CVE Catalog

A denial-of-service vulnerability has been identified in Redis versions 7.0.0 and later. The issue arises when an authenticated user with sufficient privileges creates a malformed Access Control List (ACL) selector. When this malformed selector is accessed, it triggers a server panic, leading to a crash and subsequent denial-of-service condition.

A vulnerability allowing remote attackers to access sensitive information exists in multiple Netis router models, including the Wifi6 Router NX10 (versions 2.0.1.3643 and 2.0.1.3582), Wifi 11AC Router NC65 (version 3.0.0.3749), Wifi 11AC Router NC63 (versions 3.0.0.3327 and 3.0.0.3503), Wifi 11AC Router NC21 (versions 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329), and Wifi Router MW5360 (versions 1.0.1.3442 and 1.0.1.3031). The issue arises from the endpoint /cgi-bin/skk_set.cgi and the binary /bin/scripts/start_wifi.sh, which can be exploited to retrieve confidential information.

A vulnerability exists in multiple Netis router models, including the Wifi6 Router NX10, Wifi 11AC Routers NC65, NC63, NC21, and the Wifi Router MW5360. This issue allows remote attackers to access sensitive information by exploiting the password parameter on the change admin password page of the router's web interface.

A vulnerability allowing remote attackers to access sensitive information exists in several Netis router models, including the Wifi6 Router NX10 (versions 2.0.1.3643 and 2.0.1.3582), Wifi 11AC Router NC65 (version 3.0.0.3749), Wifi 11AC Router NC63 (versions 3.0.0.3327 and 3.0.0.3503), Wifi 11AC Router NC21 (versions 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329), and Wifi Router MW5360 (versions 1.0.1.3442 and 1.0.1.3031). The issue arises from the skk_get.cgi component, where the mode_name and wl_link parameters can be exploited to retrieve sensitive information.

A remote code execution vulnerability has been identified in Redis versions prior to 6.2.17, 7.2.7, and 7.4.2. This issue allows an authenticated user to execute a specially crafted Lua script that manipulates the garbage collector, potentially leading to arbitrary code execution. The vulnerability exists in all versions of Redis that support Lua scripting.

A privilege escalation vulnerability has been identified in Inspur ClusterEngine version 4.0. This issue arises from an improper SUID configuration in the component '/opt/tsce4/torque6/bin/getJobsByShell', allowing non-administrative users to gain root access by exploiting the SUID mechanism. The vulnerability enables these users to execute arbitrary commands with elevated privileges.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Grocy versions through 4.3.0. The application lacks CSRF protection, as the session token does not have security flags and no countermeasures are implemented. This vulnerability allows users to change the password of the administrator by exploiting the absence of CSRF safeguards.

An information disclosure vulnerability exists in Grocy versions through 4.3.0. It allows remote attackers to access sensitive data by directly requesting pages that are not visible in the user interface, such as the calendar and recipes. This issue is a result of broken access control, where unauthorized users can bypass restrictions by accessing certain URLs or API endpoints directly.

A vulnerability exists in Guzzle OAuth Subscriber versions prior to 0.8.1, where the OAuth 1.0 nonce generation lacks adequate entropy and does not utilize a cryptographically secure pseudorandom source. This deficiency can expose servers to replay attacks, particularly when TLS is not implemented.

A stored cross-site scripting vulnerability has been identified in Grocy versions through 4.3.0. This issue allows for privilege escalation by uploading a malicious HTML or SVG file, which is not properly validated, to the edit profile section. When the file is accessed by an administrator, the embedded script is executed, potentially leading to unauthorized actions such as changing an admin password.

A vulnerability has been identified in the AsusSAIO.sys driver associated with ASUS System Analysis IO version 1.0.0. This vulnerability allows low-privileged users to bypass access controls and misuse driver functionalities by sending specially crafted IOCTL requests. The exploitation of this vulnerability could lead to privilege escalation, unauthorized code execution with elevated rights, and information disclosure. Additionally, because these drivers are signed, they could potentially be used to circumvent Microsoft's driver-signing policy to execute malicious code.

A vulnerability in the DeviceloControl function of ITE Tech, Inc. ITE IO Access version 1.0.0.0, allows attackers to execute arbitrary read and write operations on ports by sending crafted IOCTL requests.

A stored cross-site scripting vulnerability has been identified in REDAXO CMS version 5.17.1. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the password parameter of the /media/test.html component. Additionally, this vulnerability can lead to authenticated arbitrary code execution, according to the vulnerability's author.

