CVE Catalog

An authentication vulnerability has been identified in the ealpha072 Student Management System, specifically in the administrative backend component. The issue arises from the 'admin/config.php' file, which disables session management by commenting out the 'session_start()' function. This oversight prevents the application from properly verifying user authentication, allowing unauthenticated users to access the admin dashboard and other administrative pages. The vulnerability affects all versions of the application prior to the latest commit on October 7, 2021.

A denial-of-service vulnerability has been identified in SGLang versions up to 0.5.11, specifically within the Cache Handler component's data_hash function. This vulnerability, which requires local execution and involves a high level of complexity, has been publicly disclosed and could be exploited. The issue arises from hash collisions in the multimodal embedding cache, leading to embedding corruption, cache instability across processes, and request crashes.

A boot script injection vulnerability has been identified in OpenStack Ironic versions 17.0.0 prior to 26.1.7, 27.0.0 prior to 29.0.6, 30.0.0 prior to 32.0.2, and 33.0.0 prior to 35.0.2. This vulnerability allows users with access to modify 'node.driver_info' or 'node.instance_info' to inject crafted values that execute iPXE scripts during the boot process. The issue arises from unsanitized user-controlled data in the kernel command line overrides, which can be exploited to redirect boot processes or access sensitive information.

A vulnerability exists in NetApp Active IQ OneCollect version 2.7.3 due to hard-coded credentials. This issue could enable an authenticated attacker with low privileges to execute unauthorized AutoSupport operations.

A vulnerability exists in NetApp Active IQ Config Advisor version 6.7.3 due to hard-coded credentials. This issue could enable an authenticated attacker with low privileges to execute unauthorized AutoSupport operations.

A server-side request forgery (SSRF) vulnerability has been identified in CRMEb Java version 1.4. The issue arises in the Qrcode Base64 endpoint, specifically within the RestTemplateUtil class. The vulnerability allows remote attackers to manipulate the url parameter, which is passed to the RestTemplate.getForEntity() method without proper validation. This exploitation enables arbitrary HTTP requests to be made from the server. The endpoint is whitelisted in the authentication interceptor, meaning it does not require login credentials to access.

A local privilege escalation vulnerability has been identified in Acronis DeviceLock DLP for Windows, prior to build 9.0.15051.93227. This vulnerability arises from a DLL hijacking issue, allowing unauthorized users to escalate privileges on the affected system.

A local privilege escalation vulnerability has been identified in Acronis DeviceLock DLP for Windows, prior to build 9.0.15051.93227. This vulnerability arises from a DLL hijacking issue, allowing unauthorized users to escalate privileges on the affected system.

A local privilege escalation vulnerability has been identified in Acronis DeviceLock DLP for Windows, prior to build 9.0.15051.93227. This vulnerability arises from EXE hijacking, allowing unauthorized users to gain elevated privileges.

An open redirect vulnerability has been identified in FOSSBilling versions through 0.7.2. The issue arises in the Redirect module, which fails to validate the URL scheme of destination URLs configured by administrators. This lack of validation allows arbitrary external URLs to be set as redirect targets, enabling phishing attacks. When a user follows a legitimate FOSSBilling URL, they can be silently redirected to an attacker-controlled site. The redirect is issued as a 301 (Moved Permanently) response, which browsers cache persistently, amplifying the impact. Exploitation requires administrator privileges to create or modify redirect entries, limiting practical attack scenarios to multi-admin environments or compromised admin accounts.

A local privilege escalation vulnerability has been identified in Acronis DeviceLock DLP for Windows, prior to build 9.0.15051.93227. This issue arises from excessive permissions granted to child processes, allowing for unauthorized elevation of privileges.

