Vulnerabilities

IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 <br /> <br /> stores potentially sensitive authentication token information in log files that could be read by a local user.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sched/core: Prevent rescheduling when interrupts are disabled<br /> <br /> David reported a warning observed while loop testing kexec jump:<br /> <br /> Interrupts enabled after irqrouter_resume+0x0/0x50<br /> WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220<br /> kernel_kexec+0xf6/0x180<br /> __do_sys_reboot+0x206/0x250<br /> do_syscall_64+0x95/0x180<br /> <br /> The corresponding interrupt flag trace:<br /> <br /> hardirqs last enabled at (15573): [] __up_console_sem+0x7e/0x90<br /> hardirqs last disabled at (15580): [] __up_console_sem+0x63/0x90<br /> <br /> That means __up_console_sem() was invoked with interrupts enabled. Further<br /> instrumentation revealed that in the interrupt disabled section of kexec<br /> jump one of the syscore_suspend() callbacks woke up a task, which set the<br /> NEED_RESCHED flag. A later callback in the resume path invoked<br /> cond_resched() which in turn led to the invocation of the scheduler:<br /> <br /> __cond_resched+0x21/0x60<br /> down_timeout+0x18/0x60<br /> acpi_os_wait_semaphore+0x4c/0x80<br /> acpi_ut_acquire_mutex+0x3d/0x100<br /> acpi_ns_get_node+0x27/0x60<br /> acpi_ns_evaluate+0x1cb/0x2d0<br /> acpi_rs_set_srs_method_data+0x156/0x190<br /> acpi_pci_link_set+0x11c/0x290<br /> irqrouter_resume+0x54/0x60<br /> syscore_resume+0x6a/0x200<br /> kernel_kexec+0x145/0x1c0<br /> __do_sys_reboot+0xeb/0x240<br /> do_syscall_64+0x95/0x180<br /> <br /> This is a long standing problem, which probably got more visible with<br /> the recent printk changes. Something does a task wakeup and the<br /> scheduler sets the NEED_RESCHED flag. cond_resched() sees it set and<br /> invokes schedule() from a completely bogus context. The scheduler<br /> enables interrupts after context switching, which causes the above<br /> warning at the end.<br /> <br /> Quite some of the code paths in syscore_suspend()/resume() can result in<br /> triggering a wakeup with the exactly same consequences. They might not<br /> have done so yet, but as they share a lot of code with normal operations<br /> it&amp;#39;s just a question of time.<br /> <br /> The problem only affects the PREEMPT_NONE and PREEMPT_VOLUNTARY scheduling<br /> models. Full preemption is not affected as cond_resched() is disabled and<br /> the preemption check preemptible() takes the interrupt disabled flag into<br /> account.<br /> <br /> Cure the problem by adding a corresponding check into cond_resched().

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> efi: Don&amp;#39;t map the entire mokvar table to determine its size<br /> <br /> Currently, when validating the mokvar table, we (re)map the entire table<br /> on each iteration of the loop, adding space as we discover new entries.<br /> If the table grows over a certain size, this fails due to limitations of<br /> early_memmap(), and we get a failure and traceback:<br /> <br /> ------------[ cut here ]------------<br /> WARNING: CPU: 0 PID: 0 at mm/early_ioremap.c:139 __early_ioremap+0xef/0x220<br /> ...<br /> Call Trace:<br /> <br /> ? __early_ioremap+0xef/0x220<br /> ? __warn.cold+0x93/0xfa<br /> ? __early_ioremap+0xef/0x220<br /> ? report_bug+0xff/0x140<br /> ? early_fixup_exception+0x5d/0xb0<br /> ? early_idt_handler_common+0x2f/0x3a<br /> ? __early_ioremap+0xef/0x220<br /> ? efi_mokvar_table_init+0xce/0x1d0<br /> ? setup_arch+0x864/0xc10<br /> ? start_kernel+0x6b/0xa10<br /> ? x86_64_start_reservations+0x24/0x30<br /> ? x86_64_start_kernel+0xed/0xf0<br /> ? common_startup_64+0x13e/0x141<br /> <br /> ---[ end trace 0000000000000000 ]---<br /> mokvar: Failed to map EFI MOKvar config table pa=0x7c4c3000, size=265187.<br /> <br /> Mapping the entire structure isn&amp;#39;t actually necessary, as we don&amp;#39;t ever<br /> need more than one entry header mapped at once.<br /> <br /> Changes efi_mokvar_table_init() to only map each entry header, not the<br /> entire table, when determining the table size. Since we&amp;#39;re not mapping<br /> any data past the variable name, it also changes the code to enforce<br /> that each variable name is NUL terminated, rather than attempting to<br /> verify it in place.

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1) The attacker has got admin access to a kylin server; 2) Another internal host has the "/kylin/api/xxx/diag" api<br /> <br /> endpoint open for service.<br /> <br /> <br /> This issue affects Apache Kylin: from 5.0.0 <br /> through <br /> <br /> 5.0.1.<br /> <br /> Users are recommended to upgrade to version 5.0.2, which fixes the issue.

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users.

A vulnerability has been found in SourceCodester Food Ordering Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/menus/view_menu.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. <br /> The original vulnerability was being exploited in the wild. <br /> *This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code when drawing graphs, unless the library was used with the `vega-interpreter`. Vega version 5.32.0 and vega-functions version 5.17.0 fix the issue. As a workaround, use `vega` with expression interpreter.

Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.5.

Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in reputeinfosystems ARPrice arprice allows Stored XSS.This issue affects ARPrice: from n/a through