A cross-site scripting (XSS) vulnerability exists in Grav version 1.7.45. This issue allows users with limited page creation rights to inject malicious JavaScript into their pages, which could be executed by anyone viewing the page, including administrators. The vulnerability arises from inadequate input validation and content filtering, enabling the execution of unauthorized scripts.

A file upload vulnerability has been identified in ChestnutCMS versions through 1.5.0. The issue arises in the /api/member/avatar API endpoint, which accepts a base64-encoded image string. This string is processed by the memberService.uploadAvatarByBase64 method, where the image is decoded and saved to a file without proper validation of the file extension. This vulnerability is particularly concerning because it is exposed to the frontend, allowing for potentially harmful files to be uploaded.

A vulnerability in Suricata's TCP stream processing prior to version 7.0.8 allows TCP urgent data to be mismanaged, potentially leading to evasion of detection. This issue arises because Suricata may analyze traffic differently than applications at the TCP endpoints, creating a disconnect in how data is processed. In versions prior to 7.0.8, urgent data was ignored, but many applications rely on this data being processed out-of-band. The vulnerability can be exploited by sending TCP packets with the urgent flag set, which Suricata will handle according to its default or configured policies, creating gaps or inconsistencies in the data analysis.

A vulnerability in Suricata's DNS handling prior to version 7.0.8 allows DNS resource name compression to create small DNS messages with excessively large hostnames. This can be expensive to decode and result in oversized DNS log entries. Although there are limits to prevent this, they were not stringent enough. The issue has been fixed in Suricata version 7.0.8.

A buffer overflow vulnerability has been identified in Suricata versions prior to 7.0.8. This issue arises from an unsigned integer underflow, which allows a specially crafted TCP stream to cause a significant buffer overflow. The vulnerability occurs because the buffer is initialized with zeroes using memset, creating an opportunity for the overflow to be exploited.

A buffer overflow vulnerability has been identified in Suricata, a network intrusion detection and prevention system, prior to version 7.0.8. The issue arises when a large Berkeley Packet Filter (BPF) file is provided to Suricata at startup, leading to a buffer overflow condition. This vulnerability requires user interaction, as it involves the use of untrusted files with the 'suricata -F' command line option.

An arbitrary code execution vulnerability exists in Z-BlogPHP versions through 1.7.3. The issue arises from a file upload vulnerability in the Z-Blog admin panel, where the system fails to properly validate theme files before allowing them to be uploaded. This lack of scrutiny enables attackers to inject malicious code into a theme file, which is then executed by the server. Exploitation of this vulnerability allows attackers to execute arbitrary code on the host machine, potentially leading to full control over the compromised system.

A logic flaw in SeaCMS version 13.1 has been identified, allowing any user to register accounts in bulk. This vulnerability arises from incorrect access control, which can be exploited by attackers to bypass normal registration limits.

A vulnerability in SeaCMS version 13.1 has been identified, allowing incorrect access control that can be exploited to enable any user to recharge membership for an indefinite period. This logic flaw could lead to unauthorized benefits or privileges within the application.

A privilege escalation vulnerability exists in SecureAge Security Suite versions 7.0.x prior to 7.0.38, 7.1.x prior to 7.1.11, 8.0.x prior to 8.0.18, and 8.1.x prior to 8.1.18. This vulnerability allows unauthorized users to create, modify, and delete files arbitrarily.

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in the login page of IceHRM version 32.4.0.OS. This vulnerability arises from inadequate sanitization of the 'next' parameter, which is returned in the application's response without proper escaping. As a result, an attacker can exploit this issue by persuading a user to click on a specially crafted URL, leading to the execution of arbitrary JavaScript code in the context of the user's browser. This vulnerability exists despite the application having some sanitization measures in place.

A vulnerability in NiceGUI versions prior to 2.9.1 allows for session hijacking across different browsers, including incognito mode. When a user logs in on one browser, the session is shared with all other browsers without requiring a password. This issue has been addressed in NiceGUI version 2.9.1.

A data exfiltration vulnerability has been identified in AAT (Another Activity Tracker) versions prior to 1.26. This vulnerability allows malicious apps installed on the same device to access and read data from AAT, including sensitive geolocation information.

A denial-of-service vulnerability has been identified in go-git versions prior to 5.13. This issue allows an attacker to cause resource exhaustion in go-git clients by sending specially crafted responses from a Git server. This vulnerability does not affect the upstream Git command-line interface.

