Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> rust_binder: call set_notification_done() without proc lock<br /> <br /> Consider the following sequence of events on a death listener:<br /> 1. The remote process dies and sends a BR_DEAD_BINDER message.<br /> 2. The local process invokes the BC_CLEAR_DEATH_NOTIFICATION command.<br /> 3. The local process then invokes the BC_DEAD_BINDER_DONE.<br /> Then, the kernel will reply to the BC_DEAD_BINDER_DONE command with a<br /> BR_CLEAR_DEATH_NOTIFICATION_DONE reply using push_work_if_looper().<br /> <br /> However, this can result in a deadlock if the current thread is not a<br /> looper. This is because dead_binder_done() still holds the proc lock<br /> during set_notification_done(), which called push_work_if_looper().<br /> Normally, push_work_if_looper() takes the thread lock, which is fine to<br /> take under the proc lock. But if the current thread is not a looper,<br /> then it falls back to delivering the reply to the process work queue,<br /> which involves taking the proc lock. Since the proc lock is already<br /> held, this is a deadlock.<br /> <br /> Fix this by releasing the proc lock during set_notification_done(). It<br /> was not intentional that it was held during that function to begin with.<br /> <br /> I don&amp;#39;t think this ever happens in Android because BC_DEAD_BINDER_DONE<br /> is only invoked in response to BR_DEAD_BINDER messages, and the kernel<br /> always delivers BR_DEAD_BINDER to a looper. So there&amp;#39;s no scenario where<br /> Android userspace will call BC_DEAD_BINDER_DONE on a non-looper thread.

A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue.

A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.

A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component Parameter Handler. This manipulation of the argument cos_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The manipulation of the argument cos_id results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.