๐จ CVE-2024-11158
An โuninitialized variableโ code execution vulnerability exists in the
Rockwell Automation Arenaยฎ
that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
๐@cveNotify
An โuninitialized variableโ code execution vulnerability exists in the
Rockwell Automation Arenaยฎ
that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
๐@cveNotify
Rockwell Automation
SD1713 | Security Advisory | Rockwell Automation | US
Multiple Code Execution Vulnerabilities in Arenaยฎ
๐จ CVE-2017-13308
In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
๐จ CVE-2018-9386
In reboot_block_command of htc reboot_block driver, there is a possible
stack buffer overflow due to a missing bounds check. This could lead to
local escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation.
๐@cveNotify
In reboot_block_command of htc reboot_block driver, there is a possible
stack buffer overflow due to a missing bounds check. This could lead to
local escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation.
๐@cveNotify
๐จ CVE-2018-9388
In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege.
๐@cveNotify
In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege.
๐@cveNotify
๐จ CVE-2023-33725
Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.
๐@cveNotify
Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.
๐@cveNotify
GitHub
Burptrast/docs/CVE-2023-33725 at main ยท Contrast-Security-OSS/Burptrast
Burp Plugin for Contrast Security. Contribute to Contrast-Security-OSS/Burptrast development by creating an account on GitHub.
๐จ CVE-2023-33289
The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs.
๐@cveNotify
The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs.
๐@cveNotify
Gist
Public disclosure of vulnerability inside the urlnorm crate through 0.1.4 for Rust
Public disclosure of vulnerability inside the urlnorm crate through 0.1.4 for Rust - gist:b118888dc739e8979038f24c8ac33611
๐จ CVE-2023-33591
User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php.
๐@cveNotify
User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php.
๐@cveNotify
GitHub
CVE/CVE 2023-33591 at main ยท DARSHANAGUPTA10/CVE
Contribute to DARSHANAGUPTA10/CVE development by creating an account on GitHub.
๐จ CVE-2024-27223
In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
๐จ CVE-2024-27234
In fvp_set_target of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
In fvp_set_target of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
๐จ CVE-2021-47025
In the Linux kernel, the following vulnerability has been resolved:
iommu/mediatek: Always enable the clk on resume
In mtk_iommu_runtime_resume always enable the clk, even
if m4u_dom is null. Otherwise the 'suspend' cb might
disable the clk which is already disabled causing the warning:
[ 1.586104] infra_m4u already disabled
[ 1.586133] WARNING: CPU: 0 PID: 121 at drivers/clk/clk.c:952 clk_core_disable+0xb0/0xb8
[ 1.594391] mtk-iommu 10205000.iommu: bound 18001000.larb (ops mtk_smi_larb_component_ops)
[ 1.598108] Modules linked in:
[ 1.598114] CPU: 0 PID: 121 Comm: kworker/0:2 Not tainted 5.12.0-rc5 #69
[ 1.609246] mtk-iommu 10205000.iommu: bound 14027000.larb (ops mtk_smi_larb_component_ops)
[ 1.617487] Hardware name: Google Elm (DT)
[ 1.617491] Workqueue: pm pm_runtime_work
[ 1.620545] mtk-iommu 10205000.iommu: bound 19001000.larb (ops mtk_smi_larb_component_ops)
[ 1.627229] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--)
[ 1.659297] pc : clk_core_disable+0xb0/0xb8
[ 1.663475] lr : clk_core_disable+0xb0/0xb8
[ 1.667652] sp : ffff800011b9bbe0
[ 1.670959] x29: ffff800011b9bbe0 x28: 0000000000000000
[ 1.676267] x27: ffff800011448000 x26: ffff8000100cfd98
[ 1.681574] x25: ffff800011b9bd48 x24: 0000000000000000
[ 1.686882] x23: 0000000000000000 x22: ffff8000106fad90
[ 1.692189] x21: 000000000000000a x20: ffff0000c0048500
[ 1.697496] x19: ffff0000c0048500 x18: ffffffffffffffff
[ 1.702804] x17: 0000000000000000 x16: 0000000000000000
[ 1.708112] x15: ffff800011460300 x14: fffffffffffe0000
[ 1.713420] x13: ffff8000114602d8 x12: 0720072007200720
[ 1.718727] x11: 0720072007200720 x10: 0720072007200720
[ 1.724035] x9 : ffff800011b9bbe0 x8 : ffff800011b9bbe0
[ 1.729342] x7 : 0000000000000009 x6 : ffff8000114b8328
[ 1.734649] x5 : 0000000000000000 x4 : 0000000000000000
[ 1.739956] x3 : 00000000ffffffff x2 : ffff800011460298
[ 1.745263] x1 : 1af1d7de276f4500 x0 : 0000000000000000
[ 1.750572] Call trace:
[ 1.753010] clk_core_disable+0xb0/0xb8
[ 1.756840] clk_core_disable_lock+0x24/0x40
[ 1.761105] clk_disable+0x20/0x30
[ 1.764501] mtk_iommu_runtime_suspend+0x88/0xa8
[ 1.769114] pm_generic_runtime_suspend+0x2c/0x48
[ 1.773815] __rpm_callback+0xe0/0x178
[ 1.777559] rpm_callback+0x24/0x88
[ 1.781041] rpm_suspend+0xdc/0x470
[ 1.784523] rpm_idle+0x12c/0x170
[ 1.787831] pm_runtime_work+0xa8/0xc0
[ 1.791573] process_one_work+0x1e8/0x360
[ 1.795580] worker_thread+0x44/0x478
[ 1.799237] kthread+0x150/0x158
[ 1.802460] ret_from_fork+0x10/0x30
[ 1.806034] ---[ end trace 82402920ef64573b ]---
[ 1.810728] ------------[ cut here ]------------
In addition, we now don't need to enable the clock from the
function mtk_iommu_hw_init since it is already enabled by the resume.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
