KDDI CORPORATION, NTT DOCOMO, INC., And SoftBank Corp. Security Vulnerabilities

Typo3 Arbitrary file upload and XML External Entity processing

It has been discovered that Flow 3.0.0 allows arbitrary file uploads, inlcuding server-side scripts, posing the risk of attacks. If those scripts are executed by the server when accessed through their public URL, anything not blocked through other means is possible (information disclosure,...

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (AlmaLinux-35449) Security Fix(es): ruby: Buffer overread...

CVE-2023-36867

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution...

Moodle uses the same key for QR login and auto-login

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...

python39:3.9 and python39-devel:3.9 security update

mod_wsgi numpy python39 [3.9.19-1] - Update to 3.9.19 - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33676, RHEL-33688 python3x-pip python3x-setuptools python3x-six python-cffi python-chardet python-cryptography...

Exploit for CVE-2023-38831

VolleyballSquid-----CVE-2023-38831-and-Bypass-UAC This is my...

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): Rebase...

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): Rebase...

SQLi (SQL Injection) org.postgresql:postgresql Dependency in Confluence Data Center and Server

This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 6.0.1 of Confluence Data Center and Server. Confluence Data Center is unaffected by this vulnerability as it does not use the {{PreferQueryMode=SIMPLE}} parameter required for this vulnerability in....

Cisco Small Business 200,300 and 500 Series Switches - Open Redirect

Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized...

Vyper's raw_call `value=` kwargs not disabled for static and delegate calls

Summary Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value=...

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) ruby: Buffer overread vulnerability in StringIO...

D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure

A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request...

LatePoint Plugin < 4.9.9.1 - Missing Authorization and Sensitive Information Exposure via IDOR

Description The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated...

CVE-2020-1182

A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An authenticated...

D-Link Network Attached Storage - Command Injection and Backdoor Account

UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the...

Silverstripe XSS in TreeDropdownField and TreeMultiSelectField

A cross-site scripting vulnerability has been discovered in the TreeDropdownField and TreeMultiSelectField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the dataobjects used as a data source for either of these fields. This...

LNbits improperly handles potential network and payment failures when using Eclair backend

Summary Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. Details Using blocking: true on the API call will lead to a timeout error if a payment does not get settled in the 30s....

kernel security and bug fix update

[5.14.0-427.18.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...

Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution

Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit...

Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section....

Moderate: resource-agents security and bug fix update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) ruby: Buffer overread vulnerability in StringIO...

[Out of Bounds Read and Write in configureProducer in C2BqBuffer.cpp in libcodec2_vndk]

In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for...

DoS (Denial of Service) org.json:json Dependency in Bitbucket Data Center and Server

This High severity org.json:json Dependency vulnerability was introduced in versions 7.17.0, 7.21.15, 8.9.4, 8.13.0, 8.14.0, and 8.15.0 of Bitbucket Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

tomcat security and bug fix update

[1:9.0.87-1.el9_4.1] - Resolves: RHEL-34815 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-31048 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) - Resolves: RHEL-31032 tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) - Resolves:...

Moderate: fence-agents security and bug fix update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...

GiveWP – Donation Plugin and Fundraising Platform < 3.12.1 - Reflected Cross-Site Scripting

Description The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.12.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

Image Hover Effects for Elementor with Lightbox and Flipbox <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id, oxi_addons_f_title_tag, and content_description_tag Parameters

Description The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_id', 'oxi_addons_f_title_tag', and 'content_description_tag' parameters in all versions up to, and including, 3.0.2 due to insufficient input...

Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section....

ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`

Zend_View is a component that utilizes PHP as a templating language. To utilize it, you specify "script paths" that contain view scripts, and then render() view scripts by specifying subdirectories within those script paths; the output is then returned as a string value which may be cached or...

ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`

Zend_View is a component that utilizes PHP as a templating language. To utilize it, you specify "script paths" that contain view scripts, and then render() view scripts by specifying subdirectories within those script paths; the output is then returned as a string value which may be cached or...

LDAP Injection

Apache Derby is vulnerable to LDAP Injection. The vulnerability is due to improper input validation in the username field which can be used to bypass authentication checks. This can be exploited by an attacker by injecting malicious usernames, and as a result fill up the disk by creating junk...

Improve one-time permissions handling and revoking mechanism to prevent security issues

In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

Malicious app can bypass one-time permission revocation and keep it granted

In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Proxy PAC URL can use several URL schemes, including file: and jar:

In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for...

[Out of Bounds Read and Write in onQueueFilled in outQueue in libstagefright_soft_mpeg4dec]

In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Moderate: resource-agents security and bug fix update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...

WPMobile.App — Android and iOS Mobile Application < 11.42 - Reflected Cross-Site Scripting

Description The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 11.41 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

Moderate: fence-agents security and bug fix update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...

Improper Authorization org.springframework.security:spring-security-core Dependency in Confluence Data Center and Server

This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework.security:spring-security-core Dependency vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of...

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...

Request Smuggling org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server

This High severity org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability, with a CVSS Score of 7.5.....

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...

Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at....

DoS (Denial of Service) com.google.code.gson:gson Dependency in Crucible Data Center and Server

This High severity com.google.code.gson:gson Dependency vulnerability was introduced in version 4.8.0 of Crucible Data Center and Server. This com.google.code.gson:gson Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF

Description The theme does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to...

SQLi (SQL Injection) org.postgresql:postgresql Dependency in Jira Software Data Center and Server

This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, and 9.14.0 of Jira Software Data Center and Server. Jira Software Data Center is unaffected by.....

ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities

Multiple vulnerabilities in the ConfD CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system. For more information about these vulnerabilities, see the Details ["#details"] section.....