A vulnerability in FOSSBilling, a billing and client management system, allows the exact system version to be leaked through asset cache buster parameters in the HTML output. This issue affects FOSSBilling versions through 0.7.2 and bypasses the 'hide_version_public' security setting. The version information is embedded in the query string of every '<script>' and '<link>' tag generated by the 'script_tag' and 'stylesheet_tag' Twig filters. As a result, all visitors, including unauthenticated guests, can see the version on every page, regardless of the 'hide_version_public' setting. While the 'X-FOSSBilling-Version' HTTP header and the 'guest.system.version' API endpoint respect the 'hide_version_public' setting, the asset cache buster parameters do not. This version exposure facilitates reconnaissance and makes it easier for malicious actors to identify and exploit known vulnerabilities in a given FOSSBilling installation.

A cross-site scripting vulnerability has been identified in MaxSite CMS version 109.2. The issue arises from an access control flaw in the backend file upload endpoint used by the admin_page plugin. This vulnerability allows low-privileged backend users to upload HTML files containing malicious scripts without proper authorization. When these files are accessed by users with higher privileges, it can result in the execution of the embedded scripts, leading to the disclosure of sensitive backend information.

A use-of-uninitialized memory vulnerability has been identified in libxls version 1.6.3. This issue arises when the library parses malformed XLS files, leading to undefined behavior and potential information disclosure. The vulnerability is triggered by uninitialized heap memory from the OLE layer, which the XLS parsing code incorrectly trusts. The flaw can be detected with MemorySanitizer (MSAN), but in non-instrumented builds, it may result in logic errors or incorrect workbook states.

A use of uninitialized memory vulnerability has been identified in libxls, affecting versions through 1.6.3. The issue arises in the OLE container parser, where memory allocated for the Master Sector Allocation Table (MSAT) is not fully initialized before being used to validate the sector chain. This flaw can lead to application crashes or potential information disclosure when processing a crafted XLS file.

A vulnerability exists in MLRun versions up to 1.12.0-rc3, specifically within the DataFrame Hash Handler component. The issue arises in the function 'mlrun.utils.helpers.calculate_dataframe_hash', located in 'mlrun/utils/helpers.py'. This vulnerability allows for the use of weak hashing, leading to collisions where different DataFrames are assigned the same hash value. Such collisions can cause conflicts in dataset artifact paths, potentially overwriting data and creating discrepancies in metadata. The vulnerability can only be exploited in a local environment, and while the complexity of the attack is high, it has been disclosed publicly and may be used.

A vulnerability exists in version 3.0.7 of the Securly Chrome Extension, which is used on K–12 school-managed Chromebooks. The extension employs outdated SHA-1 hashing for matching URLs against the Internet Watch Foundation (IWF) Child Sexual Abuse Material (CSAM) database and the Children's Internet Protection Act (CIPA) blocklist. This vulnerability could potentially allow for the circumvention of content filtering rules, exposing students to inappropriate material or incorrectly blocking access to educational resources.

A denial-of-service vulnerability has been identified in version 3.0.7 of the Securly Chrome Extension. The extension downloads a configuration file over unencrypted HTTP and processes server-supplied patterns as JavaScript regular expressions without validating their complexity. This oversight allows an on-path attacker to inject specific patterns that cause catastrophic backtracking, disrupting all browsing activity.

A vulnerability exists in version 3.0.7 of the Securly Chrome Extension due to the use of EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. This implementation is flawed because MD5 has been compromised since 2004, and a single iteration lacks effective key stretching, significantly weakening the encryption's security. As a result, protected data is susceptible to efficient offline cracking.

A vulnerability exists in version 3.0.7 of the Securly Chrome Extension, which is used on K–12 school-managed Chromebooks. The extension dynamically registers a content script that is not declared in the manifest file, allowing it to bypass the Chrome Web Store's static security review. This script runs on all URLs, immediately hides page content, creates a full-page overlay, pauses videos, and only restores content once the service worker confirms the page has passed filtering. If Securly's servers are unreachable, the pages remain hidden indefinitely.

A vulnerability in version 3.0.7 of the Securly Chrome Extension allows unauthenticated access to sensitive data through multiple publicly accessible endpoints. The exposed data includes SHA-1 hashes that are poorly obfuscated with a simple Caesar cipher, easily reversible to retrieve the original hash values and access protected information. This extension is commonly used on K–12 school-managed Chromebooks to enforce internet safety policies and monitor student activity.

A vulnerability exists in version 3.0.7 of the Securly Chrome Extension due to hardcoded, plaintext AES passphrases embedded in the file securly.min.js. These passphrases are used to decrypt crisis alert keyword data and intervention site data. This issue is part of a broader set of vulnerabilities in the extension, which is commonly used on K–12 school-managed Chromebooks.

A vulnerability in version 3.0.7 of the Securly Chrome Extension allows the download of JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP, using the Fetch API. This inconsistent implementation of TLS exposes sensitive data, as other endpoints in the extension correctly use HTTPS. The Securly Chrome Extension is commonly used on K–12 school-managed Chromebooks to enforce internet safety policies and manage student online activity.

A PHP Object Injection vulnerability has been identified in Concrete CMS versions prior to 9.5.2. The issue arises from unserialize() calls in the Workflow, Form block, and File/Set components, which do not restrict allowed classes. This vulnerability allows an unauthenticated attacker to trigger arbitrary PHP object instantiation by placing a malicious serialized payload in the database.

A type confusion vulnerability has been identified in OP-TEE OS versions 4.3.0 prior to 4.11.0. This vulnerability occurs when OP-TEE is configured as a Secure Partition Manager (SPMC) for Secure EL0 Service Partitions, with the options 'CFG_CORE_SEL1_SPMC' and 'CFG_SECURE_PARTITION' enabled. The issue arises while processing an FFA_MEM_SHARE request from the normal world, where a dynamically allocated buffer is incorrectly passed as a 'struct ffa_rxtx' pointer. This misallocation allows an attacker in the EL1 Normal World to control the memory addresses accessed by OP-TEE, potentially leading to a crash of the secure world kernel and disrupting normal world hypervisors and other guests.

A vulnerability exists in OP-TEE versions prior to 4.11.0, where the public key used in Elliptic Curve Diffie-Hellman (ECDH) key exchange is not properly validated to ensure it lies on the correct curve. This flaw allows a normal world attacker to reconstruct the private key by sending approximately 30-40 crafted public keys. The issue arises because the public key's X and Y coordinates may not satisfy the mathematical requirements for the specific curve being used. When these invalid keys are accepted, an attacker can manipulate the ECDH key derivation process to leak portions of the private key, which can then be fully recovered using the Chinese Remainder Theorem.

A cross-site scripting vulnerability has been identified in ERPNext version 16.16.0. This issue allows authenticated users to inject arbitrary HTML or JavaScript into the email_id or mobile_no fields of a Customer record. The injected content is then rendered without proper escaping in the Point of Sale (POS) interface, affecting all operators who select that customer.

A vulnerability exists in ERPNext version 16.16.0, allowing authenticated users with permission to edit Item records to inject arbitrary HTML or JavaScript. This injected content is rendered without proper escaping in the Point of Sale (POS) cart interface, affecting all operators who add the modified item to a transaction. The exploitation occurs through the item_name, description, or image fields of the Item record.

A vulnerability in Koha versions through 25.11 allows remote attackers to execute arbitrary code via the Z39.50 configuration module. This issue arises because the application does not properly validate data before incorporating it into SQL queries, creating an opportunity for SQL injection attacks.

A cross-site scripting (XSS) vulnerability has been identified in Koha versions through 25.11. This issue allows remote attackers to execute arbitrary code by uploading malicious files through the invoice feature.

A vulnerability in the Linux kernel's ibmveth driver can cause certain physical adapters on Power systems to freeze when handling packets with a small Maximum Segment Size (MSS) of less than 224 bytes. This issue arises because the hardware does not support segmentation offload for such small MSS values, leading to a complete halt of network traffic until the adapter is manually reset. The problem specifically occurs when the hardware attempts to perform segmentation on multi-segment packets, while single-segment packets are transmitted normally without issues. The vulnerability has been addressed by implementing a feature check that disables Generic Segmentation Offload (GSO) for packets with small MSS values, allowing the network stack to manage segmentation through software instead.

