Vulnerabilities

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Wake DMCUB before sending a command<br /> <br /> [Why]<br /> We can hang in place trying to send commands when the DMCUB isn&amp;#39;t<br /> powered on.<br /> <br /> [How]<br /> For functions that execute within a DC context or DC lock we can<br /> wrap the direct calls to dm_execute_dmub_cmd/list with code that<br /> exits idle power optimizations and reallows once we&amp;#39;re done with<br /> the command submission on success.<br /> <br /> For DM direct submissions the DM will need to manage the enter/exit<br /> sequencing manually.<br /> <br /> We cannot invoke a DMCUB command directly within the DM execution<br /> helper or we can deadlock.

A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.

Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example.<br /> By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/bridge: sii902x: Fix probing race issue<br /> <br /> A null pointer dereference crash has been observed rarely on TI<br /> platforms using sii9022 bridge:<br /> <br /> [ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x]<br /> [ 53.276066] sii902x_bridge_get_edid+0x14/0x20 [sii902x]<br /> [ 53.281381] drm_bridge_get_edid+0x20/0x34 [drm]<br /> [ 53.286305] drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper]<br /> [ 53.292955] drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_helper]<br /> [ 53.300510] drm_client_modeset_probe+0x1f0/0xbd4 [drm]<br /> [ 53.305958] __drm_fb_helper_initial_config_and_unlock+0x50/0x510 [drm_kms_helper]<br /> [ 53.313611] drm_fb_helper_initial_config+0x48/0x58 [drm_kms_helper]<br /> [ 53.320039] drm_fbdev_dma_client_hotplug+0x84/0xd4 [drm_dma_helper]<br /> [ 53.326401] drm_client_register+0x5c/0xa0 [drm]<br /> [ 53.331216] drm_fbdev_dma_setup+0xc8/0x13c [drm_dma_helper]<br /> [ 53.336881] tidss_probe+0x128/0x264 [tidss]<br /> [ 53.341174] platform_probe+0x68/0xc4<br /> [ 53.344841] really_probe+0x188/0x3c4<br /> [ 53.348501] __driver_probe_device+0x7c/0x16c<br /> [ 53.352854] driver_probe_device+0x3c/0x10c<br /> [ 53.357033] __device_attach_driver+0xbc/0x158<br /> [ 53.361472] bus_for_each_drv+0x88/0xe8<br /> [ 53.365303] __device_attach+0xa0/0x1b4<br /> [ 53.369135] device_initial_probe+0x14/0x20<br /> [ 53.373314] bus_probe_device+0xb0/0xb4<br /> [ 53.377145] deferred_probe_work_func+0xcc/0x124<br /> [ 53.381757] process_one_work+0x1f0/0x518<br /> [ 53.385770] worker_thread+0x1e8/0x3dc<br /> [ 53.389519] kthread+0x11c/0x120<br /> [ 53.392750] ret_from_fork+0x10/0x20<br /> <br /> The issue here is as follows:<br /> <br /> - tidss probes, but is deferred as sii902x is still missing.<br /> - sii902x starts probing and enters sii902x_init().<br /> - sii902x calls drm_bridge_add(). Now the sii902x bridge is ready from<br /> DRM&amp;#39;s perspective.<br /> - sii902x calls sii902x_audio_codec_init() and<br /> platform_device_register_data()<br /> - The registration of the audio platform device causes probing of the<br /> deferred devices.<br /> - tidss probes, which eventually causes sii902x_bridge_get_edid() to be<br /> called.<br /> - sii902x_bridge_get_edid() tries to use the i2c to read the edid.<br /> However, the sii902x driver has not set up the i2c part yet, leading<br /> to the crash.<br /> <br /> Fix this by moving the drm_bridge_add() to the end of the<br /> sii902x_init(), which is also at the very end of sii902x_probe().

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts&amp;#39; contents via carefully timed post creation while another user deletes posts.<br /> <br />

Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts&amp;#39; contents in channels they are not a member of.<br /> <br />

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.<br /> <br />

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.<br /> <br /> Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.<br /> <br />

Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions.

Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server<br /> <br />