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates...

CVE-2023-38199

coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the....

osCommerce 4 Cross Site Scripting

...

CVE-2024-0671

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already....

CVE-2024-31601

An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php...

ROS-20240522-05

A vulnerability in the Hotspot component of Java SE software platforms, Oracle GraalVM Enterprise Virtual Machine Edition is related to insufficient input data validation. Exploitation of the vulnerability could allow A remote attacker to create, delete, or modify access to data Vulnerability in...

CVE-2024-33899

RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape...

Doctrine SQL injection vulnerability

Doctrine is prone to SQL injection vulnerability. Users of Doctrine 1.2 and 2 should update to the newly released versions of both libraries immediately. Both versions only include the security fix and no other changes to their previous versions 1.2.3 and 2.0.2. Affected versions are: - 1.2.3 and.....

Exploit for Vulnerability in Apple Macos

Details See Blog:...

Doctrine SQL injection vulnerability

Doctrine is prone to SQL injection vulnerability. Users of Doctrine 1.2 and 2 should update to the newly released versions of both libraries immediately. Both versions only include the security fix and no other changes to their previous versions 1.2.3 and 2.0.2. Affected versions are: - 1.2.3 and.....

CVE-2024-1065

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects...

[SECURITY] Fedora 40 Update: qt6-qtmultimedia-6.7.1-1.fc40

The Qt Multimedia module provides a rich feature set that enables you to easily take advantage of a platforms multimedia capabilites and hardware. This ranges from the playback and recording of audio and video content to the use of available devices like cameras and...

CVE-2024-1395

Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. This.....

BIT-artifactory-2024-4142

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory.Due to this vulnerability, users with low privileges may gain administrative access to the system.This issue can also be exploited in Artifactory platforms with...

CVE-2021-47362

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Update intermediate power state for SI Update the current state as boot state during dpm initialization. During the subsequent initialization, set_power_state gets called to transition to the final power state....

CVE-2009-0601

Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment...

CVE-2023-27477

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected...