| Vulnerability ID | Description |
|---|---|
| ghsa-xm9j-x4hp-v2x3 (github) | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/kms/nv50-: fix file release memory leak When using single_open() for opening, single_release() should be called, otherwise the 'op' allocated in single_open() will be leaked. |
| ghsa-xj33-wwm4-p8mw (github) | In the Linux kernel, the following vulnerability has been resolved: bpf, s390: Fix potential memory leak about jit_data Make sure to free jit_data through kfree() in the error path. |
| ghsa-xchp-7x95-36g7 (github) | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle SRCU initialization failure during page track init Check the return of init_srcu_struct(), which can fail due to OOM, when initializing the page track mechanism. Lack of checking leads to a NULL pointer deref found by a modified syzkaller. [Move the call towards the beginning of kvm_arch_init_vm. - Paolo] |
| ghsa-x858-gx5h-mfp9 (github) | In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: fix resource leak in reconfiguration device addition acpi_i2c_find_adapter_by_handle() calls bus_find_device() which takes a reference on the adapter which is never released which will result in a reference count leak and render the adapter unremovable. Make sure to put the adapter after creating the client in the same manner that we do for OF. [wsa: fixed title] |
| ghsa-whrp-vxvh-9rj2 (github) | In the Linux kernel, the following vulnerability has been resolved: riscv: Flush current cpu icache before other cpus On SiFive Unmatched, I recently fell onto the following BUG when booting: [ 0.000000] ftrace: allocating 36610 entries in 144 pages [ 0.000000] Oops - illegal instruction [#1] [ 0.000000] Modules linked in: [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.13.1+ #5 [ 0.000000] Hardware name: SiFive HiFive Unmatched A00 (DT) [ 0.000000] epc : riscv_cpuid_to_hartid_mask+0x6/0xae [ 0.000000] ra : __sbi_rfence_v02+0xc8/0x10a [ 0.000000] epc : ffffffff80007240 ra : ffffffff80009964 sp : ffffffff81803e10 [ 0.000000] gp : ffffffff81a1ea70 tp : ffffffff8180f500 t0 : ffffffe07fe30000 [ 0.000000] t1 : 0000000000000004 t2 : 0000000000000000 s0 : ffffffff81803e60 [ 0.000000] s1 : 0000000000000000 a0 : ffffffff81a22238 a1 : ffffffff81803e10 [ 0.000000] a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000 [ 0.000000] a5 : 0000000000000000 a6 : ffffffff8000989c a7 : 0000000052464e43 [ 0.000000] s2 : ffffffff81a220c8 s3 : 0000000000000000 s4 : 0000000000000000 [ 0.000000] s5 : 0000000000000000 s6 : 0000000200000100 s7 : 0000000000000001 [ 0.000000] s8 : ffffffe07fe04040 s9 : ffffffff81a22c80 s10: 0000000000001000 [ 0.000000] s11: 0000000000000004 t3 : 0000000000000001 t4 : 0000000000000008 [ 0.000000] t5 : ffffffcf04000808 t6 : ffffffe3ffddf188 [ 0.000000] status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000002 [ 0.000000] [<ffffffff80007240>] riscv_cpuid_to_hartid_mask+0x6/0xae [ 0.000000] [<ffffffff80009474>] sbi_remote_fence_i+0x1e/0x26 [ 0.000000] [<ffffffff8000b8f4>] flush_icache_all+0x12/0x1a [ 0.000000] [<ffffffff8000666c>] patch_text_nosync+0x26/0x32 [ 0.000000] [<ffffffff8000884e>] ftrace_init_nop+0x52/0x8c [ 0.000000] [<ffffffff800f051e>] ftrace_process_locs.isra.0+0x29c/0x360 [ 0.000000] [<ffffffff80a0e3c6>] ftrace_init+0x80/0x130 [ 0.000000] [<ffffffff80a00f8c>] start_kernel+0x5c4/0x8f6 [ 0.000000] ---[ end trace f67eb9af4d8d492b ]--- [ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task! [ 0.000000] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]--- While ftrace is looping over a list of addresses to patch, it always failed when patching the same function: riscv_cpuid_to_hartid_mask. Looking at the backtrace, the illegal instruction is encountered in this same function. However, patch_text_nosync, after patching the instructions, calls flush_icache_range. But looking at what happens in this function: flush_icache_range -> flush_icache_all -> sbi_remote_fence_i -> __sbi_rfence_v02 -> riscv_cpuid_to_hartid_mask The icache and dcache of the current cpu are never synchronized between the patching of riscv_cpuid_to_hartid_mask and calling this same function. So fix this by flushing the current cpu's icache before asking for the other cpus to do the same. |
| ghsa-w883-jj58-rv96 (github) | In the Linux kernel, the following vulnerability has been resolved: HID: betop: fix slab-out-of-bounds Write in betop_probe Syzbot reported slab-out-of-bounds Write bug in hid-betopff driver. The problem is the driver assumes the device must have an input report but some malicious devices violate this assumption. So this patch checks hid_device's input is non empty before it's been used. |
| ghsa-v8p3-mfrc-9v8j (github) | In the Linux kernel, the following vulnerability has been resolved: sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb We should always check if skb_header_pointer's return is NULL before using it, otherwise it may cause null-ptr-deref, as syzbot reported: KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:sctp_rcv_ootb net/sctp/input.c:705 [inline] RIP: 0010:sctp_rcv+0x1d84/0x3220 net/sctp/input.c:196 Call Trace: <IRQ> sctp6_rcv+0x38/0x60 net/sctp/ipv6.c:1109 ip6_protocol_deliver_rcu+0x2e9/0x1ca0 net/ipv6/ip6_input.c:422 ip6_input_finish+0x62/0x170 net/ipv6/ip6_input.c:463 NF_HOOK include/linux/netfilter.h:307 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:472 dst_input include/net/dst.h:460 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ipv6_rcv+0x28c/0x3c0 net/ipv6/ip6_input.c:297 |
| ghsa-rxcf-2w24-j9pq (github) | In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix iscsi_task use after free Commit d39df158518c ("scsi: iscsi: Have abort handler get ref to conn") added iscsi_get_conn()/iscsi_put_conn() calls during abort handling but then also changed the handling of the case where we detect an already completed task where we now end up doing a goto to the common put/cleanup code. This results in a iscsi_task use after free, because the common cleanup code will do a put on the iscsi_task. This reverts the goto and moves the iscsi_get_conn() to after we've checked if the iscsi_task is valid. |
| ghsa-qj4q-cgq8-w2m4 (github) | In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle When passing 'phys' in the devicetree to describe the USB PHY phandle (which is the recommended way according to Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt) the following NULL pointer dereference is observed on i.MX7 and i.MX8MM: [ 1.489344] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098 [ 1.498170] Mem abort info: [ 1.500966] ESR = 0x96000044 [ 1.504030] EC = 0x25: DABT (current EL), IL = 32 bits [ 1.509356] SET = 0, FnV = 0 [ 1.512416] EA = 0, S1PTW = 0 [ 1.515569] FSC = 0x04: level 0 translation fault [ 1.520458] Data abort info: [ 1.523349] ISV = 0, ISS = 0x00000044 [ 1.527196] CM = 0, WnR = 1 [ 1.530176] [0000000000000098] user address but active_mm is swapper [ 1.536544] Internal error: Oops: 96000044 [#1] PREEMPT SMP [ 1.542125] Modules linked in: [ 1.545190] CPU: 3 PID: 7 Comm: kworker/u8:0 Not tainted 5.14.0-dirty #3 [ 1.551901] Hardware name: Kontron i.MX8MM N801X S (DT) [ 1.557133] Workqueue: events_unbound deferred_probe_work_func [ 1.562984] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--) [ 1.568998] pc : imx7d_charger_detection+0x3f0/0x510 [ 1.573973] lr : imx7d_charger_detection+0x22c/0x510 This happens because the charger functions check for the phy presence inside the imx_usbmisc_data structure (data->usb_phy), but the chipidea core populates the usb_phy passed via 'phys' inside 'struct ci_hdrc' (ci->usb_phy) instead. This causes the NULL pointer dereference inside imx7d_charger_detection(). Fix it by also searching for 'phys' in case 'fsl,usbphy' is not found. Tested on a imx7s-warp board. |