iommu/mediatek: Always enable the clk on resume
In mtk_iommu_runtime_resume always enable the clk, even
if m4u_dom is null. Otherwise the 'suspend' cb might
disable the clk which is already disabled causing the warning:
[ 1.586104] infra_m4u already disabled
[ 1.586133] WARNING: CPU: 0 PID: 121 at drivers/clk/clk.c:952 clk_core_disable+0xb0/0xb8
[ 1.594391] mtk-iommu 10205000.iommu: bound 18001000.larb (ops mtk_smi_larb_component_ops)
[ 1.598108] Modules linked in:
[ 1.598114] CPU: 0 PID: 121 Comm: kworker/0:2 Not tainted 5.12.0-rc5 #69
[ 1.609246] mtk-iommu 10205000.iommu: bound 14027000.larb (ops mtk_smi_larb_component_ops)
[ 1.617487] Hardware name: Google Elm (DT)
[ 1.617491] Workqueue: pm pm_runtime_work
[ 1.620545] mtk-iommu 10205000.iommu: bound 19001000.larb (ops mtk_smi_larb_component_ops)
[ 1.627229] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--)
[ 1.659297] pc : clk_core_disable+0xb0/0xb8
[ 1.663475] lr : clk_core_disable+0xb0/0xb8
[ 1.667652] sp : ffff800011b9bbe0
[ 1.670959] x29: ffff800011b9bbe0 x28: 0000000000000000
[ 1.676267] x27: ffff800011448000 x26: ffff8000100cfd98
[ 1.681574] x25: ffff800011b9bd48 x24: 0000000000000000
[ 1.686882] x23: 0000000000000000 x22: ffff8000106fad90
[ 1.692189] x21: 000000000000000a x20: ffff0000c0048500
[ 1.697496] x19: ffff0000c0048500 x18: ffffffffffffffff
[ 1.702804] x17: 0000000000000000 x16: 0000000000000000
[ 1.708112] x15: ffff800011460300 x14: fffffffffffe0000
[ 1.713420] x13: ffff8000114602d8 x12: 0720072007200720
[ 1.718727] x11: 0720072007200720 x10: 0720072007200720
[ 1.724035] x9 : ffff800011b9bbe0 x8 : ffff800011b9bbe0
[ 1.729342] x7 : 0000000000000009 x6 : ffff8000114b8328
[ 1.734649] x5 : 0000000000000000 x4 : 0000000000000000
[ 1.739956] x3 : 00000000ffffffff x2 : ffff800011460298
[ 1.745263] x1 : 1af1d7de276f4500 x0 : 0000000000000000
[ 1.750572] Call trace:
[ 1.753010] clk_core_disable+0xb0/0xb8
[ 1.756840] clk_core_disable_lock+0x24/0x40
[ 1.761105] clk_disable+0x20/0x30
[ 1.764501] mtk_iommu_runtime_suspend+0x88/0xa8
[ 1.769114] pm_generic_runtime_suspend+0x2c/0x48
[ 1.773815] __rpm_callback+0xe0/0x178
[ 1.777559] rpm_callback+0x24/0x88
[ 1.781041] rpm_suspend+0xdc/0x470
[ 1.784523] rpm_idle+0x12c/0x170
[ 1.787831] pm_runtime_work+0xa8/0xc0
[ 1.791573] process_one_work+0x1e8/0x360
[ 1.795580] worker_thread+0x44/0x478
[ 1.799237] kthread+0x150/0x158
[ 1.802460] ret_from_fork+0x10/0x30
[ 1.806034] ---[ end trace 82402920ef64573b ]---
[ 1.810728] ------------[ cut here ]------------
In addition, we now don't need to enable the clock from the
function mtk_iommu_hw_init since it is already enabled by the resume.
๐@cveNotify
๐จ CVE-2023-27243
An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.
๐@cveNotify
An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.
๐@cveNotify
Datacap Systems, Inc.
Home
Datacap Systems develops omnichannel integrated payments for any type of Point of Sale application regardless of OS or industry vertical.
๐จ CVE-2023-36369
An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
๐@cveNotify
An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
๐@cveNotify
GitHub
MonetDB server 11.46.0 crashes at `list_append` ยท Issue #7383 ยท MonetDB/MonetDB
Describe the bug MonetDB server 11.46.0 crashes at list_append after executing SQL statements through mclient. To Reproduce create table t1(c1 int auto_increment primary key NOT NULL); create trigg...
๐จ CVE-2022-42792
This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information
๐@cveNotify
This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information
๐@cveNotify
Apple Support
About the security content of iOS 16.1 and iPadOS 16
This document describes the security content of iOS 16.1 and iPadOS 16.
๐จ CVE-2022-42807
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key
๐@cveNotify
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key
๐@cveNotify
Apple Support
About the security content of macOS Ventura 13
This document describes the security content of macOS Ventura 13.
๐จ CVE-2024-21492
All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.
๐@cveNotify
All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.
๐@cveNotify
The Trail of Bits Blog
Security flaws in an SSO plugin for Caddy
We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web applications, including client-side code execution, OAuth replay attacks, and unauthorized accessโฆ
๐จ CVE-2023-52357
Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.
๐@cveNotify
Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.
๐@cveNotify
๐จ CVE-2023-52361
The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity.
๐@cveNotify
The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity.
๐@cveNotify
๐จ CVE-2023-52373
Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing.
๐@cveNotify
Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing.
๐@cveNotify
๐จ CVE-2023-52375
Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability.
๐@cveNotify
Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability.
๐@cveNotify
๐จ CVE-2022-48621
Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify