Vulnerabilities

Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts.

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system.

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file.

Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution.

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file.

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file.

An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file.

Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> afs: Fix lock recursion<br /> <br /> afs_wake_up_async_call() can incur lock recursion. The problem is that it<br /> is called from AF_RXRPC whilst holding the -&gt;notify_lock, but it tries to<br /> take a ref on the afs_call struct in order to pass it to a work queue - but<br /> if the afs_call is already queued, we then have an extraneous ref that must<br /> be put... calling afs_put_call() may call back down into AF_RXRPC through<br /> rxrpc_kernel_shutdown_call(), however, which might try taking the<br /> -&gt;notify_lock again.<br /> <br /> This case isn&amp;#39;t very common, however, so defer it to a workqueue. The oops<br /> looks something like:<br /> <br /> BUG: spinlock recursion on CPU#0, krxrpcio/7001/1646<br /> lock: 0xffff888141399b30, .magic: dead4ead, .owner: krxrpcio/7001/1646, .owner_cpu: 0<br /> CPU: 0 UID: 0 PID: 1646 Comm: krxrpcio/7001 Not tainted 6.12.0-rc2-build3+ #4351<br /> Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x47/0x70<br /> do_raw_spin_lock+0x3c/0x90<br /> rxrpc_kernel_shutdown_call+0x83/0xb0<br /> afs_put_call+0xd7/0x180<br /> rxrpc_notify_socket+0xa0/0x190<br /> rxrpc_input_split_jumbo+0x198/0x1d0<br /> rxrpc_input_data+0x14b/0x1e0<br /> ? rxrpc_input_call_packet+0xc2/0x1f0<br /> rxrpc_input_call_event+0xad/0x6b0<br /> rxrpc_input_packet_on_conn+0x1e1/0x210<br /> rxrpc_input_packet+0x3f2/0x4d0<br /> rxrpc_io_thread+0x243/0x410<br /> ? __pfx_rxrpc_io_thread+0x10/0x10<br /> kthread+0xcf/0xe0<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork+0x24/0x40<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork_asm+0x1a/0x30<br />