| ghsa-pxqq-3ph7-mw6w (github) | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume In current code, when a PCI error state pci_channel_io_normal is detectd, it will report PCI_ERS_RESULT_CAN_RECOVER status to PCI driver, and PCI driver will continue the execution of PCI resume callback report_resume by pci_walk_bridge, and the callback will go into amdgpu_pci_resume finally, where write lock is releasd unconditionally without acquiring such lock first. In this case, a deadlock will happen when other threads start to acquire the read lock. To fix this, add a member in amdgpu_device strucutre to cache pci_channel_state, and only continue the execution in amdgpu_pci_resume when it's pci_channel_io_frozen. |
| ghsa-mgmg-f25r-3gfh (github) | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gart.bo pin_count leak gmc_v{9,10}_0_gart_disable() isn't called matched with correspoding gart_enbale function in SRIOV case. This will lead to gart.bo pin_count leak on driver unload. |
| ghsa-jqwg-pjjq-gqv5 (github) | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/debugfs: fix file release memory leak When using single_open() for opening, single_release() should be called, otherwise the 'op' allocated in single_open() will be leaked. |
| ghsa-jmm7-6r74-7f4p (github) | In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix module reference leak A reference to the carrier module was taken on every open but was only released once when the final reference to the tty struct was dropped. Fix this by taking the module reference and initialising the tty driver data when installing the tty. |
| ghsa-j8cp-h624-v86v (github) | In the Linux kernel, the following vulnerability has been resolved: phy: mdio: fix memory leak Syzbot reported memory leak in MDIO bus interface, the problem was in wrong state logic. MDIOBUS_ALLOCATED indicates 2 states: 1. Bus is only allocated 2. Bus allocated and __mdiobus_register() fails, but device_register() was called In case of device_register() has been called we should call put_device() to correctly free the memory allocated for this device, but mdiobus_free() calls just kfree(dev) in case of MDIOBUS_ALLOCATED state To avoid this behaviour we need to set bus->state to MDIOBUS_UNREGISTERED _before_ calling device_register(), because put_device() should be called even in case of device_register() failure. |
| ghsa-j2r5-7q65-9hjq (github) | A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. |
| ghsa-hf7w-m8fc-q8fp (github) | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix freeing of uninitialized misc IRQ vector When VSI set up failed in i40e_probe() as part of PF switch set up driver was trying to free misc IRQ vectors in i40e_clear_interrupt_scheme and produced a kernel Oops: Trying to free already-free IRQ 266 WARNING: CPU: 0 PID: 5 at kernel/irq/manage.c:1731 __free_irq+0x9a/0x300 Workqueue: events work_for_cpu_fn RIP: 0010:__free_irq+0x9a/0x300 Call Trace: ? synchronize_irq+0x3a/0xa0 free_irq+0x2e/0x60 i40e_clear_interrupt_scheme+0x53/0x190 [i40e] i40e_probe.part.108+0x134b/0x1a40 [i40e] ? kmem_cache_alloc+0x158/0x1c0 ? acpi_ut_update_ref_count.part.1+0x8e/0x345 ? acpi_ut_update_object_reference+0x15e/0x1e2 ? strstr+0x21/0x70 ? irq_get_irq_data+0xa/0x20 ? mp_check_pin_attr+0x13/0xc0 ? irq_get_irq_data+0xa/0x20 ? mp_map_pin_to_irq+0xd3/0x2f0 ? acpi_register_gsi_ioapic+0x93/0x170 ? pci_conf1_read+0xa4/0x100 ? pci_bus_read_config_word+0x49/0x70 ? do_pci_enable_device+0xcc/0x100 local_pci_probe+0x41/0x90 work_for_cpu_fn+0x16/0x20 process_one_work+0x1a7/0x360 worker_thread+0x1cf/0x390 ? create_worker+0x1a0/0x1a0 kthread+0x112/0x130 ? kthread_flush_work_fn+0x10/0x10 ret_from_fork+0x1f/0x40 The problem is that at that point misc IRQ vectors were not allocated yet and we get a call trace that driver is trying to free already free IRQ vectors. Add a check in i40e_clear_interrupt_scheme for __I40E_MISC_IRQ_REQUESTED PF state before calling i40e_free_misc_vector. This state is set only if misc IRQ vectors were properly initialized. |
| ghsa-h9p9-4f35-pxjm (github) | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_taprio: properly cancel timer from taprio_destroy() There is a comment in qdisc_create() about us not calling ops->reset() in some cases. err_out4: /* * Any broken qdiscs that would require a ops->reset() here? * The qdisc was never in action so it shouldn't be necessary. */ As taprio sets a timer before actually receiving a packet, we need to cancel it from ops->destroy, just in case ops->reset has not been called. syzbot reported: ODEBUG: free active (active state 0) object type: hrtimer hint: advance_sched+0x0/0x9a0 arch/x86/include/asm/atomic64_64.h:22 WARNING: CPU: 0 PID: 8441 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250 lib/debugobjects.c:505 Modules linked in: CPU: 0 PID: 8441 Comm: syz-executor813 Not tainted 5.14.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:505 Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd e0 d3 e3 89 4c 89 ee 48 c7 c7 e0 c7 e3 89 e8 5b 86 11 05 <0f> 0b 83 05 85 03 92 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3 RSP: 0018:ffffc9000130f330 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 RDX: ffff88802baeb880 RSI: ffffffff815d87b5 RDI: fffff52000261e58 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff815d25ee R11: 0000000000000000 R12: ffffffff898dd020 R13: ffffffff89e3ce20 R14: ffffffff81653630 R15: dffffc0000000000 FS: 0000000000f0d300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffb64b3e000 CR3: 0000000036557000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __debug_check_no_obj_freed lib/debugobjects.c:987 [inline] debug_check_no_obj_freed+0x301/0x420 lib/debugobjects.c:1018 slab_free_hook mm/slub.c:1603 [inline] slab_free_freelist_hook+0x171/0x240 mm/slub.c:1653 slab_free mm/slub.c:3213 [inline] kfree+0xe4/0x540 mm/slub.c:4267 qdisc_create+0xbcf/0x1320 net/sched/sch_api.c:1299 tc_modify_qdisc+0x4c8/0x1a60 net/sched/sch_api.c:1663 rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5571 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340 netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1929 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2403 ___sys_sendmsg+0xf3/0x170 net/socket.c:2457 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2486 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 |
| ghsa-gx2j-3fvm-rqj3 (github) | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix a potential ttm->sg memory leak Memory is allocated for ttm->sg by kmalloc in kfd_mem_dmamap_userptr, but isn't freed by kfree in kfd_mem_dmaunmap_userptr. Free it! |
| ghsa-g8c8-mwvp-jcrr (github) | In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix unrecoverable MCE calling async handler from NMI The machine check handler is not considered NMI on 64s. The early handler is the true NMI handler, and then it schedules the machine_check_exception handler to run when interrupts are enabled. This works fine except the case of an unrecoverable MCE, where the true NMI is taken when MSR[RI] is clear, it can not recover, so it calls machine_check_exception directly so something might be done about it. Calling an async handler from NMI context can result in irq state and other things getting corrupted. This can also trigger the BUG at arch/powerpc/include/asm/interrupt.h:168 BUG_ON(!arch_irq_disabled_regs(regs) && !(regs->msr & MSR_EE)); Fix this by making an _async version of the handler which is called in the normal case, and a NMI version that is called for unrecoverable interrupts. |
