๐จ CVE-2025-13940
An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the Fireware Web UI will correctly show a failed system integrity check message in the event of a failure.This issue affects Fireware OS: from 12.8.1 through 12.11.4, from 2025.1 through 2025.1.2.
๐@cveNotify
An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the Fireware Web UI will correctly show a failed system integrity check message in the event of a failure.This issue affects Fireware OS: from 12.8.1 through 12.11.4, from 2025.1 through 2025.1.2.
๐@cveNotify
Watchguard
WatchGuard Firebox Boot Time System Integrity Check Bypass
An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure.โฆ
๐จ CVE-2024-32625
In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations
๐@cveNotify
In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations
๐@cveNotify
Asrmicro
Security Center
ASR Microelectronics Co., Ltd. ๏ผASR, 688220.SH๏ผwas established in April 2015 and is headquartered at Zhang Jiang Hi-tech Park, Shanghai. It operates development and support centers in Beijing, Nanjing, Shenzhen, Hefei, Dalian, Chengdu, Xiโan and other mar
๐จ CVE-2024-32631
Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations.
๐@cveNotify
Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations.
๐@cveNotify
Asrmicro
Security Center
ASR Microelectronics Co., Ltd. ๏ผASR, 688220.SH๏ผwas established in April 2015 and is headquartered at Zhang Jiang Hi-tech Park, Shanghai. It operates development and support centers in Beijing, Nanjing, Shenzhen, Hefei, Dalian, Chengdu, Xiโan and other mar
๐จ CVE-2024-32632
A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access
๐@cveNotify
A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access
๐@cveNotify
Asrmicro
Security Center
ASR Microelectronics Co., Ltd. ๏ผASR, 688220.SH๏ผwas established in April 2015 and is headquartered at Zhang Jiang Hi-tech Park, Shanghai. It operates development and support centers in Beijing, Nanjing, Shenzhen, Hefei, Dalian, Chengdu, Xiโan and other mar
โค1
๐จ CVE-2024-32633
An unsigned value can never be negative, so eMMC full disk test will always evaluate the same way.
๐@cveNotify
An unsigned value can never be negative, so eMMC full disk test will always evaluate the same way.
๐@cveNotify
Asrmicro
Security Center
ASR Microelectronics Co., Ltd. ๏ผASR, 688220.SH๏ผwas established in April 2015 and is headquartered at Zhang Jiang Hi-tech Park, Shanghai. It operates development and support centers in Beijing, Nanjing, Shenzhen, Hefei, Dalian, Chengdu, Xiโan and other mar
๐จ CVE-2024-32634
In huge memory get unmapped area check, code can never be reached because of a logical contradiction.
๐@cveNotify
In huge memory get unmapped area check, code can never be reached because of a logical contradiction.
๐@cveNotify
Asrmicro
Security Center
ASR Microelectronics Co., Ltd. ๏ผASR, 688220.SH๏ผwas established in April 2015 and is headquartered at Zhang Jiang Hi-tech Park, Shanghai. It operates development and support centers in Beijing, Nanjing, Shenzhen, Hefei, Dalian, Chengdu, Xiโan and other mar
๐จ CVE-2024-10051
Realchar version v0.0.4 is vulnerable to an unauthenticated denial of service (DoS) attack. The vulnerability exists in the file upload request handling, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each character. This leads to excessive resource consumption and renders the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.
๐@cveNotify
Realchar version v0.0.4 is vulnerable to an unauthenticated denial of service (DoS) attack. The vulnerability exists in the file upload request handling, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each character. This leads to excessive resource consumption and renders the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.
๐@cveNotify
๐จ CVE-2024-23301
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
๐@cveNotify
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
๐@cveNotify
GitHub
ReaR creates world-readable initrd with GRUB_RESCUE=Y ยท Issue #3122 ยท rear/rear
The following issue was reported to us at SUSE by a SUSE customer and the proposed fix is from a colleague at SUSE: ReaR configuration files (excerpt): OUTPUT=ISO COPY_AS_IS+=( "/path/to/secre...
๐จ CVE-2024-1631
Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller.
๐@cveNotify
Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller.
๐@cveNotify
๐จ CVE-2024-29839
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any user
๐@cveNotify
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any user
๐@cveNotify
๐จ CVE-2024-29836
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site.
๐@cveNotify
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site.
๐@cveNotify
๐จ CVE-2024-29837
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in.
๐@cveNotify
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in.
๐@cveNotify
๐จ CVE-2024-29838
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software
๐@cveNotify
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software
๐@cveNotify
๐จ CVE-2024-29840
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS, allowing for an unauthenticated attacker to return the pin value of any user
๐@cveNotify
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS, allowing for an unauthenticated attacker to return the pin value of any user
๐@cveNotify
๐จ CVE-2024-29841
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS, allowing for an unauthenticated attacker to return the keys value of any user
๐@cveNotify
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS, allowing for an unauthenticated attacker to return the keys value of any user
๐@cveNotify
๐จ CVE-2024-29842
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated attacker to return the abacard field of any user
๐@cveNotify
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated attacker to return the abacard field of any user
๐@cveNotify
๐จ CVE-2019-11359
Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.
๐@cveNotify
Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.
๐@cveNotify
GitHub
XSS vulnerability in display.php ยท Issue #138 ยท mkucej/i-librarian
Summary The parameter project is not sanitized, so attackers can poison this parameter and then create a reflected XSS attack. PoC http://domain.tld/display.php?browse[]=all&project=1">...
๐จ CVE-2019-11428
I, Librarian 4.10 has XSS via the export.php export_files parameter.
๐@cveNotify
I, Librarian 4.10 has XSS via the export.php export_files parameter.
๐@cveNotify
GitHub
XSS vulnerability in export.php ยท Issue #139 ยท mkucej/i-librarian
Summary The parameter export_files is not sanitized, so attackers can poison this parameter and then create a reflected XSS attack. POC https://i-librarian.net/demo/export.php?export_files="&g...
๐จ CVE-2023-53321
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211_hwsim: drop short frames
While technically some control frames like ACK are shorter and
end after Address 1, such frames shouldn't be forwarded through
wmediumd or similar userspace, so require the full 3-address
header to avoid accessing invalid memory if shorter frames are
passed in.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211_hwsim: drop short frames
While technically some control frames like ACK are shorter and
end after Address 1, such frames shouldn't be forwarded through
wmediumd or similar userspace, so require the full 3-address
header to avoid accessing invalid memory if shorter frames are
passed in.
๐@cveNotify
๐จ CVE-2023-53322
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Wait for io return on terminate rport
System crash due to use after free.
Current code allows terminate_rport_io to exit before making
sure all IOs has returned. For FCP-2 device, IO's can hang
on in HW because driver has not tear down the session in FW at
first sign of cable pull. When dev_loss_tmo timer pops,
terminate_rport_io is called and upper layer is about to
free various resources. Terminate_rport_io trigger qla to do
the final cleanup, but the cleanup might not be fast enough where it
leave qla still holding on to the same resource.
Wait for IO's to return to upper layer before resources are freed.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Wait for io return on terminate rport
System crash due to use after free.
Current code allows terminate_rport_io to exit before making
sure all IOs has returned. For FCP-2 device, IO's can hang
on in HW because driver has not tear down the session in FW at
first sign of cable pull. When dev_loss_tmo timer pops,
terminate_rport_io is called and upper layer is about to
free various resources. Terminate_rport_io trigger qla to do
the final cleanup, but the cleanup might not be fast enough where it
leave qla still holding on to the same resource.
Wait for IO's to return to upper layer before resources are freed.
๐@cveNotify