Vulnerabilities

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABB CoreSense™ HM, ABB CoreSense™ M10.This issue affects CoreSense™ HM: through 2.3.1; CoreSense™ M10: through 1.4.1.12.

An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoDB Server version 8.2.0.

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses from the oatpp-mcp server.

Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . <br /> <br /> All firmware versions with the Serial Number from 2000 to 5166

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter from a POST request is embedded into PHP tags and executed. Proper sanitization is not performed, and by injecting malicious code an attacker can execute arbitrary PHP code. This allows an attacker to achieve RCE. This issue has been resolved in version 5.5.2 #147.

Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain restrictions on users privately connecting serial port cables" and because "the root user has a password and it meets the requirements of password security complexity."

In Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000, there is an improper access control vulnerability related to a log file.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ASoC: qcom: audioreach: fix potential null pointer dereference<br /> <br /> It is possible that the topology parsing function<br /> audioreach_widget_load_module_common() could return NULL or an error<br /> pointer. Add missing NULL check so that we do not dereference it.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: stm32-csi: Fix dereference before NULL check<br /> <br /> In &amp;#39;stm32_csi_start&amp;#39;, &amp;#39;csidev-&gt;s_subdev&amp;#39; is dereferenced directly while<br /> assigning a value to the &amp;#39;src_pad&amp;#39;. However the same value is being<br /> checked against NULL at a later point of time indicating that there<br /> are chances that the value can be NULL.<br /> <br /> Move the dereference after the NULL check.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID<br /> <br /> Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero<br /> unique ID.<br /> <br /> ```<br /> Each Unit and Terminal within the video function is assigned a unique<br /> identification number, the Unit ID (UID) or Terminal ID (TID), contained in<br /> the bUnitID or bTerminalID field of the descriptor. The value 0x00 is<br /> reserved for undefined ID,<br /> ```<br /> <br /> If we add a new entity with id 0 or a duplicated ID, it will be marked<br /> as UVC_INVALID_ENTITY_ID.<br /> <br /> In a previous attempt commit 3dd075fe8ebb ("media: uvcvideo: Require<br /> entities to have a non-zero unique ID"), we ignored all the invalid units,<br /> this broke a lot of non-compatible cameras. Hopefully we are more lucky<br /> this time.<br /> <br /> This also prevents some syzkaller reproducers from triggering warnings due<br /> to a chain of entities referring to themselves. In one particular case, an<br /> Output Unit is connected to an Input Unit, both with the same ID of 1. But<br /> when looking up for the source ID of the Output Unit, that same entity is<br /> found instead of the input entity, which leads to such warnings.<br /> <br /> In another case, a backward chain was considered finished as the source ID<br /> was 0. Later on, that entity was found, but its pads were not valid.<br /> <br /> Here is a sample stack trace for one of those cases.<br /> <br /> [ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd<br /> [ 20.830206] usb 1-1: Using ep0 maxpacket: 8<br /> [ 20.833501] usb 1-1: config 0 descriptor??<br /> [ 21.038518] usb 1-1: string descriptor 0 read error: -71<br /> [ 21.038893] usb 1-1: Found UVC 0.00 device (2833:0201)<br /> [ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!<br /> [ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!<br /> [ 21.042218] ------------[ cut here ]------------<br /> [ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0<br /> [ 21.043195] Modules linked in:<br /> [ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444<br /> [ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014<br /> [ 21.044639] Workqueue: usb_hub_wq hub_event<br /> [ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0<br /> [ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00<br /> [ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246<br /> [ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1<br /> [ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290<br /> [ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000<br /> [ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003<br /> [ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000<br /> [ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000<br /> [ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0<br /> [ 21.051136] PKRU: 55555554<br /> [ 21.051331] Call Trace:<br /> [ 21.051480] <br /> [ 21.051611] ? __warn+0xc4/0x210<br /> [ 21.051861] ? media_create_pad_link+0x2c4/0x2e0<br /> [ 21.052252] ? report_bug+0x11b/0x1a0<br /> [ 21.052540] ? trace_hardirqs_on+0x31/0x40<br /> [ 21.052901] ? handle_bug+0x3d/0x70<br /> [ 21.053197] ? exc_invalid_op+0x1a/0x50<br /> [ 21.053511] ? asm_exc_invalid_op+0x1a/0x20<br /> [ 21.053924] ? media_create_pad_link+0x91/0x2e0<br /> [ 21.054364] ? media_create_pad_link+0x2c4/0x2e0<br /> [ 21.054834] ? media_create_pad_link+0x91/0x2e0<br /> [ 21.055131] ? _raw_spin_unlock+0x1e/0x40<br /> [ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210<br /> [ 21.055837] uvc_mc_register_entities+0x358/0x400<br /> [ 21.056144] uvc_register_chains+0x1<br /> ---truncated---