| ghsa-f7qf-xjhc-mhcj (github) | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix svm_migrate_fini warning Device manager releases device-specific resources when a driver disconnects from a device, devm_memunmap_pages and devm_release_mem_region calls in svm_migrate_fini are redundant. It causes below warning trace after patch "drm/amdgpu: Split amdgpu_device_fini into early and late", so remove function svm_migrate_fini. BUG: https://gitlab.freedesktop.org/drm/amd/-/issues/1718 WARNING: CPU: 1 PID: 3646 at drivers/base/devres.c:795 devm_release_action+0x51/0x60 Call Trace: ? memunmap_pages+0x360/0x360 svm_migrate_fini+0x2d/0x60 [amdgpu] kgd2kfd_device_exit+0x23/0xa0 [amdgpu] amdgpu_amdkfd_device_fini_sw+0x1d/0x30 [amdgpu] amdgpu_device_fini_sw+0x45/0x290 [amdgpu] amdgpu_driver_release_kms+0x12/0x30 [amdgpu] drm_dev_release+0x20/0x40 [drm] release_nodes+0x196/0x1e0 device_release_driver_internal+0x104/0x1d0 driver_detach+0x47/0x90 bus_remove_driver+0x7a/0xd0 pci_unregister_driver+0x3d/0x90 amdgpu_exit+0x11/0x20 [amdgpu] |
| ghsa-cwgg-8744-62hw (github) | In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: free raw_report buffers in usbhid_stop Free the unsent raw_report buffers when the device is removed. Fixes a memory leak reported by syzbot at: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47 |
| ghsa-c989-6j3h-w4c3 (github) | ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types. |
| ghsa-c227-q7j7-xf88 (github) | In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix stack information leak The tty driver name is used also after registering the driver and must specifically not be allocated on the stack to avoid leaking information to user space (or triggering an oops). Drivers should not try to encode topology information in the tty device name but this one snuck in through staging without anyone noticing and another driver has since copied this malpractice. Fixing the ABI is a separate issue, but this at least plugs the security hole. |
| ghsa-95jj-pjw6-q9fr (github) | In the Linux kernel, the following vulnerability has been resolved: ext4: add error checking to ext4_ext_replay_set_iblocks() If the call to ext4_map_blocks() fails due to an corrupted file system, ext4_ext_replay_set_iblocks() can get stuck in an infinite loop. This could be reproduced by running generic/526 with a file system that has inline_data and fast_commit enabled. The system will repeatedly log to the console: EXT4-fs warning (device dm-3): ext4_block_to_path:105: block 1074800922 > max in inode 131076 and the stack that it gets stuck in is: ext4_block_to_path+0xe3/0x130 ext4_ind_map_blocks+0x93/0x690 ext4_map_blocks+0x100/0x660 skip_hole+0x47/0x70 ext4_ext_replay_set_iblocks+0x223/0x440 ext4_fc_replay_inode+0x29e/0x3b0 ext4_fc_replay+0x278/0x550 do_one_pass+0x646/0xc10 jbd2_journal_recover+0x14a/0x270 jbd2_journal_load+0xc4/0x150 ext4_load_journal+0x1f3/0x490 ext4_fill_super+0x22d4/0x2c00 With this patch, generic/526 still fails, but system is no longer locking up in a tight loop. It's likely the root casue is that fast_commit replay is corrupting file systems with inline_data, and we probably need to add better error handling in the fast commit replay code path beyond what is done here, which essentially just breaks the infinite loop without reporting the to the higher levels of the code. |
| ghsa-8p4f-x4p9-vv9j (github) | In the Linux kernel, the following vulnerability has been resolved: net_sched: fix NULL deref in fifo_set_limit() syzbot reported another NULL deref in fifo_set_limit() [1] I could repro the issue with : unshare -n tc qd add dev lo root handle 1:0 tbf limit 200000 burst 70000 rate 100Mbit tc qd replace dev lo parent 1:0 pfifo_fast tc qd change dev lo root handle 1:0 tbf limit 300000 burst 70000 rate 100Mbit pfifo_fast does not have a change() operation. Make fifo_set_limit() more robust about this. [1] BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 1cf99067 P4D 1cf99067 PUD 7ca49067 PMD 0 Oops: 0010 [#1] PREEMPT SMP KASAN CPU: 1 PID: 14443 Comm: syz-executor959 Not tainted 5.15.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:0x0 Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. RSP: 0018:ffffc9000e2f7310 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffffffff8d6ecc00 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff888024c27910 RDI: ffff888071e34000 RBP: ffff888071e34000 R08: 0000000000000001 R09: ffffffff8fcfb947 R10: 0000000000000001 R11: 0000000000000000 R12: ffff888024c27910 R13: ffff888071e34018 R14: 0000000000000000 R15: ffff88801ef74800 FS: 00007f321d897700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 00000000722c3000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: fifo_set_limit net/sched/sch_fifo.c:242 [inline] fifo_set_limit+0x198/0x210 net/sched/sch_fifo.c:227 tbf_change+0x6ec/0x16d0 net/sched/sch_tbf.c:418 qdisc_change net/sched/sch_api.c:1332 [inline] tc_modify_qdisc+0xd9a/0x1a60 net/sched/sch_api.c:1634 rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5572 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340 netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1929 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae |
| ghsa-7wxc-v995-9mmf (github) | In the Linux kernel, the following vulnerability has been resolved: x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n Commit 3c73b81a9164 ("x86/entry, selftests: Further improve user entry sanity checks") added a warning if AC is set when in the kernel. Commit 662a0221893a3d ("x86/entry: Fix AC assertion") changed the warning to only fire if the CPU supports SMAP. However, the warning can still trigger on a machine that supports SMAP but where it's disabled in the kernel config and when running the syscall_nt selftest, for example: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 49 at irqentry_enter_from_user_mode CPU: 0 PID: 49 Comm: init Tainted: G T 5.15.0-rc4+ #98 e6202628ee053b4f310759978284bd8bb0ce6905 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 RIP: 0010:irqentry_enter_from_user_mode ... Call Trace: ? irqentry_enter ? exc_general_protection ? asm_exc_general_protection ? asm_exc_general_protectio IS_ENABLED(CONFIG_X86_SMAP) could be added to the warning condition, but even this would not be enough in case SMAP is disabled at boot time with the "nosmap" parameter. To be consistent with "nosmap" behaviour, clear X86_FEATURE_SMAP when !CONFIG_X86_SMAP. Found using entry-fuzz + satrandconfig. [ bp: Massage commit message. ] |
| ghsa-7qhc-3php-2c6m (github) | In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: Fix possible NULL dereference In __iwl_mvm_remove_time_event() check that 'te_data->vif' is NULL before dereferencing it. |
