Sharp Nec Display Solutions, Ltd. Security Vulnerabilities

qemu-kvm bug fix update

An update is available for qemu-kvm. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine (KVM) is a full virtualization solution for...

Release Information for NEC Storage V Series Plug-In for Veeam Backup & Replication

Release Information for NEC Storage V Series Plug-In for Veeam Backup &...

Exploit for Cleartext Transmission of Sensitive Information in Securenvoy Multi-Factor Authentication Solutions

securenvoy-cve-2024-37393 RESPONSIBLE DISCLOSURE...

WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery

WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized...

qemu-kvm security update

An update is available for qemu-kvm. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine (KVM) is a full virtualization solution for...

Security Bulletin: NVIDIA GPU Display Driver - June 2024

NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...

Moderate: qemu-kvm security update

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest()...

CVE-2024-37393

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

CVE-2021-43899

Microsoft 4K Wireless Display Adapter Remote Code Execution...

nec-escrime.fr Cross Site Scripting vulnerability OBB-3900386

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

qemu-kvm security update

[8.2.0-11] - kvm-coroutine-cap-per-thread-local-pool-size.patch [RHEL-28947] - kvm-coroutine-reserve-5-000-mappings.patch [RHEL-28947] - Resolves: RHEL-28947 (Qemu crashing with 'failed to set up stack guard page: Cannot allocate memory') [8.2.0-10] -...

Windows Display Driver Enumeration

Nessus was able to enumerate one or more of the display drivers on the remote host via...

(RHSA-2024:2135) Moderate: qemu-kvm security update

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest()...

Dell Display Manager Installed (Windows)

Dell Display Manager was detected on the remote Windows...

Grandstream Networking Solutions Device Web Detection

The web interface for a Grandstream Networking Solutions device, such as a router or wireless access point, was detected on the remote...

Justice AV Solutions JVS Viewer Installed (Windows)

Justice AV Solutions JVS Viewer is installed on the remote Windows...

Automated Solutions Modbus/TCP OPC Server Detection

Automated Solutions' Modbus/TCP OPC Server is installed on the remote Windows...

Comments in display names are incorrectly handled in net/mail

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...

CVE-2010-5170

Race condition in Online Solutions Security Suite 1.5.14905.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes...

The "Your Jira Issues" section on the Bitbucket dashboard is fetching images via the internal Application URL rather than the external Display URL

h3. Issue Summary This is reproducible on Data Center: yes h3. Steps to Reproduce # Create an Application link to Jira Instance with different "Application" and 'Display URLs' !image-2024-05-14-18-13-31-601.png|thumbnail! # Block the 'Application URL' access on the client system (browser) using...

NVIDIA Linux GPU Display Driver (February 2024)

The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities: NVIDIA GPU Display Driver for WIndows and Linux contains a vulnerability in the kernel mode data handler, where an unprivileged regular user can...

NVIDIA Windows GPU Display Driver (June 2024)

A display driver installed on the remote Windows host is affected by multiple vulnerabilities, including the following: NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of...

NVIDIA Windows GPU Display Driver (February 2024)

A display driver installed on the remote Windows host is affected by multiple vulnerabilities, including the following: NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful...

display-design.de Cross Site Scripting vulnerability OBB-3916592

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

NVIDIA Linux GPU Display Driver (June 2024)

The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following: NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful...

CVE-2006-6207

SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter. NOTE: the vendor disputes this issue, stating that it is a forced SQL...

CVE-2005-4787

Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in...

solutions-ressources-humaines.com Cross Site Scripting vulnerability OBB-3872295

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

NVIDIA Windows GPU Display Driver Multiple Vulnerabilities (February 2019)

The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities: A vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This...

CVE-2022-48766 drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU.

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU. Mirrors the logic for dcn30. Cue lots of WARNs and some kernel panics without this...

CVE-2023-52460 drm/amd/display: Fix NULL pointer dereference at hibernate

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clk_mgr. So don't use it to look for DML2...

CVE-2023-52460 drm/amd/display: Fix NULL pointer dereference at hibernate

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clk_mgr. So don't use it to look for DML2...

Justice AV Solutions JVS Viewer Embedded Malicious Code (CVE-2024-4978)

The version of Justice AV Solutions JVS Viewer installed on the remote host is 8.3.7. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4978 advisory. Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an...

Automated Solutions Modbus Slave MiniHMI.exe ActiveX Modbus/TCP Diagnostic Function Arbitrary Code Execution

The remote host contains the Automated Solutions Modbus TCP Slave ActiveX control, which allows a PC to emulate a Modbus Serial and / or TCP slave device. The version of this control installed on the remote host reportedly contains a buffer overflow issue with the Modbus/TCP Diagnostic function...

CVE-2023-52634 drm/amd/display: Fix disable_otg_wa logic

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix disable_otg_wa logic [Why] When switching to another HDMI mode, we are unnecesarilly disabling/enabling FIFO causing both HPO and DIG registers to be set at the same time when only HPO is supposed to be set....

Investigate Security Vulnerability of getPhysicalDisplayToken

In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-52773 drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() When ddc_service_construct() is called, it explicitly checks both the link type and whether there is something on the link which will dictate whether the pin.....

CVE-2023-52634 drm/amd/display: Fix disable_otg_wa logic

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix disable_otg_wa logic [Why] When switching to another HDMI mode, we are unnecesarilly disabling/enabling FIFO causing both HPO and DIG registers to be set at the same time when only HPO is supposed to be set....

CVE-2023-52773 drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() When ddc_service_construct() is called, it explicitly checks both the link type and whether there is something on the link which will dictate whether the pin.....

CVE-2024-38552

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer...

CVE-2024-38552

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer...

Exploit for Deserialization of Untrusted Data in Clear Clearml

NOTE: this cve was not found by me, i'm simply reuploading a...

LG LED Assistant Detection

LG LED Assistant, a digital signage management application, is running on the remote...

CVE-2022-48698 drm/amd/display: fix memory leak when using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix memory leak when using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. Fix this up by properly calling...

CVE-2024-26648 drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() In edp_setup_replay(), 'struct dc dc' & 'struct dmub_replay replay' was dereferenced before the pointer 'link' & 'replay' NULL check. Fixes the...

User with system administrator privilege can search restricted pages.

h3. Issue Summary Starting Confluence 8.5.1 when a user is granted System administrator permission at Global permissions. The user can search for Restricted content and the restricted page gets displayed in search, when tried to access it says "Page can't be found". This behaviour is not...

CVE-2024-26767 drm/amd/display: fixed integer types and null check locations

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed integer types and null check locations [why]: issues fixed: - comparison with wider integer type in loop condition which can cause infinite loops - pointer dereference before null...

CVE-2024-4978 Malicious Code in Justice AV Solutions (JAVS) Viewer

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell...

CVE-2024-35788 drm/amd/display: Fix bounds check for dcn35 DcfClocks

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix bounds check for dcn35 DcfClocks [Why] NumFclkLevelsEnabled is used for DcfClocks bounds check instead of designated NumDcfClkLevelsEnabled. That can cause array index out-of-bounds access. [How] Use...

CVE-2024-4978 Malicious Code in Justice AV Solutions (JAVS) Viewer

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell...