Weekly Vulnerabilities Reports > August 5 to 11, 2024

NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access.

NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt.

Asterisk is an open source private branch exchange (PBX) and telephony toolkit.

There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.

Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow.

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.

Password reset tokens are generated using an insecure source of randomness.

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00.

Incorrect User Management vulnerability in Naukowa i Akademicka Siec Komputerowa - Panstwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.

An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.

Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege.

Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page.

Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page.

Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page.

A vulnerability was found in DataGear up to 5.0.0.

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices.

Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence.

Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence.

A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution.

Incomplete WebAssembly exception handing could have led to a use-after-free.

Editor code failed to check an attribute value.

Unexpected marking work at the start of sweeping could have led to a use-after-free.

Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free.

Incorrect garbage collection interaction could have led to a use-after-free.

A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical.

A vulnerability has been found in itsourcecode Airline Reservation System 1.0 and classified as critical.

A vulnerability was found in itsourcecode Airline Reservation System 1.0 and classified as critical.

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js.

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js.

ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device.

A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file.

A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.

A flaw was found in the Pulp package.

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.

A select option could partially obscure security prompts.

It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site.

HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability.

Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device.

Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read.

Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality.

Vulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

In the Linux kernel, the following vulnerability has been resolved: ext4: use memtostr_pad() for s_volume_name As with the other strings in struct ext4_super_block, s_volume_name is not NUL terminated.

Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking.

An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.

An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.

Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user.

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows.

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption.

Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service.

Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.

Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient.

A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code.

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation.

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed.

A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload.

In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions

oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability.

oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability.

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability.

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability.

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability.

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability.

oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability.

Memory corruption when keymaster operation imports a shared key.

Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.

Memory corruption while processing graphics kernel driver request to create DMA fence.

Memory corruption when kernel driver attempts to trigger hardware fences.

Memory corruption while processing IOCTL call to set metainfo.

Memory corruption while allocating memory in HGSL driver.

Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.

Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys.

NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch.

Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser.

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.

Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded.

Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities.

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors.

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15.

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15.

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15.

Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources.

Anti-tampering can be disabled under certain conditions without signature validation.

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

SQL injection vulnerability in E-Negosyo System affecting version 1.0.

SQL injection vulnerability in E-Negosyo System affecting version 1.0.

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability.

Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read.

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js.

Information disclosure while handling beacon or probe response frame in STA.

Information disclosure while handling beacon probe frame during scan entry generation in client side.

Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS).

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15.

** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue.

An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks.

Shopware is an open commerce platform.

Firmware in KAON AR2140 routers prior to version 4.2.16 is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router.

CloudStack account-users by default use username and password based authentication for API and UI access.

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter.

mailcow: dockerized is an open source groupware/email suite based on docker.

Access control vulnerability in the security verification module mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process.

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails to validate /etc/mtab during the Pre-Boot Authorization (PBA) process.

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boot Authorization (PBA) process.

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process.

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization (PBA) process.

A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.  Affected versions include 10.1.x.x and 10.2.x.x.

Summary: Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS.

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process.

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server.

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2.

Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline.

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2.

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2.

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2.

An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration.

An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration.

Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Siec Komputerowa - Panstwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials. This issue affects EZD RP all versions before 19.6

An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page.

An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering.

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability.

Select options could obscure the fullscreen notification dialog.

ANGLE failed to initialize parameters which lead to reading from uninitialized memory.

The date picker could partially obscure security prompts.

Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor.

Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".

Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Access permission verification vulnerability in the content sharing pop-up module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Permission verification vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect availability

Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.

A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.

A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.

A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.

An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.

Qwik is a performance focused javascript framework.

A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter.

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129.

Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.

The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.

ID4Portais in version < V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability.

A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter.

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices.

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0.

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection.

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0.

Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js.

mailcow: dockerized is an open source groupware/email suite based on docker.

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.

Shopware is an open commerce platform.

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file.

LaunchAnywhere vulnerability in the account module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Access permission verification vulnerability in the Contacts module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