| ghsa-7457-jp56-wxrq (github) | In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the __GEN_COMMON_BODY macro for the normal path after it had finished, rather than jumping over it. By a small miracle this is the correct place to build up a new interrupt frame with the existing stack pointer, so things basically worked okay with an added weird looking 700 trap frame on top (which had the wrong ->nip so it didn't decode bug messages either). Fix this by avoiding using numeric labels when jumping over non-trivial macros. Before: LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: CPU: 0 PID: 88 Comm: sh Not tainted 5.15.0-rc2-00034-ge057cdade6e5 #2637 NIP: 7265677368657265 LR: c00000000006c0c8 CTR: c0000000000097f0 REGS: c0000000fffb3a50 TRAP: 0700 Not tainted MSR: 9000000000021031 <SF,HV,ME,IR,DR,LE> CR: 00000700 XER: 20040000 CFAR: c0000000000098b0 IRQMASK: 0 GPR00: c00000000006c964 c0000000fffb3cf0 c000000001513800 0000000000000000 GPR04: 0000000048ab0778 0000000042000000 0000000000000000 0000000000001299 GPR08: 000001e447c718ec 0000000022424282 0000000000002710 c00000000006bee8 GPR12: 9000000000009033 c0000000016b0000 00000000000000b0 0000000000000001 GPR16: 0000000000000000 0000000000000002 0000000000000000 0000000000000ff8 GPR20: 0000000000001fff 0000000000000007 0000000000000080 00007fff89d90158 GPR24: 0000000002000000 0000000002000000 0000000000000255 0000000000000300 GPR28: c000000001270000 0000000042000000 0000000048ab0778 c000000080647e80 NIP [7265677368657265] 0x7265677368657265 LR [c00000000006c0c8] ___do_page_fault+0x3f8/0xb10 Call Trace: [c0000000fffb3cf0] [c00000000000bdac] soft_nmi_common+0x13c/0x1d0 (unreliable) --- interrupt: 700 at decrementer_common_virt+0xb8/0x230 NIP: c0000000000098b8 LR: c00000000006c0c8 CTR: c0000000000097f0 REGS: c0000000fffb3d60 TRAP: 0700 Not tainted MSR: 9000000000021031 <SF,HV,ME,IR,DR,LE> CR: 22424282 XER: 20040000 CFAR: c0000000000098b0 IRQMASK: 0 GPR00: c00000000006c964 0000000000002400 c000000001513800 0000000000000000 GPR04: 0000000048ab0778 0000000042000000 0000000000000000 0000000000001299 GPR08: 000001e447c718ec 0000000022424282 0000000000002710 c00000000006bee8 GPR12: 9000000000009033 c0000000016b0000 00000000000000b0 0000000000000001 GPR16: 0000000000000000 0000000000000002 0000000000000000 0000000000000ff8 GPR20: 0000000000001fff 0000000000000007 0000000000000080 00007fff89d90158 GPR24: 0000000002000000 0000000002000000 0000000000000255 0000000000000300 GPR28: c000000001270000 0000000042000000 0000000048ab0778 c000000080647e80 NIP [c0000000000098b8] decrementer_common_virt+0xb8/0x230 LR [c00000000006c0c8] ___do_page_fault+0x3f8/0xb10 --- interrupt: 700 Instruction dump: XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX ---[ end trace 6d28218e0cc3c949 ]--- After: ------------[ cut here ]------------ kernel BUG at arch/powerpc/kernel/exceptions-64s.S:491! Oops: Exception in kernel mode, sig: 5 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: CPU: 0 PID: 88 Comm: login Not tainted 5.15.0-rc2-00034-ge057cdade6e5-dirty #2638 NIP: c0000000000098b8 LR: c00000000006bf04 CTR: c0000000000097f0 REGS: c0000000fffb3d60 TRAP: 0700 Not tainted MSR: 9000000000021031 <SF,HV,ME,IR,DR,LE> CR: 24482227 XER: 00040000 CFAR: c0000000000098b0 IRQMASK: 0 GPR00: c00000000006bf04 0000000000002400 c000000001513800 c000000001271868 GPR04: 00000000100f0d29 0000000042000000 0000000000000007 0000000000000009 GPR08: 00000000100f0d29 0000000024482227 0000000000002710 c000000000181b3c GPR12: 9000000000009033 c0000000016b0000 00000000100f0d29 c000000005b22f00 GPR16: 00000000ffff0000 0000000000000001 0000000000000009 00000000100eed90 GPR20: 00000000100eed90 00000 ---truncated--- |
| ghsa-6g88-wmq7-m8g5 (github) | In the Linux kernel, the following vulnerability has been resolved: block: don't call rq_qos_ops->done_bio if the bio isn't tracked rq_qos framework is only applied on request based driver, so: 1) rq_qos_done_bio() needn't to be called for bio based driver 2) rq_qos_done_bio() needn't to be called for bio which isn't tracked, such as bios ended from error handling code. Especially in bio_endio(): 1) request queue is referred via bio->bi_bdev->bd_disk->queue, which may be gone since request queue refcount may not be held in above two cases 2) q->rq_qos may be freed in blk_cleanup_queue() when calling into __rq_qos_done_bio() Fix the potential kernel panic by not calling rq_qos_ops->done_bio if the bio isn't tracked. This way is safe because both ioc_rqos_done_bio() and blkcg_iolatency_done_bio() are nop if the bio isn't tracked. |
| ghsa-5g7f-2wxq-wj73 (github) | A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. |
| Vulnerability ID | CVSS Base Score | Description | Vendor | Product | Publish Date | Last Update Date |
|---|---|---|---|---|---|---|
| cve-2023-52747 (NVD) | N/A | IB/hfi1: Restore allocated resources on failed copyout | Linux Linux | Linux Linux | 2024-05-21T15:23:07.916Z | 2024-05-21T15:23:07.916Z |
| cve-2023-52746 (NVD) | N/A | xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() | Linux Linux | Linux Linux | 2024-05-21T15:23:07.255Z | 2024-05-21T15:23:07.255Z |
| cve-2023-52745 (NVD) | N/A | IB/IPoIB: Fix legacy IPoIB due to wrong number of queues | Linux Linux | Linux Linux | 2024-05-21T15:23:06.595Z | 2024-05-21T15:23:06.595Z |
| cve-2023-52744 (NVD) | N/A | RDMA/irdma: Fix potential NULL-ptr-dereference | Linux Linux | Linux Linux | 2024-05-21T15:23:05.937Z | 2024-05-21T15:23:05.937Z |
| cve-2023-52743 (NVD) | N/A | ice: Do not use WQ_MEM_RECLAIM flag for workqueue | Linux Linux | Linux Linux | 2024-05-21T15:23:05.179Z | 2024-05-21T15:23:05.179Z |
| cve-2023-52742 (NVD) | N/A | net: USB: Fix wrong-direction WARNING in plusb.c | Linux Linux | Linux Linux | 2024-05-21T15:23:04.513Z | 2024-05-21T15:23:04.513Z |
| cve-2023-52741 (NVD) | N/A | cifs: Fix use-after-free in rdata->read_into_pages() | Linux Linux | Linux Linux | 2024-05-21T15:23:03.867Z | 2024-05-21T15:23:03.867Z |
| cve-2023-52740 (NVD) | N/A | powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch | Linux Linux | Linux Linux | 2024-05-21T15:23:03.201Z | 2024-05-21T15:23:03.201Z |
| cve-2023-52739 (NVD) | N/A | Fix page corruption caused by racy check in __free_pages | Linux Linux | Linux Linux | 2024-05-21T15:23:02.545Z | 2024-05-21T15:23:02.545Z |
| cve-2023-52738 (NVD) | N/A | drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini | Linux Linux | Linux Linux | 2024-05-21T15:23:01.903Z | 2024-05-21T15:23:01.903Z |
| cve-2023-52737 (NVD) | N/A | btrfs: lock the inode in shared mode before starting fiemap | Linux Linux | Linux Linux | 2024-05-21T15:23:01.202Z | 2024-05-21T15:23:01.202Z |
| cve-2023-52736 (NVD) | N/A | ALSA: hda: Do not unset preset when cleaning up codec | Linux Linux | Linux Linux | 2024-05-21T15:23:00.572Z | 2024-05-21T15:23:00.572Z |
| cve-2023-52735 (NVD) | N/A | bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself | Linux Linux | Linux Linux | 2024-05-21T15:22:59.893Z | 2024-05-21T15:22:59.893Z |
| cve-2023-52734 (NVD) | N/A | net: sched: sch: Bounds check priority | Linux Linux | Linux Linux | 2024-05-21T15:22:59.252Z | 2024-05-21T15:22:59.252Z |
| cve-2023-52733 (NVD) | N/A | s390/decompressor: specify __decompress() buf len to avoid overflow | Linux Linux | Linux Linux | 2024-05-21T15:22:58.605Z | 2024-05-21T15:22:58.605Z |
| cve-2023-52732 (NVD) | N/A | ceph: blocklist the kclient when receiving corrupted snap trace | Linux Linux | Linux Linux | 2024-05-21T15:22:57.926Z | 2024-05-21T15:22:57.926Z |
| cve-2023-52731 (NVD) | N/A | fbdev: Fix invalid page access after closing deferred I/O devices | Linux Linux | Linux Linux | 2024-05-21T15:22:57.282Z | 2024-05-21T15:22:57.282Z |
| cve-2023-52730 (NVD) | N/A | mmc: sdio: fix possible resource leaks in some error paths | Linux Linux | Linux Linux | 2024-05-21T15:22:56.633Z | 2024-05-21T15:22:56.633Z |