A race condition vulnerability has been identified in the Linux kernel's Coresight TMC-ETR component, specifically within the sysfs and performance (perf) modes. This issue arises because the allocation of sysfs buffers and the enabling of hardware are not synchronized, allowing perf mode to interfere with sysfs mode. When both modes are activated simultaneously, a warning is triggered, indicating a potential conflict. The vulnerability affects the Linux kernel stable tree.

A vulnerability in the Linux kernel's handling of Wi-Fi offloads can lead to a crash in WCN7850 firmware. This issue arises in multi-link connections where offloads are enabled on both primary and secondary links. The vulnerability is present in the Linux kernel's stable branch, specifically in the Wi-Fi driver for the ath12k chipset, and affects WCN7850 hardware version 2.0.

A use-after-free vulnerability has been identified in the Linux kernel's handling of the Richtek RT9455 battery charger within the power supply subsystem. This issue arises because the 'devm_' variant for requesting interrupts is used before the 'devm_' variant for registering the power supply handle. As a result, the power supply handle is deallocated before the interrupt handler is unregistered, creating a race condition. During this window, an interrupt can be triggered that calls 'power_supply_changed()' with a freed handle, leading to system crashes or memory corruption. This vulnerability affects several versions of the Linux kernel.

A NULL pointer dereference vulnerability has been identified in the Linux kernel's Canaan K230 pinctrl driver. This issue occurs when the driver probes and parses the device tree, leading to a kernel crash. The problem arises because the device pointer is accessed before it is properly initialized, causing an invalid memory reference. The vulnerability affects the stable version of the Linux kernel.

A vulnerability in the Linux kernel's PCI/P2PDMA subsystem has been addressed. The issue arose in the 'p2pmem_alloc_mmap()' function, which incorrectly asserted that the initial page reference count should not be zero. This assertion led to a warning when 'CONFIG_DEBUG_VM' was enabled, indicating a reference count of zero. The vulnerability was caused by a previous commit that changed the initial reference count from one to zero, creating a mismatch. The warning condition has been fixed by correcting the assertion to properly reflect the expected reference count.

A use-after-free vulnerability has been identified in the Linux kernel's NFC SHDLC implementation. The issue arises in the 'llc_shdlc_deinit' function, which purges SHDLC socket buffers and frees the SHDLC structure. This process can interfere with active timers and the state machine, potentially leading to a use-after-free condition and other shutdown-related races. The vulnerability was discovered by the Linux Verification Center using the SVACE analysis tool.

A vulnerability exists in the Linux kernel's handling of raw sockets using the IPPROTO_RAW protocol. When a raw socket is created with IPPROTO_RAW, it can inadvertently accept malicious incoming ICMP packets. These packets can manipulate the protocol field to 255, matching the raw socket and causing unauthorized changes to the Forwarding Neighbor Cache (FNHE). This issue arises because IPPROTO_RAW allows the inclusion of any IP protocol in the packet header, while raw sockets are not designed to receive all IP protocols. The vulnerability has been addressed by modifying the kernel to ensure that raw sockets using IPPROTO_RAW drop incoming ICMP packets.

A warning related to workqueue memory reclamation has been addressed in the Linux kernel's RDMA/hns component. When the sunrpc protocol is used and a reset occurs, the workqueue may improperly flush work, leading to a warning. This issue arises because the destruction of a Queue Pair (QP) frees memory, but the associated workqueue is not correctly marked for memory reclamation. The warning indicates a potential problem in the workqueue management, which could lead to improper handling of resources.