In the Linux kernel, the following vulnerability has been resolved: mm: page_ref: remove folio_try_get_rcu() The below bug was reported on a non-SMP kernel: [ 275.267158][ T4335] ------------[ cut here ]------------ [ 275.267949][ T4335] kernel BUG at include/linux/page_ref.h:275! [ 275.268526][ T4335] invalid opcode: 0000 [#1] KASAN PTI [ 275.269001][ T4335] CPU: 0 PID: 4335 Comm: trinity-c3 Not tainted 6.7.0-rc4-00061-gefa7df3e3bb5 #1 [ 275.269787][ T4335] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 275.270679][ T4335] RIP: 0010:try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.272813][ T4335] RSP: 0018:ffffc90005dcf650 EFLAGS: 00010202 [ 275.273346][ T4335] RAX: 0000000000000246 RBX: ffffea00066e0000 RCX: 0000000000000000 [ 275.274032][ T4335] RDX: fffff94000cdc007 RSI: 0000000000000004 RDI: ffffea00066e0034 [ 275.274719][ T4335] RBP: ffffea00066e0000 R08: 0000000000000000 R09: fffff94000cdc006 [ 275.275404][ T4335] R10: ffffea00066e0037 R11: 0000000000000000 R12: 0000000000000136 [ 275.276106][ T4335] R13: ffffea00066e0034 R14: dffffc0000000000 R15: ffffea00066e0008 [ 275.276790][ T4335] FS: 00007fa2f9b61740(0000) GS:ffffffff89d0d000(0000) knlGS:0000000000000000 [ 275.277570][ T4335] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 275.278143][ T4335] CR2: 00007fa2f6c00000 CR3: 0000000134b04000 CR4: 00000000000406f0 [ 275.278833][ T4335] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 275.279521][ T4335] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 275.280201][ T4335] Call Trace: [ 275.280499][ T4335] <TASK> [ 275.280751][ T4335] ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) [ 275.281087][ T4335] ? do_trap (arch/x86/kernel/traps.c:112 arch/x86/kernel/traps.c:153) [ 275.281463][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.281884][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.282300][ T4335] ? do_error_trap (arch/x86/kernel/traps.c:174) [ 275.282711][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.283129][ T4335] ? handle_invalid_op (arch/x86/kernel/traps.c:212) [ 275.283561][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.283990][ T4335] ? exc_invalid_op (arch/x86/kernel/traps.c:264) [ 275.284415][ T4335] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:568) [ 275.284859][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.285278][ T4335] try_grab_folio (mm/gup.c:148) [ 275.285684][ T4335] __get_user_pages (mm/gup.c:1297 (discriminator 1)) [ 275.286111][ T4335] ? __pfx___get_user_pages (mm/gup.c:1188) [ 275.286579][ T4335] ? __pfx_validate_chain (kernel/locking/lockdep.c:3825) [ 275.287034][ T4335] ? mark_lock (kernel/locking/lockdep.c:4656 (discriminator 1)) [ 275.287416][ T4335] __gup_longterm_locked (mm/gup.c:1509 mm/gup.c:2209) [ 275.288192][ T4335] ? __pfx___gup_longterm_locked (mm/gup.c:2204) [ 275.288697][ T4335] ? __pfx_lock_acquire (kernel/locking/lockdep.c:5722) [ 275.289135][ T4335] ? __pfx___might_resched (kernel/sched/core.c:10106) [ 275.289595][ T4335] pin_user_pages_remote (mm/gup.c:3350) [ 275.290041][ T4335] ? __pfx_pin_user_pages_remote (mm/gup.c:3350) [ 275.290545][ T4335] ? find_held_lock (kernel/locking/lockdep.c:5244 (discriminator 1)) [ 275.290961][ T4335] ? mm_access (kernel/fork.c:1573) [ 275.291353][ T4335] process_vm_rw_single_vec+0x142/0x360 [ 275.291900][ T4335] ? __pfx_process_vm_rw_single_vec+0x10/0x10 [ 275.292471][ T4335] ? mm_access (kernel/fork.c:1573) [ 275.292859][ T4335] process_vm_rw_core+0x272/0x4e0 [ 275.293384][ T4335] ? hlock_class (a ---truncated---