An argument injection vulnerability has been identified in go-git, a Git implementation library written in Go, affecting versions 4.0.0 prior to 5.13.0. The vulnerability arises when the file transport protocol is used, as this is the only protocol that interacts with Git binaries. Exploitation could allow an attacker to inject arbitrary values into git-upload-pack flags.

A vulnerability has been identified in the Linux kernel's DVB frontend component, specifically in the DIB3000MB driver. This issue involves the use of an uninitialized value in the 'DIB3000_READ_REG' function, which can lead to undefined behavior. The problem arises because a local buffer is used in an I2C transfer as a read buffer; if the transfer fails, the buffer may contain unpredictable values. The 'DIB3000_WRITE_REG' function lacks proper error handling for this scenario, creating a potential risk. The vulnerability has been addressed by initializing the read buffer to zero before use.

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) subsystem has been addressed. The issue arose on x86-64 architectures when calling the function 'bpf_get_smp_processor_id()' in a kernel with 'CONFIG_SMP' disabled. This situation can lead to a page fault error because 'pcpu_hot' is unavailable, causing a supervisor read access violation in kernel mode. The vulnerability has been fixed by modifying the function to return 0 when 'CONFIG_SMP' is not enabled.

A null pointer dereference vulnerability has been identified in the Linux kernel's DMA engine, specifically within the AT XDMAC component. The issue arises in the 'at_xdmac_memset_create_desc' function, which may return a NULL value. This can lead to a null pointer dereference if, for instance, the 'len' input is erroneous, or if the 'atchan->free_descs_list' is empty and memory resources are depleted. The vulnerability has been addressed by adding a check to prevent the null pointer dereference.

A double free vulnerability has been identified in the Linux kernel's MTD raw NAND subsystem, specifically within the Atmel PMECC (Error Correction Code) handling function. The issue arises because the 'user' pointer, which was originally allocated using kzalloc(), was changed to be allocated by devm_kzalloc(). This modification creates a scenario where calling kfree(user) results in a double free condition, potentially leading to memory corruption or other unintended consequences.

A use-after-free vulnerability has been identified in the Linux kernel's PowerPC pSeries VAS (Virtual Address Space) implementation. When a 'paste' address is mapped, the corresponding VMA (Virtual Memory Area) address is stored in the VAS window structure. This VMA is supposed to be updated during migration to unmap the paste address if the window is active. However, the VMA is not properly updated when the 'munmap' operation is performed, leading to invalid memory access during migration. This issue was highlighted by a KASAN (Kernel Address Sanitizer) report, which documented the slab-use-after-free error occurring in the 'reconfig_close_windows' function, triggered by the 'drmgr' task.

A use-after-free vulnerability has been identified in the Linux kernel's ublk device management. This issue arises when the 'add_disk()' function fails, potentially leading to a use-after-free condition. The vulnerability occurs because the 'ublk_abort_requests()' function, which is responsible for aborting all inflight requests, is called when exiting the uring context or handling timeouts. If 'add_disk()' fails, the 'gendisk' may have already been freed by the time 'ublk_abort_requests()' is called, creating the use-after-free scenario.

A vulnerability has been identified in the Linux kernel's tracing component, specifically related to the validation of count values for the 'tracing_cpumask_write' function. If an excessively large count is provided, it can trigger a warning during the bitmap parsing process. The vulnerability has been addressed by implementing a check to prevent invalid count values and ensuring that zero counts are properly handled.

A vulnerability in the Linux kernel's handling of the indirect branch tracker (IBT) can lead to a deadlock situation. This issue arises when an indirect branch instruction sets the CPU's IBT into a WAIT_FOR_ENDBRANCH (WFE) state, which is then improperly maintained across instruction boundaries. During the 'kernel IBT no ENDBR' self-test, where #CP faults are intentionally triggered, the WFE state must be cleared to prevent execution from getting stuck in a loop. While the Interrupt Descriptor Table (IDT) does not retain the WFE state, the FRED mechanism does, requiring software to manually clear it. Failure to do so can cause the CPU to repeatedly enter a dead loop, exacerbating the problem.

A vulnerability in the Linux kernel's PCI/MSI handling has been addressed, specifically for RISC-V and Loongarch platforms that lack proper PCI/MSI support. The issue arose because these platforms enabled legacy support without implementing the necessary fallbacks, leading to warnings during the MSI IRQ setup process. The vulnerability has been resolved by correcting the evaluation of legacy mode support and adding the missing checks in the MSI enable path.