| cve-2023-52708 (NVD) | N/A | mmc: mmc_spi: fix error handling in mmc_spi_probe() | Linux Linux | Linux Linux | 2024-05-21T15:22:55.975Z | 2024-05-21T15:22:55.975Z |
| cve-2023-52707 (NVD) | N/A | sched/psi: Fix use-after-free in ep_remove_wait_queue() | Linux Linux | Linux Linux | 2024-05-21T15:22:55.315Z | 2024-05-21T15:22:55.315Z |
| cve-2023-52706 (NVD) | N/A | gpio: sim: fix a memory leak | Linux Linux | Linux Linux | 2024-05-21T15:22:54.679Z | 2024-05-21T15:22:54.679Z |
| cve-2023-52705 (NVD) | N/A | nilfs2: fix underflow in second superblock position calculations | Linux Linux | Linux Linux | 2024-05-21T15:22:54.015Z | 2024-05-21T15:22:54.015Z |
| cve-2023-52704 (NVD) | N/A | freezer,umh: Fix call_usermode_helper_exec() vs SIGKILL | Linux Linux | Linux Linux | 2024-05-21T15:22:53.343Z | 2024-05-21T15:22:53.343Z |
| cve-2023-52703 (NVD) | N/A | net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path | Linux Linux | Linux Linux | 2024-05-21T15:22:52.687Z | 2024-05-21T15:22:52.687Z |
| cve-2023-52702 (NVD) | N/A | net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() | Linux Linux | Linux Linux | 2024-05-21T15:22:52.017Z | 2024-05-21T15:22:52.017Z |
| cve-2023-52701 (NVD) | N/A | net: use a bounce buffer for copying skb->mark | Linux Linux | Linux Linux | 2024-05-21T15:22:51.354Z | 2024-05-21T15:22:51.354Z |
| cve-2023-52700 (NVD) | N/A | tipc: fix kernel warning when sending SYN message | Linux Linux | Linux Linux | 2024-05-21T15:22:50.702Z | 2024-05-21T15:22:50.702Z |
| cve-2022-48709 (NVD) | N/A | ice: switch: fix potential memleak in ice_add_adv_recipe() | Linux Linux | Linux Linux | 2024-05-21T15:22:50.054Z | 2024-05-21T15:22:50.054Z |
| cve-2022-48708 (NVD) | N/A | pinctrl: single: fix potential NULL dereference | Linux Linux | Linux Linux | 2024-05-21T15:22:49.381Z | 2024-05-21T15:22:49.381Z |
| cve-2022-48707 (NVD) | N/A | cxl/region: Fix null pointer dereference for resetting decoder | Linux Linux | Linux Linux | 2024-05-21T15:22:48.735Z | 2024-05-21T15:22:48.735Z |
| Vulnerability ID | Description |
|---|---|
| pysec-2023-194 | langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method. |
| pysec-2024-51 | A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them. |
| pysec-2023-243 | Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. |
| pysec-2024-50 | Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API. |
| pysec-2023-260 | A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the user without adequate sanitization or escaping, leading to arbitrary JavaScript execution in the context of the victim's browser. The vulnerability is present in the mlflow/server/auth/__init__.py file, where the user-supplied Content-Type header is directly injected into a Python formatted string and returned to the user, facilitating the XSS attack. |
| pysec-2024-49 | Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the "lektor server" command. |
| pysec-2024-48 | Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings. |
| pysec-2024-47 | In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. |
| pysec-2024-46 | Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability |
| pysec-2024-45 | LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.) |
| pysec-2024-44 | In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution. |
| pysec-2024-43 | LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. |
| pysec-2024-42 | Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability |
| pysec-2023-259 | A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability. |
| pysec-2023-258 | A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability. |
| pysec-2023-257 | A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability. |
| pysec-2023-256 | A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability. |
| pysec-2023-255 | Command Injection in GitHub repository gradio-app/gradio prior to main. |
| pysec-2024-41 | diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted. |
| pysec-2024-40 | orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents. |
| pysec-2024-39 | Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability. |
| pysec-2023-254 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6. |
| pysec-2024-38 | FastAPI is a web framework for building APIs with Python 3.8+ based on standard Python type hints. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests. It's a ReDoS(Regular expression Denial of Service), it only applies to those reading form data, using `python-multipart`. This vulnerability has been patched in version 0.109.1. |
| pysec-2024-37 | nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template. |
| pysec-2022-43059 | AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application |
| pysec-2024-36 | An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. |
| pysec-2023-253 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. |
| pysec-2024-35 | Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that's visible to another user who opens that view - not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server. **Note:** This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user. |
| pysec-2024-12 | LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Drop the Students table" within English language input. |
| pysec-2024-34 | The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. The vulnerability can be mitigated by removing the ssh part from the docker file and rebuilding the docker image. Version 4.2.0 patches the vulnerability. |
| Vulnerability ID | Description |
|---|---|
| gsd-2024-33903 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33902 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33901 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33900 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33899 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33898 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33897 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33896 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33895 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33894 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33893 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33892 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33891 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33890 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33889 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33888 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33887 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33886 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33885 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33884 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33883 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4303 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4302 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4301 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4300 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4299 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4298 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4297 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4296 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33882 | The format of the source doesn't require a description, click on the link for more details |
| Vulnerability ID | Description |
|---|---|
