389-ds-base: Security Vulnerabilities

CVE-2021-47595 net/sched: sch_ets: don't remove idle classes from the round-robin list

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2)...

CVE-2021-47595 net/sched: sch_ets: don't remove idle classes from the round-robin list

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2)...

CVE-2021-47594 mptcp: never allow the PM to close a listener subflow

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

CVE-2021-47594 mptcp: never allow the PM to close a listener subflow

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

CVE-2021-47588 sit: do not call ipip6_dev_free() from sit_init_net()

In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6_dev_free() from sit_init_net() ipip6_dev_free is sit dev->priv_destructor, already called by register_netdevice() if something goes wrong. Alternative would be to make ipip6_dev_free() robust against...

CVE-2024-38601

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The reader code in rb_get_reader_page() swaps a new reader page into the ring buffer by doing cmpxchg on old->list.prev->next to point it to the new page. Following th...

CVE-2024-38601

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The reader code in rb_get_reader_page() swaps a new reader page into the ring buffer by doing cmpxchg on old->list.prev->next to point it to the new page. Following th...

CVE-2024-38601

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The reader code in rb_get_reader_page() swaps a new reader page into the ring buffer by doing cmpxchg on old->list.prev->next to point it to the new page. Following th...

CVE-2024-38562

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: Avoid address calculations via out of bounds array indexing Before request->channels[] can be used, request->n_channels must be set. Additionally, address calculations for memory after the "channels" array need...

CVE-2024-38567

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th...

CVE-2024-38565

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...

CVE-2024-38567

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint,....

CVE-2024-38567

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint,....

CVE-2024-38562

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: Avoid address calculations via out of bounds array indexing Before request->channels[] can be used, request->n_channels must be set. Additionally, address calculations for memory after the "channels" array need...

CVE-2024-38565

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...

CVE-2024-38562

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: Avoid address calculations via out of bounds array indexing Before request->channels[] can be used, request->n_channels must be set. Additionally, address calculations for memory after the "channels" array need...

CVE-2024-38565

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with...

CVE-2024-38601 ring-buffer: Fix a race between readers and resize checks

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The reader code in rb_get_reader_page() swaps a new reader page into the ring buffer by doing cmpxchg on old->list.prev->next to point it to the new page. Following th...

CVE-2024-38567 wifi: carl9170: add a proper sanity check for endpoints

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint,....

CVE-2024-38565 wifi: ar5523: enable proper endpoint verification

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...

CVE-2024-38565 wifi: ar5523: enable proper endpoint verification

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...

CVE-2024-38562 wifi: nl80211: Avoid address calculations via out of bounds array indexing

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: Avoid address calculations via out of bounds array indexing Before request->channels[] can be used, request->n_channels must be set. Additionally, address calculations for memory after the "channels" array need...

CVE-2024-38562 wifi: nl80211: Avoid address calculations via out of bounds array indexing

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: Avoid address calculations via out of bounds array indexing Before request->channels[] can be used, request->n_channels must be set. Additionally, address calculations for memory after the "channels" array need...

The Hacking of Culture and the Creation of Socio-Technical Debt

Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...

Security Bulletin: A vulnerability in Transparent Cloud Tiering affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in netty-codec-http affects the Transparent Cloud Tiering function in IBM Storage Virtualize products. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the lsvolumebackup CLI command - if there is no output, then this feature is not.....

Security Bulletin: Vulnerabilities in Transparent Cloud Tiering affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in netty-codec-http2 and commons-compress affect the Transparent Cloud Tiering function in IBM Storage Virtualize products. CVE-2023-44487, CVE-2024-25710, CVE-2024-26308. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues due to Apache Commons Configuration and Fasterxml jackson-databind

Summary There are vulnerabilities in Apache Commons Configuration and Fasterxml jackson-databind used by Install Agent, Integrated File Agent and Integrated Web Services in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the...

Ubuntu 22.04 LTS : Linux kernel (HWE) vulnerabilities (USN-6818-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by security flaws in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json. The flaws can lead to server-side request forgery, bypass of security...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser, and Data Protection for VMware. The flaws can lead to server-side request forgery,...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery, bypass of security restrictions, denial of service, and arbitrary.....

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2 Vulnerability Details ** CVEID: CVE-2018-1000134 DESCRIPTION: **Ping Identity UnboundID LDAP SDK could allow a remote attacker...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3 Vulnerability Details ** CVEID: CVE-2022-46364 DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused...

Helpful tools to get started in IoT Assessments

The Internet of Things (IoT) can be a daunting field to get into. With many different tools and products available on the market it can be confusing to even know where to start. Having performed dozens of IoT assessments, I felt it would be beneficial to compile a basic list of items that are...

RAD Data Communications SecFlow-2

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: RAD Data Communications Equipment: SecFlow-2 Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their...

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their...

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their...

CVE-2024-5953 389-ds-base: malformed userpassword hash may cause denial of service

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their...

CVE-2024-5953 389-ds-base: malformed userpassword hash may cause denial of service

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their...

Sensitive Information Disclosure

@lobehub/chat is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure handling of the base URL in the frontend, allowing an attacker to modify it to their own attack URL. The attacker can then set up a server-side request to obtain the real backend API...

[SECURITY] Fedora 39 Update: mariadb-10.5.25-1.fc39

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon (mariadbd) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs....

Fedora: Security Advisory for mariadb (FEDORA-2024-d61bffd77f)

The remote host is missing an update for...

KLA68998 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Dawn can be exploited to cause denial of service or execute...

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. Bugs ...

JVN#65171386: Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR

ID Link Manager and FUJITSU Software TIME CREATOR provided by Fsas Technologies Inc. contain multiple vulnerabilities listed below. Path Traversal (CWE-36) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Base Score 8.6 CVE-2024-33620 Missing Authentication (CWE-306)...

JVN#00442488: Multiple vulnerabilities in Ricoh Streamline NX PC Client

Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. Improper restriction of communication channel to intended endpoints (CWE-923) CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 6.3 CVE-2024-36252 ricoh-2024-000004 Use of...

Lobe Chat API Key Leak

Summary If an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. Details The attack process is described above. PoC Frontend: 1. Pass basic.....

Lobe Chat API Key Leak

Summary If an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. Details The attack process is described above. PoC Frontend: 1. Pass basic.....

DeepJavaLibrary API absolute path traversal

Summary DeepJavaLibrary(DJL) versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers 0.27.0. Impacted versions:...