Authentication flaw

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass...

Sql injection

Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall NGFW. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: IB/qib: Fix memory leak in qibusersdmaqueuepkts The wrong goto label was used for the error case and missed cleanup of the pkt allocation. Addresses-Coverity-ID: 1493352 "Resource leak"...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix use-after-free in nftsetcatchalldestroy We need to use listforeachentrysafe iterator because we can not access @catchall after kfreercu call. syzbot reported: BUG: KASAN: use-after-free in...

Buffer overflow

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix READDIR buffer overflow If a client sends a READDIR count argument that is too small say, zero, then the buffer size calculation in the new initdirlist helper functions results in an underflow, allowing the XDR stream...

Buffer overflow

IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: hdmi: Perform NULL pointer check for mtkhdmiconf In commit 41ca9caaae0b "drm/mediatek: hdmi: Add check for CEA modes only" a check for CEA modes was added to function mtkhdmibridgemodevalid in order to address...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: ice: xsk: return xsk buffers back to pool when cleaning the ring Currently we only NULL the xdpbuff pointer in the internal SW ring but we never give it back to the xsk buffer pool. This means that buffers can be leaked out of th...

Double free

In the Linux kernel, the following vulnerability has been resolved: tun: avoid double free in tunfreenetdev Avoid double free in tunfreenetdev by moving the dev-tstats and tun-security allocs to a new ndoinit routine tunnetinit that will be called by registernetdevice. ndoinit is paired with the...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mac80211: fix locking in ieee80211startap error path We need to hold the local-mtx to release the channel context, as even encoded by the lockdepassertheld there. Fix it...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: initialize ssifinfo-client early During probe ssifinfo-client is dereferenced in error path. However, it is set when some of the error checking has already been done. This causes following kernel crash if an error pat...

Authentication flaw

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mm/hwpoison: clear MFCOUNTINCREASED before retrying getanypage Hulk Robot reported a panic in putpagetestzero when testing madvise with MADVSOFTOFFLINE. The BUG is triggered when retrying getanypage. This is because we keep...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...

Stack overflow

In the Linux kernel, the following vulnerability has been resolved: Input: elantech - fix stack out of bound access in elantechchangereportid The array param in elantechchangereportid must be at least 3 bytes, because elantechreadregparams is calling ps2command with PSMOUSECMDGETINFO, that is goi...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: fix global-out-of-bounds issue When eint virtual eint number is greater than gpio number, it maybe produce 'desceintn' size globle-out-of-bounds issue...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: kfence: fix memory leak when cat kfence objects Hulk robot reported a kmemleak problem: unreferenced object 0xffff93d1d8cc02e8 size 248: comm "cat", pid 23327, jiffies 4624670141 age 495992.217s hex dump first 32 bytes: 00 40 85 ...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix UAF when uninstall ipmisi and ipmimsghandler module Hi, When testing install and uninstall of ipmisi.ko and ipmimsghandler.ko, the system crashed. The log as follows: 141.087026 BUG: unable to handle kernel paging reque...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: asix: fix uninit-value in asixmdioread asixreadcmd may read less than sizeofsmsr bytes and in this case smsr will be uninitialized. Fail log: BUG: KMSAN: uninit-value in asixcheckhostenable drivers/net/usb/asixcommon.c:82 inline...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

Race condition

In the Linux kernel, the following vulnerability has been resolved: hamradio: defer ax25 kfree after unregisternetdev There is a possible race condition use-after-free like below USE | FREE ax25sendmsg | ax25queuexmit | devqueuexmit | devqueuexmit | devxmitskb | schdirectxmit | ... xmitone |...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ALSA: rawmidi - fix the uninitalized userpversion The userpversion was uninitialized for the user space file structure in the open function, because the file private structure use kmalloc for the allocation. The kernel ALSA...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: protect targets destructions with kdamondlock DAMON debugfs interface iterates current monitoring targets in 'dbgfstargetidsread' while holding the corresponding 'kdamondlock'. However, it also destructs the...

Integer overflow

In the Linux kernel, the following vulnerability has been resolved: hwmon: lm90 Prevent integer overflow/underflow in hysteresis calculations Commit b50aa49638c7 "hwmon: lm90 Prevent integer underflows of temperature calculations" addressed a number of underflow situations when writing temperatur...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix incorrect structure access In line: upper = info-upperdev; We access upperdev field, which is related only for particular events e.g. event == NETDEVCHANGEUPPER. So, this line cause invalid memory acce...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmulock in the TDP MMU, restart the iterator during tdpiternext and do not advance the iterator. Advancing the iterator results in skipping the...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: hamradio: improve the incomplete fix to avoid NPD The previous commit 3e0588c291d6 "hamradio: defer ax25 kfree after unregisternetdev" reorder the kfree operations and unregisternetdev operation to prevent UAF. This commit improv...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk-skrxdst to RCU rules syzbot reported various issues around early demux, one being included in this changelog 1 sk-skrxdst is using RCU protection without clearly documenting it. And following sequences in...

Cross site scripting

IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260769...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix incorrect page free bug Pointer to the allocated pages struct page page has already progressed towards the end of allocation. It is incorrect to perform freepagespage, order using this pointer as we would free any...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intelpmccore: fix memleak on registration failure In case device registration fails during module initialisation, the platform device structure needs to be freed using platformdeviceput to properly free all resource...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: refuse to enable an unbound pipe This ioctl implicitly assumed that the socket was already bound to a valid local socket name, i.e. Phonet object. If the socket was not bound, two separate problems would occur: 1 We'd...

Path traversal

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible...

Information disclosure

IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453...

Cross site request forgery (csrf)

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the /system/share/ztreecategoryedit...

Design/Logic Flaw

IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814...

Cross site scripting

Forcepoint NGFW Security Management Center Management Server has SMC Downloads optional feature to offer standalone Management Client downloads and ECA configuration downloads. Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Forcepoint Next...

Cross site scripting

Flusity-CMS v2.33 is vulnerable to Cross Site Scripting XSS in the "Contact form."...

Authentication flaw

Rejected reason: Incorrect assignment...

Cross site scripting

Flusity-CMS v2.33 is affected by: Cross Site Scripting XSS in 'Custom Blocks.'...

Design/Logic Flaw

Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period...

Cross site scripting

A Cross-site scripting XSS vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750A1FWv101b03 allows remote attackers to inject arbitrary web script or HTML via the url parameter...

Design/Logic Flaw

Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information...

Buffer overflow

Dell Digital Delivery, versions prior to 5.0.86.0, contain a Buffer Overflow vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation...

Design/Logic Flaw

Dell Digital Delivery, versions prior to 5.0.86.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code...

Improper access control

Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation...

Race condition

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing...

Memory corruption

Memory corruption in Core Services while executing the command for removing a single event listener...

Hardcoded credentials

Transient DOS while processing IE fragments from server during DTLS handshake...

Memory corruption

Memory corruption while processing TPC target power table in FTM TPC...