| mal-2024-1280 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (a17b660a440d2cb884c99312341fc58bf33cac16bb05ecf3065ab4f40c073c4b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1291 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (6c5e6f0820c8729977d62b9cc34c7461719fd4056fc5e8e9f44426ad3c1f60d7) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1287 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (308d5a6fa5eb0973b0ff8290c321ac60685b686f42543a7a09b16a5fe56a7457) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1295 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (4554cad7be69cbff28d6e2e4d3535b5d7b4158f2efa1c79eaaf705151ec686ff) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1293 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (45e4d71b34d2eb0cd66dc9d19da997d325017d19687f304f39e1138fe0a0f0fa) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1283 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (adbea70f2acb33710c8ecb7e13e55c24980ccd349854aa6c82915d2829359e15) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1286 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (63cea4fbbb1333188e78d11622c9b943608aea6770144dacf6e1184036a646b7) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1285 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (86831222f9b0a818e862c2db4a2e7f56259e7bae31f417c9464d2c19cb67dadb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1284 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (c46cf6695c1ee706d7c20760d479bc271d109c548485e896885c9f7b6d704928) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1296 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (8ed8a707955886dfaa2b55283c703e3acbc8f5db17a426587702b53e53a9c0fb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1290 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (90d2e2f79b4c5000c976cd4c1e99d091bb46b7dbee831bff50b3c69ff36e7dbf) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1281 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (4e6853d07fc7ca8efb0ffc45302b6b677a4b83c2e2de0e773616d9009f9b0ad8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1288 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (6d7bd1b87c4b816789f583c6667d202f613eab5d352c1fcbe90fe1b182a0d13c) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1282 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (6cdabf6ac5434305cb152ee0eaf4d9cbac6f1de324ae91052537dc8fcfa94410) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1294 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (6da5a4c9da80939fd8b4009200d8e59514e1d3a5664d9b7150b27f40250a584d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1289 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (fa5e340610d92b601dc5de1615c159ce6efea84fa66dccd8d99128054d7cf5c8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1292 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (271bfa6075e1282de1c0d5269d79377fe6b16e9d60fa41a2a6a070cb97795905) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1279 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (b3dcc117202e21ae1b180b5f80af9dc0a1c0082aee807792f2aeb5b62c8e647d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1278 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (736ee4fff51c88da50dc79bba67dcb4ee43dd8242b6d75beb08f8ca5f9bc841c) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1277 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (b16145b8b3fe74af3fb0b6c48f0e4f6454bc4b9b0d79f991d6373bc094ad279a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1272 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ossf-package-analysis (48accd040235db7bd6be1bcdc1f268ed9f438c3d3029090ee357139bbe870759) The OpenSSF Package Analysis project identified '@portal-packages/core' @ 15.105.105 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity. - The package executes one or more commands associated with malicious behavior. |
| mal-2024-1274 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ossf-package-analysis (c0d823ab954cd19f85bb933d25f8230386023a6a1fd15430efce0298f6a25aa9) The OpenSSF Package Analysis project identified 'ui-common-components-angular' @ 1.3.1 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity. - The package executes one or more commands associated with malicious behavior. |
| mal-2024-1273 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ossf-package-analysis (c4d7b54aa00bce85364eddf568913642023e355ba669803fa01e20a143e93a47) The OpenSSF Package Analysis project identified 'metrics-balancer' @ 0.2.0 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity. |
| mal-2024-1275 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ossf-package-analysis (543a89535f49dbd2c40707219fba6c80040d752e90ba3347abf1d61e9ea0e477) The OpenSSF Package Analysis project identified '@portal-packages/utils' @ 3.0.99 (npm) as malicious. It is considered malicious because: - The package executes one or more commands associated with malicious behavior. |
| mal-2024-1276 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ossf-package-analysis (65b5439bd3051d2315be6f4ae90f3235c5e41c2d9afa4a3c8f6ff3271c31cb9a) The OpenSSF Package Analysis project identified 'cz-ifood-conventional-changelog' @ 1.0.101 (npm) as malicious. It is considered malicious because: - The package executes one or more commands associated with malicious behavior. |
| mal-2024-1267 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ossf-package-analysis (82ce80367972231229038d234d1114c39f459b1c4bfe4a03392a3cfa35d4454b) The OpenSSF Package Analysis project identified 'commitlint-config-ifood' @ 1.95.102 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity. |
| mal-2024-1271 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (dd6b41d316342a401f8e262adb37d1982a359946c37d5b6dbbf9903eed6c6ea0) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1269 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (05c6cf9e3c0564724471422898f07aea9b5234d6c00d38d95441a3fbe18cd004) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1270 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (cf9eff937bcee16db9ca91202bb07969de9b49b32196de1bb49ade4bcbe83d31) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| mal-2024-1268 | --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (e32870b3e9ee7f6a8468b3fea4e188d906aa415456731059a4eb93984078ab9a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. |
| Vulnerability ID | Description |
|---|---|
| wid-sec-w-2024-1093 | Microsoft Edge: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen |
| wid-sec-w-2024-1092 | IBM Security Guardium: Mehrere Schwachstellen |
| wid-sec-w-2024-1091 | Red Hat OpenShift: Mehrere Schwachstellen |
| wid-sec-w-2024-1090 | IBM App Connect Enterprise: Schwachstelle ermöglicht Cross-Site Scripting |
| wid-sec-w-2024-1089 | vim: Schwachstelle ermöglicht Denial of Service |
| wid-sec-w-2024-1080 | Google Chrome: Schwachstelle ermöglicht nicht spezifizierten Angriff |
| wid-sec-w-2024-1075 | F5 BIG-IP: Mehrere Schwachstellen |
| wid-sec-w-2024-1070 | Google Chrome: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff |
| wid-sec-w-2024-1055 | OpenSSH: Mehrere Schwachstellen |
| wid-sec-w-2024-1031 | Bouncy Castle: Mehrere Schwachstellen |
| wid-sec-w-2024-1011 | Google Chrome / Microsoft Edge: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff |
| wid-sec-w-2024-0997 | Tinyproxy: Mehrere Schwachstellen |
| wid-sec-w-2024-0992 | Tenable Security Nessus Network Monitor: Mehrere Schwachstellen |
