Vulnerabilities

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags (e.g., -w, -q) via the q parameter. This can be exploited to cause a Denial of Service (DoS) by exhausting system resources.

An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem

A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account.

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation.<br /> This vulnerability can only be exploited after authenticating with administrator privileges.

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption.<br /> This vulnerability can only be exploited after authenticating with administrator privileges.

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.

2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod&amp;#39;s logs.

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. <br /> This vulnerability can only be exploited after authenticating with administrator privileges.

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the<br /> privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any &amp;#39;root_squash&amp;#39; or &amp;#39;all_squash&amp;#39; attributes that would normally be expected to apply to that client.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fbdev: smscufx: properly copy ioctl memory to kernelspace<br /> <br /> The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from<br /> userspace to kernelspace, and instead directly references the memory,<br /> which can cause problems if invalid data is passed from userspace. Fix<br /> this all up by correctly copying the memory before accessing it within<br /> the kernel.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> platform/x86: classmate-laptop: Add missing NULL pointer checks<br /> <br /> In a few places in the Classmate laptop driver, code using the accel<br /> object may run before that object&amp;#39;s address is stored in the driver<br /> data of the input device using it.<br /> <br /> For example, cmpc_accel_sensitivity_store_v4() is the "show" method<br /> of cmpc_accel_sensitivity_attr_v4 which is added in cmpc_accel_add_v4(),<br /> before calling dev_set_drvdata() for inputdev-&gt;dev. If the sysfs<br /> attribute is accessed prematurely, the dev_get_drvdata(&amp;inputdev-&gt;dev)<br /> call in in cmpc_accel_sensitivity_store_v4() returns NULL which<br /> leads to a NULL pointer dereference going forward.<br /> <br /> Moreover, sysfs attributes using the input device are added before<br /> initializing that device by cmpc_add_acpi_notify_device() and if one<br /> of them is accessed before running that function, a NULL pointer<br /> dereference will occur.<br /> <br /> For example, cmpc_accel_sensitivity_attr_v4 is added before calling<br /> cmpc_add_acpi_notify_device() and if it is read prematurely, the<br /> dev_get_drvdata(&amp;acpi-&gt;dev) call in cmpc_accel_sensitivity_show_v4()<br /> returns NULL which leads to a NULL pointer dereference going forward.<br /> <br /> Fix this by adding NULL pointer checks in all of the relevant places.