Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.
A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic. Affected by this vulnerability is the function ContactBook::adding of the file ContactBook.cpp. The manipulation leads to improper input validation. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify(). Currently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn't actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients. There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients that are not monitors/witnesses is very low. This vulnerability is fixed in 1.2.0.
A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
An improper input validation vulnerability leads to device crashes in certain ASUS router models. Refer to the '12/03/2024 ASUS Router Improper Input Validation' section on the ASUS Security Advisory for more information.
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users.
Memory corruption while processing API calls to NPU with invalid input.
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.
Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW
A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the component API Endpoint. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the delete_gsuite_key_file endpoint. The issue results from the lack of proper validation of a user-supplied filename prior to using it in file operations. An attacker can leverage this vulnerability to delete critical files on the system. Was ZDI-CAN-25265.
RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processing `dhcpv6_msg_t`. This omission could lead to an out-of-bound read, causing system inconsistency. Additionally, the same lack of a header length check is present in the function `_preparse_advertise`, which is called by `_parse_advertise` before handling the request. As of time of publication, no known patched version exists.
Possible out of bound access in audio module due to lack of validation of user provided input.
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in all software similar to SFTPGo and is generally unrestricted. However, any SFTPGo administrator with permission to run a script has access to the underlying OS/container with the same permissions as the user running SFTPGo. This is unexpected for some SFTPGo administrators who think that there is a clear distinction between accessing the system shell and accessing the SFTPGo WebAdmin UI. To avoid this confusion, running system commands is disabled by default in 2.6.3, and an allow list has been added so that system administrators configuring SFTPGo must explicitly define which commands are allowed to be configured from the WebAdmin UI.
Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0 are affected by a privilege escalation vulnerability when the sudo command bundles feature is enabled. To remediate this vulnerability, upgrade the Okta Privileged Access server agent (SFTD) to version 1.87.1 or greater.
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.
A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to overwrite or list arbitrary files on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to elevate privileges on an affected system. To exploit this vulnerability, an attacker would need to have a valid Administrator account on an affected system. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to an affected system with an Administrator account and creating a malicious file, which the system would parse at a later time. A successful exploit could allow the attacker to obtain root privileges on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to write arbitrary files on the affected system.
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete bounds checks for data that is provided to the vDaemon service of an affected system. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on the affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could allow the attacker to cause the vDaemon listening service to reload and result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the vManage database or the underlying operating system.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain access to sensitive information on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has insufficient input validation for certain commands. An attacker could exploit this vulnerability by sending crafted requests to the affected commands of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain restricted access to the configuration data of the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute commands with root privileges on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash. This vulnerability exists because the PPPoE feature does not properly handle an error condition within a specific crafted packet sequence. An attacker could exploit this vulnerability by sending a sequence of specific PPPoE packets from controlled customer premises equipment (CPE). A successful exploit could allow the attacker to cause the PPPoE process to continually restart, resulting in a denial of service condition (DoS).Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see .
A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.
Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.
Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.
Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access.
Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access.
Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access.
Improper input validation in firmware for some Intel(R) Server M20NTP Family UEFI may allow a privileged user to potentially enable escalation of privilege via local access.
Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access.
Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access.
Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a privileged user to potentially enable escalation of privilege via local access.
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow a privileged user to potentially enable denial of service via local access.
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an unauthenticated user to potentially enable denial of service via network access.
Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
Improper Input Validation in some Intel(R) VROC software before version 8.6.0.2003 may allow an authenticated user to potentially enable denial of service via local access.
Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory.
Microsoft Word Security Feature Bypass Vulnerability