A vulnerability in the Linux kernel's handling of kobject initialization within the DRM/xe component can lead to a use-after-free error. This issue arises when the 'devm_add_action_or_reset()' function fails, causing an immediate execution of the cleanup action on a kobject that has not been properly initialized. The flaw can trigger warnings related to kobject management and reference counting, indicating an uninitialized kobject being released and a reference count underflow.

A vulnerability in the Linux kernel's AMD display driver can lead to out-of-bounds memory access. The issue arises in the stream encoder creation function, where the engine ID can be negative or equal to five, which is outside the valid range for the corresponding register array. This flaw has been addressed by implementing a bounds check before using the engine ID as an index, ensuring that it does not access memory beyond the array's limits.

A deadlock vulnerability has been identified in the Linux kernel's ASoC fsl_xcvr component, specifically in the handling of control element writes. The issue arises because the function fsl_xcvr_mode_put() attempts to acquire a read lock on the controls_rwsem semaphore. However, this function is called by snd_ctl_elem_write(), which already holds a write lock on the same semaphore. This improper locking sequence creates a deadlock, causing a hung task, as reported by Alexander Stein.

A potential NULL pointer dereference vulnerability has been identified in the Linux kernel's SPI WPCM-FIU driver. The issue arises in the 'wpcm_fiu_probe()' function, where 'platform_get_resource_byname()' can return NULL. This NULL value, when passed to 'resource_size()', can lead to a crash. The vulnerability affects the Linux kernel stable tree.

A vulnerability allowing an out-of-bounds read has been identified in the Linux kernel's IPv6 routing management. This issue arises in the fib6_add_rt2node function, where the absence of a trailing structure in certain route information can lead to improper memory access. The vulnerability was reported by syzbot and is present in the Linux kernel stable tree.

A vulnerability in the Linux kernel's procfs implementation allows for a use-after-free condition. When the /proc/[pid]/stat file is read, the do_task_stat() function accesses the real_parent task field without proper Read-Copy-Update (RCU) protection. This oversight can lead to a race condition where the task structure is freed before it is safely accessed, causing a use-after-free vulnerability. The issue affects several versions of the Linux kernel.

A vulnerability in the Linux kernel's GPIO character device handling has been addressed. The issue was a NULL dereference in the 'linehandle_create()' function, which could lead to a crash. This occurred because the function retained a NULL pointer and then attempted to dereference it shortly after, causing a failure. The vulnerability has been fixed by modifying the function to use a different value that avoids the NULL dereference.

A vulnerability in the Linux kernel's SP804 timer driver for ARM32 platforms has been addressed. The issue arose because the delay timer shared the same clock event instance with the scheduler clock. On certain platforms, the scheduler clock event was not properly initialized, leading to a kernel Oops error when the current timer was read. This vulnerability affected Linux kernel versions prior to the fix.

A vulnerability in the Linux kernel's NFS LOCALIO optimization can lead to a direct reclaim recursion deadlock. LOCALIO is designed to bypass network operations for NFS commands when the client and server are on the same system. However, this loopback mount can inadvertently cause a deadlock by recursing through the direct reclaim process, particularly when interacting with the XFS filesystem. The issue arises because LOCALIO can loop back into NFS during the reclaim process, creating a potential deadlock scenario.

A problem has been identified in the Linux kernel's fsl-edma DMA engine driver related to improper clock management during the removal of the driver. The issue arises because the clocks are allocated and enabled using a function that automatically handles resource cleanup. However, they are also manually disabled in the driver's removal function, leading to warnings about the clocks being already disabled. This mismanagement can cause unnecessary complications when the driver is unloaded.

A vulnerability in the Linux kernel's AppArmor component allows for unaligned memory accesses, which can lead to warnings and potential issues on various architectures. This vulnerability arises because the deterministic finite automaton (DFA) tables used by AppArmor can come from either the kernel or userspace, and are not always guaranteed to be properly aligned. The lack of alignment can trigger unaligned memory accesses, causing warnings during execution. This issue has been observed in Linux kernel version 6.18.0-rc6.