CVE Database

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consider the partial mapping offset. This can cause page fault access. Fix the calculation of the starting and ending addresses, the total size is now deduced from the difference between the end and start addresses. Additionally, the calculations have been rewritten in a clearer and more understandable form. [Joonas: Add Requires: tag] Requires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset") (cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417)

Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access.

Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.

Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access.

Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.

Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local access.

Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access.

Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper conditions check in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access.

Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access.

Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access.

Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Out of bounds read in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.15-0, bhs-0.27 may allow a privileged user to potentially enable information disclosure via local access.

Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access.

Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.

Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access.

Uncaught exception in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.14-0, bhs-0.27 may allow an authenticated user to potentially enable denial of service via network access.

Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access.

The Sheet to Table Live Sync for Google Sheet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STWT_Sheet_Table shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with contributor access or higher, to upload arbitrary files on the affected site's server which may make remote code execution possible.

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.

The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server.

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.   However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. This impacts anyone using the `bearertokenauth` server authenticator. Malicious clients with network access to the collector may perform a timing attack against a collector with this authenticator to guess the configured token, by iteratively sending tokens and comparing the response time. This would allow an attacker to introduce fabricated or bad data into the collector's telemetry pipeline. The observable timing vulnerability was fixed by using constant-time comparison in 0.107.0

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration.

A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. The application loads shared libraries, which are readable and writable by any user. If exploited, a malicious user could leverage a malicious dll and perform a remote code execution attack.

Windows Mark of the Web Security Feature Bypass Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Microsoft Project Remote Code Execution Vulnerability

Scripting Engine Memory Corruption Vulnerability

Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack.

In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service.

In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL).

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an unauthenticated attacker with physical access to the phone to conduct an argument injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers.

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.