| wid-sec-w-2024-0962 | Google Chrome und Microsoft Edge: Mehrere Schwachstellen |
| wid-sec-w-2024-0956 | IBM App Connect Enterprise: Mehrere Schwachstellen |
| wid-sec-w-2024-0939 | ffmpeg: Mehrere Schwachstellen |
| wid-sec-w-2024-0930 | Red Hat Enterprise Linux (sssd): Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen |
| wid-sec-w-2024-0923 | ffmpeg: Mehrere Schwachstellen ermöglichen Denial of Service |
| wid-sec-w-2024-0912 | Google Chrome: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff |
| wid-sec-w-2024-0909 | Mozilla Firefox und Thunderbird: Mehrere Schwachstellen |
| wid-sec-w-2024-0905 | FreeRDP: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff |
| wid-sec-w-2024-0880 | less: Schwachstelle ermöglicht Codeausführung |
| wid-sec-w-2024-0856 | ffmpeg: Schwachstelle ermöglicht Codeausführung und DoS |
| wid-sec-w-2024-0846 | Google Chrome / Microsoft Edge: Mehrere Schwachstellen |
| wid-sec-w-2024-0831 | Xen: Mehrere Schwachstellen ermöglichen Denial of Service |
| wid-sec-w-2024-0789 | HTTP/2: Mehrere Schwachstellen ermöglichen Denial of Service |
| wid-sec-w-2024-0776 | Node.js: Mehrere Schwachstellen |
| wid-sec-w-2024-0765 | Google Chrome und Microsoft Edge: Mehrere Schwachstellen |
| wid-sec-w-2024-0723 | Google Chrome: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff |
| wid-sec-w-2024-0701 | Varnish HTTP Cache: Schwachstelle ermöglicht Denial of Service |
| Vulnerability ID | Description |
|---|---|
| ssa-750274 | SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW |
| ssa-885980 | SSA-885980: Multiple Vulnerabilities in Scalance W1750D |
| ssa-832273 | SSA-832273: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 devices |
| ssa-831302 | SSA-831302: Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP before V1.3.0 |
| ssa-822518 | SSA-822518: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW before V11.0.1 on RUGGEDCOM APE1808 devices |
| ssa-794697 | SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 |
| ssa-753746 | SSA-753746: Denial of Service Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products |
| ssa-730482 | SSA-730482: Denial of Service Vulnerability in SIMATIC WinCC |
| ssa-716164 | SSA-716164: Multiple Vulnerabilities in Scalance W1750D |
| ssa-712929 | SSA-712929: Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products |
| ssa-711309 | SSA-711309: Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products |
| ssa-691715 | SSA-691715: Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products |
| ssa-556635 | SSA-556635: Multiple Vulnerabilities in Telecontrol Server Basic before V3.1.2.0 |
| ssa-457702 | SSA-457702: Wi-Fi Encryption Bypass Vulnerabilities in SCALANCE W700 Product Family |
| ssa-455250 | SSA-455250: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices |
| ssa-398330 | SSA-398330: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 |
| ssa-265688 | SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 |
| ssa-222019 | SSA-222019: X_T File Parsing Vulnerabilities in Parasolid |
| ssa-203374 | SSA-203374: Multiple OpenSSL Vulnerabilities in SCALANCE W1750D Devices |
| ssa-128433 | SSA-128433: Multiple Vulnerabilities in SINEC NMS before V2.0 SP2 |
| ssa-968170 | SSA-968170: Remote Code Execution Vulnerability in SIMATIC STEP 7 V5.x and Derived Products |
| ssa-943925 | SSA-943925: Multiple Vulnerabilities in SINEC NMS before V2.0 SP1 |
| ssa-918992 | SSA-918992: Unused HTTP Service on SENTRON 3KC ATC6 Ethernet Module |
| ssa-871717 | SSA-871717: Multiple Vulnerabilities in Polarion ALM |
| ssa-792319 | SSA-792319: Missing Read Out Protection in SENTRON 7KM PAC3x20 Devices |
| ssa-770721 | SSA-770721: Multiple Vulnerabilities in SIMATIC RF160B before V2.2 |
| ssa-699386 | SSA-699386: Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family before V4.5 |
| ssa-693975 | SSA-693975: Denial-of-Service Vulnerability in the Web Server of Industrial Products |
| ssa-653855 | SSA-653855: Information Disclosure vulnerability in SINEMA Remote Connect Client before V3.1 SP1 |
| ssa-592380 | SSA-592380: Denial of Service Vulnerability in SIMATIC S7-1500 CPUs and related products |
| Vulnerability ID | Description |
|---|---|
| rhba-2024_0599 | Red Hat Bug Fix Advisory: Migration Toolkit for Applications bug fix and enhancement update |
| rhea-2023_6562 | Red Hat Enhancement Advisory: nginx:1.22 bug fix and enhancement update |
| rhba-2023_6863 | Red Hat Bug Fix Advisory: LVMS 4.14.z Bug Fix and Enhancement update |
| rhba-2023_6109 | Red Hat Bug Fix Advisory: MTV 2.4.3 Images |
| rhba-2023_6078 | Red Hat Bug Fix Advisory: MTV 2.5.2 Images |
| rhba-2023_2181 | Red Hat Bug Fix Advisory: delve, golang, and go-toolset bug fix and enhancement update |
| rhba-2023_5806 | Red Hat Bug Fix Advisory: Red Hat Ansible Automation Platform 2.4 Container Release Update |
| rhba-2023_3611 | Red Hat Bug Fix Advisory: Release of Bug Advisories for the OpenShift Jenkins and Jenkins agent base image |
| rhea-2023_6741 | Red Hat Enhancement Advisory: .NET 8.0 bugfix update |
| rhba-2023_0564 | Red Hat Bug Fix Advisory: OpenShift Container Platform 4.11.26 packages update |
| rhea-2023_7235 | Red Hat Enhancement Advisory: ACS 4.3 enhancement update |
| rhba-2022_5876 | Red Hat Bug Fix Advisory: OpenShift Container Platform 4.10.26 extras update |
| rhba-2024_1440 | Red Hat Bug Fix Advisory: MTV 2.5.6 Images |
| rhba-2024_0928 | Red Hat Bug Fix Advisory: MTV 2.5.5 Images |
| rhba-2023_0568 | Red Hat Bug Fix Advisory: OpenShift Container Platform 4.12.2 packages update |
| rhba-2023_1750 | Red Hat Bug Fix Advisory: OpenShift Container Platform 4.12.13 bug fix update |
| rhba-2024_1136 | Red Hat Bug Fix Advisory: podman bug fix update |
| rhba-2024_1127 | Red Hat Bug Fix Advisory: libssh bug fix update |
| rhba-2023_6928 | Red Hat Bug Fix Advisory: go-toolset:rhel8 bug fix and enhancement update |
| rhba-2023_6364 | Red Hat Bug Fix Advisory: golang and delve bug fix and enhancement update |
| rhba-2023_7648 | Red Hat Bug Fix Advisory: MTV 2.5.3 Images |
| rhea-2022_5139 | Red Hat Enhancement Advisory: nodejs:12 bug fix and enhancement update |
| rhea-2022_5221 | Red Hat Enhancement Advisory: nodejs:12 bug fix and enhancement update |
| rhea-2022_4925 | Red Hat Enhancement Advisory: nodejs:12 bug fix and enhancement update |
| rhea-2022_1596 | Red Hat Enhancement Advisory: OpenShift Virtualization 4.9.4 Images |
| rhea-2021_3287 | Red Hat Enhancement Advisory: Red Hat OpenShift Service on AWS 1.0 enhancements |
| rhea-2021_3941 | Red Hat Enhancement Advisory: OpenShift Sandboxed Containers 1.1.0 update |
| rhba-2021_2979 | Red Hat Bug Fix Advisory: OpenShift Container Platform 4.7.23 packages update |
| rhea-2022_5615 | Red Hat Enhancement Advisory: nodejs:12 bug fix and enhancement update |
| rhea-2021_2679 | Red Hat Enhancement Advisory: ACS 3.62 enhancement update |
| Vulnerability ID | Description |
|---|---|
| icsa-24-109-01 | Unitronics Vision series PLCs |
| icsa-21-287-03 | Mitsubishi Electric MELSEC iQ-R Series |
| icsa-24-107-04 | RoboDK RoboDK |
| icsa-24-107-03 | Rockwell Automation ControlLogix and GuardLogix |
| icsa-24-107-02 | Electrolink FM/DAB/TV Transmitter |
| icsa-24-107-01 | Measuresoft ScadaPro |
| icsa-24-102-09 | Rockwell Automation 5015-AENFTXT |
| icsa-24-100-01 | SUBNET PowerSYSTEM Server and Substation Server |
| icsa-24-102-08 | Siemens Telecontrol Server Basic |
| icsa-24-102-07 | Siemens SINEC NMS |
| icsa-24-102-06 | Siemens Parasolid |
