Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access<br /> <br /> When translating source to sink streams in the crossbar subdev, the<br /> driver tries to locate the remote subdev connected to the sink pad. The<br /> remote pad may be NULL, if userspace tries to enable a stream that ends<br /> at an unconnected crossbar sink. When that occurs, the driver<br /> dereferences the NULL pad, leading to a crash.<br /> <br /> Prevent the crash by checking if the pad is NULL before using it, and<br /> return an error if it is.

Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources.

Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp.

lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h.

lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Exception) at blend_transformed_tiled_argb.isra.0.

lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source.

lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over.

An information disclosure flaw was found in OpenShift&amp;#39;s internal image registry operator. The AZURE_CLIENT_SECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions to obtain pod information from the openshift-image-registry namespace could use this obtained client secret to perform actions as the registry operator&amp;#39;s Azure service account.

A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262489 was assigned to this vulnerability.

Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities https://github.com/phlex-ruby/phlex/security/advisories/GHSA-242p-4v39-2v8g and https://github.com/phlex-ruby/phlex/security/advisories/GHSA-g7xq-xv8c-h98c, we have invested in extensive browser tests. It was these new tests that helped us uncover these issues. As of now the project exercises every possible attack vector the developers can think of — including enumerating every ASCII character, and we run these tests in Chrome, Firefox and Safari. Additionally, we test against a list of 6613 known XSS payloads (see: payloadbox/xss-payload-list). The reason these issues were not detected before is the escapes were working as designed. However, their design didn&amp;#39;t take into account just how recklessly permissive browsers are when it comes to executing unsafe JavaScript via HTML attributes. If you render an `` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. If you splat user-provided attributes when rendering any HTML or SVG tag, malicious event attributes could be included in the output, executing JavaScript when the events are triggered by another user. Patches are available on RubyGems for all minor versions released in the last year. Users are advised to upgrade. Users unable to upgrade should configure a Content Security Policy that does not allow `unsafe-inline` which would effectively prevent this vulnerability from being exploited. Users who upgrade are also advised to configure a Content Security Policy header that does not allow `unsafe-inline`.

In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check (for example, because they agree with the objective but disagree with the technical mechanism, or because they have a different objective).