In the Linux kernel, the following vulnerability has been resolved: closures: Change BUG_ON() to WARN_ON() If a BUG_ON() can be hit in the wild, it shouldn't be a BUG_ON() For reference, this has popped up once in the CI, and we'll need more info to debug it: 03240 ------------[ cut here ]------------ 03240 kernel BUG at lib/closure.c:21! 03240 kernel BUG at lib/closure.c:21! 03240 Internal error: Oops - BUG: 00000000f2000800 [#1] SMP 03240 Modules linked in: 03240 CPU: 15 PID: 40534 Comm: kworker/u80:1 Not tainted 6.10.0-rc4-ktest-ga56da69799bd #25570 03240 Hardware name: linux,dummy-virt (DT) 03240 Workqueue: btree_update btree_interior_update_work 03240 pstate: 00001005 (nzcv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--) 03240 pc : closure_put+0x224/0x2a0 03240 lr : closure_put+0x24/0x2a0 03240 sp : ffff0000d12071c0 03240 x29: ffff0000d12071c0 x28: dfff800000000000 x27: ffff0000d1207360 03240 x26: 0000000000000040 x25: 0000000000000040 x24: 0000000000000040 03240 x23: ffff0000c1f20180 x22: 0000000000000000 x21: ffff0000c1f20168 03240 x20: 0000000040000000 x19: ffff0000c1f20140 x18: 0000000000000001 03240 x17: 0000000000003aa0 x16: 0000000000003ad0 x15: 1fffe0001c326974 03240 x14: 0000000000000a1e x13: 0000000000000000 x12: 1fffe000183e402d 03240 x11: ffff6000183e402d x10: dfff800000000000 x9 : ffff6000183e402e 03240 x8 : 0000000000000001 x7 : 00009fffe7c1bfd3 x6 : ffff0000c1f2016b 03240 x5 : ffff0000c1f20168 x4 : ffff6000183e402e x3 : ffff800081391954 03240 x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000a8000000 03240 Call trace: 03240 closure_put+0x224/0x2a0 03240 bch2_check_for_deadlock+0x910/0x1028 03240 bch2_six_check_for_deadlock+0x1c/0x30 03240 six_lock_slowpath.isra.0+0x29c/0xed0 03240 six_lock_ip_waiter+0xa8/0xf8 03240 __bch2_btree_node_lock_write+0x14c/0x298 03240 bch2_trans_lock_write+0x6d4/0xb10 03240 __bch2_trans_commit+0x135c/0x5520 03240 btree_interior_update_work+0x1248/0x1c10 03240 process_scheduled_works+0x53c/0xd90 03240 worker_thread+0x370/0x8c8 03240 kthread+0x258/0x2e8 03240 ret_from_fork+0x10/0x20 03240 Code: aa1303e0 d63f0020 a94363f7 17ffff8c (d4210000) 03240 ---[ end trace 0000000000000000 ]--- 03240 Kernel panic - not syncing: Oops - BUG: Fatal exception 03240 SMP: stopping secondary CPUs 03241 SMP: failed to stop secondary CPUs 13,15 03241 Kernel Offset: disabled 03241 CPU features: 0x00,00000003,80000008,4240500b 03241 Memory Limit: none 03241 ---[ end Kernel panic - not syncing: Oops - BUG: Fatal exception ]--- 03246 ========= FAILED TIMEOUT copygc_torture_no_checksum in 7200s

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix error pbuf checking Syz reports a problem, which boils down to NULL vs IS_ERR inconsistent error handling in io_alloc_pbuf_ring(). KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:__io_remove_buffers+0xac/0x700 io_uring/kbuf.c:341 Call Trace: <TASK> io_put_bl io_uring/kbuf.c:378 [inline] io_destroy_buffers+0x14e/0x490 io_uring/kbuf.c:392 io_ring_ctx_free+0xa00/0x1070 io_uring/io_uring.c:2613 io_ring_exit_work+0x80f/0x8a0 io_uring/io_uring.c:2844 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

In the Linux kernel, the following vulnerability has been resolved: tpm: Use auth only after NULL check in tpm_buf_check_hmac_response() Dereference auth after NULL check in tpm_buf_check_hmac_response(). Otherwise, unless tpm2_sessions_init() was called, a call can cause NULL dereference, when TCG_TPM2_HMAC is enabled. [jarkko: adjusted the commit message.]

In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting().

In the Linux kernel, the following vulnerability has been resolved: mm: fix crashes from deferred split racing folio migration Even on 6.10-rc6, I've been seeing elusive "Bad page state"s (often on flags when freeing, yet the flags shown are not bad: PG_locked had been set and cleared??), and VM_BUG_ON_PAGE(page_ref_count(page) == 0)s from deferred_split_scan()'s folio_put(), and a variety of other BUG and WARN symptoms implying double free by deferred split and large folio migration. 6.7 commit 9bcef5973e31 ("mm: memcg: fix split queue list crash when large folio migration") was right to fix the memcg-dependent locking broken in 85ce2c517ade ("memcontrol: only transfer the memcg data for migration"), but missed a subtlety of deferred_split_scan(): it moves folios to its own local list to work on them without split_queue_lock, during which time folio->_deferred_list is not empty, but even the "right" lock does nothing to secure the folio and the list it is on. Fortunately, deferred_split_scan() is careful to use folio_try_get(): so folio_migrate_mapping() can avoid the race by folio_undo_large_rmappable() while the old folio's reference count is temporarily frozen to 0 - adding such a freeze in the !mapping case too (originally, folio lock and unmapping and no swap cache left an anon folio unreachable, so no freezing was needed there: but the deferred split queue offers a way to reach it).

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() crst_table_free() used to work with NULL pointers before the conversion to ptdescs.

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero.

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed. The check that the length of a block payload does not exceed the number of remaining bytes in the firwmware file buffer was being done near the end of the loop iteration.

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Return error if block header overflows file Return an error from cs_dsp_power_up() if a block header is longer than the amount of data left in the file. The previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop while there was enough data left in the file for a valid region.

In the Linux kernel, the following vulnerability has been resolved: bpf: Fail bpf_timer_cancel when callback is being cancelled Given a schedule: timer1 cb timer2 cb bpf_timer_cancel(timer2); bpf_timer_cancel(timer1); Both bpf_timer_cancel calls would wait for the other callback to finish executing, introducing a lockup. Add an atomic_t count named 'cancelling' in bpf_hrtimer.

