Possible user mocking that bypasses basic authentication

Impact next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow state, PKCE or nonce. Manually overriding the...

Design/Logic Flaw

NextAuth.js provides authentication for Next.js. next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth...

CVE-2023-48309 next-auth vulnerable to possible user mocking that bypasses basic authentication

NextAuth.js provides authentication for Next.js. next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth...

CVE-2023-38316

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt...

DEBIAN-CVE-2023-38316

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt...

kernel: wifi: rtw88: use work to update rate to avoid RCU warning

A flaw was identified in the Linux kernel’s rtw88 Wi-Fi driver drivers/net/wireless/realtek/rtw88 where the ieee80211ops::starcupdate callback was invoked within a Read-Copy-Update RCU read-side critical section without proper atomicity or deferral. The ieee80211chanbwchange function holds an RCU...

kernel: wifi: ath6kl: reduce WARN to dev_dbg() in callback

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: reduce WARN to devdbg in callback The warn is triggered on a known race condition, documented in the code above the test, that is correctly handled. Using WARN hinders automated testing. Reducing severity...

kernel: wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()

A flaw was found in the ath9k USB Wi-Fi driver in the Linux kernel. In certain conditions within the ath9khifusbregincb path, a socket buffer skb may be freed prematurely and then freed again on an error path, leading to a use-after-free condition. Additionally, failure to allocate a new skb can...

kernel: Rate limit overflow messages in r8152 in intr_callback

A vulnerability was found in intrcallback in drivers/net/usb/r8152.c in the BPF component in the Linux Kernel. The manipulation leads to logging excessive data, where an attack can be launched remotely...

kernel: Rate limit overflow messages in r8152 in intr_callback

A vulnerability was found in intrcallback in drivers/net/usb/r8152.c in the BPF component in the Linux Kernel. The manipulation leads to logging excessive data, where an attack can be launched remotely...

claimAuction can be reverted by any bidder, locking all funds and the prize.

Lines of code Vulnerability details Description claimAuction is used to redeem the auction's ERC-721 and refund all bidders that didn't win the auction. In this process, callbacks are sent to every single bidder via low-level calls that triggers fallbacks/receives and ERC721.safeTransferFrom. So,...

All contributions can get locked in the Crowdfund contract, with no means to refund users or finalize.

Lines of code Vulnerability details Impact ETHCrowdfundBasefinalize assumes that all contributions are intact, but there is an emergencyExecute function that is capable of spending part of crowdfund eth. If as little as one wei gets spent, Users cannot get refunded, and the Crowdfund will not get...

CVE-2023-43570

A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code...

Code injection

A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code...

CVE-2023-43570

The CVE-2023-43570 entry involves the OemSmi driver, specifically its SMI callback function, where a local attacker with elevated privileges could execute arbitrary code. Documents consistently identify the vulnerable component as the OemSmi driver’s SMI callback, indicating local privilege escal...

CVE-2023-43570

A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code...

kernel: dmaengine: ptdma: check for null desc before calling pt_cmd_callback

AMD PTDMA Pass-Through DMA engine crashes the kernel when ptissuepending encounters empty descriptor queues. The function blindly invokes ptcmdcallback without verifying that a valid descriptor exists, triggering a NULL pointer dereference. This commonly surfaces during system shutdown on AMD...

kernel: acpi: Fix suspend with Xen PV

In the Linux kernel, the following vulnerability has been resolved: acpi: Fix suspend with Xen PV Commit f1e525009493 "x86/boot: Skip realmode init code when running as Xen PV guest" missed one code path accessing realmodeheader, leading to dereferencing NULL when suspending the system under Xen:...

kernel: wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()

A flaw was found in the ath9k USB Wi-Fi driver in the Linux kernel. In certain conditions within the ath9khifusbregincb path, a socket buffer skb may be freed prematurely and then freed again on an error path, leading to a use-after-free condition. Additionally, failure to allocate a new skb can...

kernel: drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback

A function prototype mismatch was found in the AMD GPU driver's DPM table callbacks. When kCFI Control Flow Integrity is enabled, the mismatched types cause CFI validation failures, potentially crashing the kernel...