Vulnerabilities

Rejected reason: This CVE id was assigned but later discarded.

Rejected reason: This CVE id was assigned but later discarded.

eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.

Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function.

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.

An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Rejected reason: This CVE id was assigned but later discarded.

FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences.

Rejected reason: This CVE id was assigned to an issue which was later deemed not security relevant.

Rejected reason: This CVE id was assigned to an issue which was later deemed not security relevant.

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in TechStore version 1.0. The user_name endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> team: Move team device type change at the end of team_port_add<br /> <br /> Attempting to add a port device that is already up will expectedly fail,<br /> but not before modifying the team device header_ops.<br /> <br /> In the case of the syzbot reproducer the gre0 device is<br /> already in state UP when it attempts to add it as a<br /> port device of team0, this fails but before that<br /> header_ops-&gt;create of team0 is changed from eth_header to ipgre_header<br /> in the call to team_dev_type_check_change.<br /> <br /> Later when we end up in ipgre_header() struct ip_tunnel* points to nonsense<br /> as the private data of the device still holds a struct team.<br /> <br /> Example sequence of iproute2 commands to reproduce the hang/BUG():<br /> ip link add dev team0 type team<br /> ip link add dev gre0 type gre<br /> ip link set dev gre0 up<br /> ip link set dev gre0 master team0<br /> ip link set dev team0 up<br /> ping -I team0 1.1.1.1<br /> <br /> Move team_dev_type_check_change down where all other checks have passed<br /> as it changes the dev type with no way to restore it in case<br /> one of the checks that follow it fail.<br /> <br /> Also make sure to preserve the origial mtu assignment:<br /> - If port_dev is not the same type as dev, dev takes mtu from port_dev<br /> - If port_dev is the same type as dev, port_dev takes mtu from dev<br /> <br /> This is done by adding a conditional before the call to dev_set_mtu<br /> to prevent it from assigning port_dev-&gt;mtu = dev-&gt;mtu and instead<br /> letting team_dev_type_check_change assign dev-&gt;mtu = port_dev-&gt;mtu.<br /> The conditional is needed because the patch moves the call to<br /> team_dev_type_check_change past dev_set_mtu.<br /> <br /> Testing:<br /> - team device driver in-tree selftests<br /> - Add/remove various devices as slaves of team device<br /> - syzbot