| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the Haraka worker process. This issue has been patched in version 3.1.4. |
| HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device. |
| Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface. Attackers can exploit this heap overflow to crash the affected device and cause service disruption, particularly in configurations where the Public Spot functionality is enabled. |
| Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions to disrupt service availability. |
| In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report. |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report. |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report. |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report. |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report. |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report. |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report. |
| An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports. |
| OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation. Attackers can exploit differing normalization logic to discard non-portable keys during approval processing while accepting them at execution time, bypassing operator review and potentially influencing runtime behavior including execution of attacker-controlled binaries. |
| In the Linux kernel, the following vulnerability has been resolved:
macvlan: add forgotten nla_policy for IFLA_MACVLAN_BC_CUTOFF
The previous commit 954d1fa1ac93 ("macvlan: Add netlink attribute for
broadcast cutoff") added one additional attribute named
IFLA_MACVLAN_BC_CUTOFF to allow broadcast cutfoff.
However, it forgot to describe the nla_policy at macvlan_policy
(drivers/net/macvlan.c). Hence, this suppose NLA_S32 (4 bytes) integer
can be faked as empty (0 bytes) by a malicious user, which could leads
to OOB in heap just like CVE-2023-3773.
To fix it, this commit just completes the nla_policy description for
IFLA_MACVLAN_BC_CUTOFF. This enforces the length check and avoids the
potential OOB read. |
| An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system. |
| A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide). |
| In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix session use-after-free in multichannel connection
There is a race condition between session setup and
ksmbd_sessions_deregister. The session can be freed before the connection
is added to channel list of session.
This patch check reference count of session before freeing it. |
| A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information. |