In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warning in #DB handler due to BHI mitigation When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set then entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the clear_bhb_loop() before the TF flag is cleared.

In the Linux kernel, the following vulnerability has been resolved: mm/shmem: disable PMD-sized page cache if needed For shmem files, it's possible that PMD-sized page cache can't be supported by xarray.

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZE blk_queue_max_segment_size() ensured: if (max_size < PAGE_SIZE) max_size = PAGE_SIZE; whereas: blk_validate_limits() makes it an error: if (WARN_ON_ONCE(lim->max_segment_size < PAGE_SIZE)) return -EINVAL; The change from one to the other, exposed sdhci which was setting maximum segment size too low in some circumstances. Fix the maximum segment size when it is too low.

In the Linux kernel, the following vulnerability has been resolved: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray Patch series "mm/filemap: Limit page cache size to that supported by xarray", v2. Currently, xarray can't support arbitrary page cache size.

In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 since support for multiple read URBs was added back in 2011.

In the Linux kernel, the following vulnerability has been resolved: Revert "sched/fair: Make sure to try to detach at least one movable task" This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06. b0defa7ae03ec changed the load balancing logic to ignore env.max_loop if all tasks examined to that point were pinned.

In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket When using a BPF program on kernel_connect(), the call can return -EPERM.

In the Linux kernel, the following vulnerability has been resolved: wireguard: allowedips: avoid unaligned 64-bit memory accesses On the parisc platform, the kernel issues kernel warnings because swap_endian() tries to load a 128-bit IPv6 address from an unaligned memory location: Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df) Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc) Avoid such unaligned memory accesses by instead using the get_unaligned_be64() helper macro. [Jason: replace src[8] in original patch with src+8]

In the Linux kernel, the following vulnerability has been resolved: tty: serial: ma35d1: Add a NULL check for of_node The pdev->dev.of_node can be NULL if the "serial" node is absent. Add a NULL check to return an error in such cases.

In the Linux kernel, the following vulnerability has been resolved: cachefiles: add missing lock protection when polling Add missing lock protection in poll routine when iterating xarray, otherwise: Even with RCU read lock held, only the slot of the radix tree is ensured to be pinned there, while the data structure (e.g.

Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability.

Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.

Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.

Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch.

Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.

Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds read in applying own binary with textbox in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information.

PDFio is a simple C library for reading and writing PDF files.

K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows local users to cause a denial of service (BSOD) because of a NULL pointer dereference.

oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability.

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2.

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices.

The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping.

HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability.

Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane.

The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

A vulnerability has been found in PMWeb 7.2.00 and classified as problematic.

Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login.

A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.

An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details.

An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details.

An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details.

An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details.

An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view administrator dashboard.

An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry.

An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new subject entry.

An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details.

An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811.

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol.

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol.

An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.

HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails.

In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights.

A vulnerability was found in juzaweb CMS up to 3.4.2.

Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName().

A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field.

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.

mailcow: dockerized is an open source groupware/email suite based on docker.

The Chatbot for WordPress by Collect.chat ?? WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

In the Linux kernel, the following vulnerability has been resolved: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ensure that `i2c_lock' is held when setting interrupt latch and mask in pca953x_irq_bus_sync_unlock() in order to avoid races. The other (non-probe) call site pca953x_gpio_set_multiple() ensures the lock is held before calling pca953x_write_regs(). The problem occurred when a request raced against irq_bus_sync_unlock() approximately once per thousand reboots on an i.MX8MP based system. * Normal case 0-0022: write register AI|3a {03,02,00,00,01} Input latch P0 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0 0-0022: write register AI|08 {ff,00,00,00,00} Output P3 0-0022: write register AI|12 {fc,00,00,00,00} Config P3 * Race case 0-0022: write register AI|08 {ff,00,00,00,00} Output P3 0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register *** 0-0022: write register AI|12 {fc,00,00,00,00} Config P3 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0

1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms.

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x.

Incorrect User Management vulnerability in Naukowa i Akademicka Siec Komputerowa - Panstwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.

In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts.

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file.

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file.

The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure.

In the Linux kernel, the following vulnerability has been resolved: filemap: replace pte_offset_map() with pte_offset_map_nolock() The vmf->ptl in filemap_fault_recheck_pte_none() is still set from handle_pte_fault().

In the Linux kernel, the following vulnerability has been resolved: spi: don't unoptimize message in spi_async() Calling spi_maybe_unoptimize_message() in spi_async() is wrong because the message is likely to be in the queue and not transferred yet.

Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application.

Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.

Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.

Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.

Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.

Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.

oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability.

oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability.

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability.

The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensitive information in the system log.

Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.