| icsa-24-102-05 | Siemens Scalance W1750D |
| icsa-24-102-04 | Siemens RUGGEDCOM APE1808 |
| icsa-24-102-03 | Siemens RUGGEDCOM APE1808 before V11.0.1 |
| icsa-24-102-02 | Siemens SIMATIC WinCC |
| icsa-24-102-01 | Siemens SIMATIC S7-1500 |
| icsa-24-095-02 | Schweitzer Engineering Laboratories SEL 700 series relays |
| icsa-24-095-01 | Hitachi Energy Asset Suite 9 |
| icsa-24-093-01 | IOSIX IO-1020 Micro ELD |
| icsa-24-086-04 | Rockwell Automation FactoryTalk View ME |
| icsa-24-086-03 | Rockwell Automation Arena Simulation |
| icsa-24-086-02 | Rockwell Automation PowerFlex 527 |
| icsa-24-086-01 | AutomationDirect C-MORE EA9 HMI |
| icsa-24-081-01 | Advantech WebAccess/SCADA |
| icsa-24-079-01 | Franklin Fueling System EVO 550/5000 |
| icsa-24-074-14 | Mitsubishi Electric MELSEC-Q/L Series |
| icsa-24-074-13 | Softing edgeConnector |
| icsa-24-074-12 | Delta Electronics DIAEnergie |
| icsa-24-074-07 | Siemens SIMATIC |
| icsa-23-143-03 | Mitsubishi Electric MELSEC Series CPU module (Update C) |
| Vulnerability ID | Description |
|---|---|
| cisco-sa-duo-infodisc-rlceqm6t | Cisco Duo Authentication for Windows Logon and RDP Information Disclosure Vulnerability |
| cisco-sa-secure-privesc-syxqo6ds | Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability |
| cisco-sa-secure-client-crlf-w43v4g7 | Cisco Secure Client Carriage Return Line Feed Injection Vulnerability |
| cisco-sa-sb-wap-multi-85g83crb | Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection and Buffer Overflow Vulnerabilities |
| cisco-sa-duo-win-bypass-pn42kkbm | Cisco Duo Authentication for Windows Logon and RDP Authentication Bypass Vulnerability |
| cisco-sa-appd-xss-3jwqsmnt | Cisco AppDynamics Controller Cross-Site Scripting Vulnerability |
| cisco-sa-appd-traversal-m7n8mzpf | Cisco AppDynamics Controller Path Traversal Vulnerability |
| cisco-sa-curl-libcurl-d9ds39cv | cURL and libcurl Vulnerability Affecting Cisco Products: October 2023 |
| cisco-sa-ucsfi-imm-syn-p6kztdqc | Cisco UCS 6400 and 6500 Series Fabric Interconnects Intersight Managed Mode Denial of Service Vulnerability |
| cisco-sa-nxos-po-acl-tkyepgvl | Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming Vulnerability |
| cisco-sa-nxos-lldp-dos-z7pnctgt | Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability |
| cisco-sa-nxos-ebgp-dos-l3qcwvj | Cisco NX-OS Software External Border Gateway Protocol Denial of Service Vulnerability |
| cisco-sa-ipv6-mpls-dos-r9ycxkwm | Cisco NX-OS Software MPLS Encapsulated IPv6 Denial of Service Vulnerability |
| cisco-sa-cimc-xss-umytyetr | Cisco Integrated Management Controller Cross-Site Scripting Vulnerability |
| cisco-sa-cuic-access-control-jjszqmjj | Cisco Unified Intelligence Center Insufficient Access Control Vulnerability |
| cisco-sa-asaftd-info-disclose-9ejtycmb | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability |
| cisco-sa-clamav-hdffu6t | ClamAV OLE2 File Format Parsing Denial of Service Vulnerability |
| cisco-sa-expressway-csrf-knnzdmj3 | Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities |
| cisco-sa-ftd-snort3acp-bypass-3bdr2beh | Multiple Cisco Products Snort 3 Access Control Policy Bypass Vulnerability |
| cisco-sa-cuc-unauth-afu-froyscsd | Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability |
| cisco-sa-cucm-rce-bwnzqcum | Cisco Unified Communications Products Remote Code Execution Vulnerability |
| cisco-sa-sb-bus-acl-bypass-5zn9hnjk | Cisco Small Business Series Switches Stacked Reload ACL Bypass Vulnerability |
| cisco-sa-cuc-xss-9tfuu5ms | Cisco Unity Connection Cross-Site Scripting Vulnerability |
| cisco-sa-sdwan-privesc-cli-xkgwmqku | Cisco SD-WAN Software Arbitrary File Corruption Vulnerability |
| cisco-sa-sd-wan-file-access-vw36d28p | Cisco SD-WAN Solution Improper Access Control Vulnerability |
| cisco-sa-broadworks-xss-6syj82ju | Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Stored Cross-Site Scripting Vulnerability |
| cisco-sa-tms-portal-xss-axnevg3s | Cisco TelePresence Management Suite Cross-Site Scripting Vulnerabilities |
| cisco-sa-thouseyes-privesc-dmzhg3qv | Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability |
| cisco-sa-sb-wap-inject-bhstwgxo | Cisco WAP371 Wireless Access Point Command Injection Vulnerability |
| cisco-sa-pi-epnm-wkzjeyeq | Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Vulnerabilities |
| Vulnerability ID | Description |
|---|---|
| sca-2024-0001 | Vulnerability in SICK Logistics Analytics Products and SICK Field Analytics |
| sca-2023-0011 | Vulnerability in multiple SICK Flexi Soft Gateways |
| sca-2023-0010 | Vulnerabilities in SICK Application Processing Unit |
| sca-2023-0008 | Vulnerability in SICK SIM1012 |
| sca-2023-0009 | Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products |
| sca-2023-0007 | Vulnerabilities in SICK LMS5xx |
| sca-2023-0006 | Vulnerabilities in SICK ICR890-4 |
| sca-2023-0005 | Vulnerabilities in SICK EventCam App |
| sca-2023-0004 | Vulnerabilities in SICK FTMg |
| sca-2023-0003 | Vulnerability in SICK Flexi Soft and Flexi Classic Gateways |
| Vulnerability ID | Description |
|---|---|
| nn-2023_17-01 | Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 |
| nn-2024_1-01 | DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 |
| nn-2023_12-01 | Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 |
| nn-2023_9-01 | Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 |
| nn-2023_8-01 | Session Fixation in Guardian/CMC before 22.6.2 |
| nn-2023_7-01 | DoS via SAML configuration in Guardian/CMC before 22.6.2 |
| nn-2023_6-01 | Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 |
| nn-2023_5-01 | Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2 |
| nn-2023_4-01 | Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2 |
| nn-2023_3-01 | Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 |
| nn-2023_2-01 | Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2 |
| nn-2023_11-01 | SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 |
| nn-2023_10-01 | DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 |
| nn-2023_1-01 | Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2 |
| nn-2022_2-02 | Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0 |
| nn-2022_2-01 | Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0 |
| nn-2021_2-01 | Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4 |
| nn-2021_1-01 | Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4 |
| nn-2020_3-01 | Angular template injection on custom report name field |
| nn-2020_2-01 | Cross-site request forgery attack on change password form |
| nn-2019_2-01 | CSV Injection on node label |
| nn-2019_1-01 | Stored XSS in field name data model |
| Vulnerability ID | Description |
|---|---|
| oxas-adv-2024-0001 | OX App Suite Security Advisory OXAS-ADV-2024-0001 |
| oxas-adv-2023-0007 | OX App Suite Security Advisory OXAS-ADV-2023-0007 |
| oxas-adv-2023-0006 | OX App Suite Security Advisory OXAS-ADV-2023-0006 |
| oxas-adv-2023-0005 | OX App Suite Security Advisory OXAS-ADV-2023-0005 |
| oxas-adv-2023-0004 | OX App Suite Security Advisory OXAS-ADV-2023-0004 |
| oxas-adv-2023-0003 | OX App Suite Security Advisory OXAS-ADV-2023-0003 |
| oxas-adv-2023-0002 | OX App Suite Security Advisory OXAS-ADV-2023-0002 |
| oxas-adv-2023-0001 | OX App Suite Security Advisory OXAS-ADV-2023-0001 |
| oxas-adv-2022-0002 | OX App Suite Security Advisory OXAS-ADV-2022-0002 |
| oxas-adv-2022-0001 | OX App Suite Security Advisory OXAS-ADV-2022-0001 |