A use-after-free vulnerability has been identified in the Linux kernel's Btrfs file system. The issue arises during the Copy-On-Write (COW) operation on tree blocks when tracing is enabled and preemption is allowed. Specifically, the vulnerability occurs in the 'btrfs_cow_block()' function, where the last reference to the extent buffer can be released before the corresponding tracepoint is executed. This premature release, managed by the Read-Copy Update (RCU) mechanism, can lead to a use-after-free condition, as the extent buffer may be freed before the tracepoint has completed its execution.

A denial-of-service vulnerability has been identified in the Linux kernel's Btrfs file system. The issue arises in the 'relocate_one_folio()' function, where the folio is unlocked after being read. This allows another thread to modify the folio's mapping before it is relocked, potentially leading to a null pointer dereference and a kernel crash. The vulnerability is particularly problematic when relocating data concurrently with transaction aborts, causing a crash by dereferencing a null pointer.

A vulnerability in the Linux kernel's Bluetooth subsystem, specifically within the Mediatek USB driver, has been addressed. The issue arose because the Mediatek driver did not properly release a USB interface used for ISO data transmission before unregistering the Bluetooth HCI device during a USB disconnect. This oversight could lead to a kernel panic when the Bluetooth USB dongle is removed, as the system attempted to unregister the HCI device without the interface being properly released.

A stack overflow vulnerability has been identified in Suricata, a network intrusion detection and prevention system, prior to version 7.0.8. This vulnerability arises from a large input buffer to various transform functions, including to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, and xor. The overflow can cause Suricata to crash.

A vulnerability allowing HTML injection has been identified in IBM UrbanCode Deploy (UCD) versions 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3. This vulnerability could enable a user to inject arbitrary HTML tags into the Web UI, potentially leading to the disclosure of sensitive information.

A denial-of-service vulnerability has been identified in Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.x. This issue arises from an incorrect permission assignment for critical resources, allowing a locally authenticated attacker to potentially exploit the vulnerability.

A server-side request forgery (SSRF) vulnerability has been identified in FFmpeg's DASH playlist support, specifically in versions 4.2 through 6.0. This flaw allows arbitrary HTTP GET requests to be made from the machine running FFmpeg, using a crafted DASH playlist that contains malicious URLs. The vulnerability arises because the DASH demuxer does not properly check the protocol whitelist before initiating HTTP requests, potentially leading to unauthorized access or data exfiltration.

A denial-of-service vulnerability has been identified in FFmpeg versions 2.0 (at least) through 6.0 (latest). This issue arises in the HLS (HTTP Live Streaming) XBIN demuxer, where the absence of proper input format validation allows arbitrary data to be processed as XBIN-formatted. This exploitation leads to a significant increase in CPU usage during transcoding and creates excessively large output files, causing degraded performance. The vulnerability could be triggered by crafting an HLS playlist that bypasses file extension checks, directing FFmpeg to demux non-XBIN data as XBIN, which is then amplified into a larger file.

A vulnerability in FFmpeg's HLS demuxer allows for bypassing file extension checks that are meant to prevent unsafe files from being processed. This is achieved by appending certain file extensions to base64-encoded data URIs, which can then trigger arbitrary demuxers. The issue affects FFmpeg versions 2.0 through 6.0.

A cross-site scripting (XSS) vulnerability has been identified in the TabberNeue MediaWiki extension, specifically in versions prior to 2.7.2. The issue arises in the TabberTransclude.php file, where user-supplied page names are not properly escaped before being output. This flaw allows an XSS payload to be injected and executed. The vulnerability is present in the 'tabbertransclude' hook, which can be exploited by users who can edit pages or render wikitext.

A vulnerability in tgstation-server prior to version 6.12.3 allows enabled users to access most authorized API actions, regardless of their specific permissions. This issue arises because roles for authorizing API methods were incorrectly combined with the user-enabled role, allowing unauthorized access. However, the vulnerability does not affect the WriteUsers permission, preventing permanent elevation of account privileges.

A file upload conflict vulnerability has been identified in LangChain4j-AIDeepin versions prior to 3.5.0. The issue arises because the application uses MD5 to hash files, leading to potential conflicts during file uploads. This vulnerability has been addressed in version 3.5.0.

An open redirect vulnerability has been identified in Pnetlab version 5.3.11. This vulnerability allows an attacker to manipulate URLs, redirecting users to arbitrary external websites via a crafted script.