SCALANCE XR526-8C, 24V (L3 Int.) Security Vulnerabilities

CVE-2022-48665

In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 bytes and partition capacity is larger than...

CVE-2022-48657

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as unsigned int, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency.....

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync...

Fedora 37 : postgresql-jdbc (2023-42d6ba9bd6)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-42d6ba9bd6 advisory. pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setText(int, InputStream) or...

CVE-2022-48665

In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 bytes and partition capacity is larger than...

CVE-2022-48665

In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 bytes and partition capacity is larger than...

CVE-2022-48665

In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 bytes and partition capacity is larger than...

CVE-2022-48644

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, not exclusively since commit 87b60cfacf9f....

CVE-2022-48657

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as unsigned int, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max...

CVE-2022-48657

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as unsigned int, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency.....

CVE-2022-48644

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, not exclusively since commit 87b60cfacf9f....

CVE-2022-48644

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, not exclusively since commit 87b60cfacf9f....

CVE-2022-48657

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as unsigned int, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency.....

CVE-2022-48665 exfat: fix overflow for large capacity partition

In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 bytes and partition capacity is larger than...

CVE-2022-48665 exfat: fix overflow for large capacity partition

In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 bytes and partition capacity is larger than...

CVE-2022-48657 arm64: topology: fix possible overflow in amu_fie_setup()

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as unsigned int, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency.....

CVE-2022-48657 arm64: topology: fix possible overflow in amu_fie_setup()

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as unsigned int, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency.....

CVE-2022-48644 net/sched: taprio: avoid disabling offload when it was never enabled

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, not exclusively since commit 87b60cfacf9f....

CVE-2022-48665

In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 bytes and partition capacity is larger than...

RHEL 8 : Satellite 6.12.3 Async Security Update (Important) (RHSA-2023:1630)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1630 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

RHEL 8 : Red Hat Virtualization (RHSA-2023:0759)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0759 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java...

CVE-2022-48644

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, not exclusively since commit 87b60cfacf9f....

CVE-2022-48657

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as unsigned int, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency.....

RHEL 5 / 6 : JBoss Enterprise Web Platform 5.1.1 update (Important) (RHSA-2011:0945)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0945 advisory. JBoss Seam EL interpolation in exception handling (CVE-2011-2196) Note that Nessus has not tested for this issue but has instead relied only on...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Speex [CVE-2020-23903]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Speex, caused by a divide-by-zero vulnerability in the function static int read_samples [CVE-2020-23903]. Speex is used in our Speech Services runtimes. This vulnerabilitiy has been...

Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1935 Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability April 25, 2024 CVE Number CVE-2024-22373 SUMMARY An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu...

Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-1944 Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability April 25, 2024 CVE Number CVE-2024-25569 SUMMARY An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A...

Grassroot DICOM LookupTable::SetLUT out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1924 Grassroot DICOM LookupTable::SetLUT out-of-bounds write vulnerability April 25, 2024 CVE Number CVE-2024-22391 SUMMARY A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23......

openSUSE: Security Advisory for apache (SUSE-SU-2024:1377-1)

The remote host is missing an update for...

pyLoad allows upload to arbitrary folder lead to RCE

Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/app_blueprint.py python @bp.route("/render/<path:filename>", endpoint="render") de...

pyLoad allows upload to arbitrary folder lead to RCE

Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/app_blueprint.py python @bp.route("/render/<path:filename>", endpoint="render") de...

CosmWasm affected by arithmetic overflows

Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations. Affected functions: Uint{256,512}::pow / Int{256,512}::pow Int{256,512}::neg Affected if...

CosmWasm affected by arithmetic overflows

Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations. Affected functions: Uint{256,512}::pow / Int{256,512}::pow Int{256,512}::neg Affected if...

Arithmetic overflows in cosmwasm-std

Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations. Affected functions: Uint{256,512}::pow / Int{256,512}::pow Int{256,512}::neg Affected if...

openSUSE: Security Advisory for apache (SUSE-SU-2024:1365-1)

The remote host is missing an update for...

GitLens Git Local Configuration Execution Exploit

GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows...

GitLens Git Local Configuration Execution

...

JADX file override vulnerability

Summary when jadx parses a resource file, there is an escape problem with the style file, which can overwrite other files in the directory when saving the decompile result. Although I don't think this vulnerability realizes path traversal in the true sense of the word , I reported it anyway...

JADX file override vulnerability

Summary when jadx parses a resource file, there is an escape problem with the style file, which can overwrite other files in the directory when saving the decompile result. Although I don't think this vulnerability realizes path traversal in the true sense of the word , I reported it anyway...

WordPress LayerSlider Plugin: SQL Injection Vulnerability

On March 25th, 2024, a critical security vulnerability was discovered in the LayerSlider plugin for WordPress, marked as CVE-2024-2879. The plugins have more than 10 lakh active installations. This flaw, rated with a CVSS score of 7.5 out of 10.0, is identified as an SQL injection vulnerability...

Ransomware Double-Dip: Re-Victimization in Cyber Extortion

**Between crossovers - Do threat actors play dirty or desperate? ** In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether....

Denial of Service Vulnerability in Rustls Library

Summary rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call complete_io and are not affected. rustls::Stream and...

Denial of Service Vulnerability in Rustls Library

Summary rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call complete_io and are not affected. rustls::Stream and...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1322-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1322-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1321-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1321-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...

NewStart CGSL CORE 5.04 / MAIN 5.04 : git Multiple Vulnerabilities (NS-SA-2024-0015)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by multiple vulnerabilities: Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by...

CVE-2024-26902

In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned long overflowed_ctrs, use BIT() instead. This panic happens when running 'perf record -e branches' on sophgo sg2042...

CVE-2024-26842

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() When task_tag >= 32 (in MCQ mode) and sizeof(unsigned int) == 4, 1U << task_tag will out of bounds for a u32 mask. Fix this up to prevent SHIFT_ISSUE (bitwise shifts t...

CVE-2024-26902

In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned long overflowed_ctrs, use BIT() instead. This panic happens when running 'perf record -e branches' on sophgo sg2042...

CVE-2024-26902

In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned long overflowed_ctrs, use BIT() instead. This panic happens when running 'perf record -e branches' on sophgo sg2042...