Vulnerabilities

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.

<br /> The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.<br /> <br />

An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers.

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Wake DMCUB before sending a command<br /> <br /> [Why]<br /> We can hang in place trying to send commands when the DMCUB isn&amp;#39;t<br /> powered on.<br /> <br /> [How]<br /> For functions that execute within a DC context or DC lock we can<br /> wrap the direct calls to dm_execute_dmub_cmd/list with code that<br /> exits idle power optimizations and reallows once we&amp;#39;re done with<br /> the command submission on success.<br /> <br /> For DM direct submissions the DM will need to manage the enter/exit<br /> sequencing manually.<br /> <br /> We cannot invoke a DMCUB command directly within the DM execution<br /> helper or we can deadlock.

A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.

Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example.<br /> By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/bridge: sii902x: Fix probing race issue<br /> <br /> A null pointer dereference crash has been observed rarely on TI<br /> platforms using sii9022 bridge:<br /> <br /> [ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x]<br /> [ 53.276066] sii902x_bridge_get_edid+0x14/0x20 [sii902x]<br /> [ 53.281381] drm_bridge_get_edid+0x20/0x34 [drm]<br /> [ 53.286305] drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper]<br /> [ 53.292955] drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_helper]<br /> [ 53.300510] drm_client_modeset_probe+0x1f0/0xbd4 [drm]<br /> [ 53.305958] __drm_fb_helper_initial_config_and_unlock+0x50/0x510 [drm_kms_helper]<br /> [ 53.313611] drm_fb_helper_initial_config+0x48/0x58 [drm_kms_helper]<br /> [ 53.320039] drm_fbdev_dma_client_hotplug+0x84/0xd4 [drm_dma_helper]<br /> [ 53.326401] drm_client_register+0x5c/0xa0 [drm]<br /> [ 53.331216] drm_fbdev_dma_setup+0xc8/0x13c [drm_dma_helper]<br /> [ 53.336881] tidss_probe+0x128/0x264 [tidss]<br /> [ 53.341174] platform_probe+0x68/0xc4<br /> [ 53.344841] really_probe+0x188/0x3c4<br /> [ 53.348501] __driver_probe_device+0x7c/0x16c<br /> [ 53.352854] driver_probe_device+0x3c/0x10c<br /> [ 53.357033] __device_attach_driver+0xbc/0x158<br /> [ 53.361472] bus_for_each_drv+0x88/0xe8<br /> [ 53.365303] __device_attach+0xa0/0x1b4<br /> [ 53.369135] device_initial_probe+0x14/0x20<br /> [ 53.373314] bus_probe_device+0xb0/0xb4<br /> [ 53.377145] deferred_probe_work_func+0xcc/0x124<br /> [ 53.381757] process_one_work+0x1f0/0x518<br /> [ 53.385770] worker_thread+0x1e8/0x3dc<br /> [ 53.389519] kthread+0x11c/0x120<br /> [ 53.392750] ret_from_fork+0x10/0x20<br /> <br /> The issue here is as follows:<br /> <br /> - tidss probes, but is deferred as sii902x is still missing.<br /> - sii902x starts probing and enters sii902x_init().<br /> - sii902x calls drm_bridge_add(). Now the sii902x bridge is ready from<br /> DRM&amp;#39;s perspective.<br /> - sii902x calls sii902x_audio_codec_init() and<br /> platform_device_register_data()<br /> - The registration of the audio platform device causes probing of the<br /> deferred devices.<br /> - tidss probes, which eventually causes sii902x_bridge_get_edid() to be<br /> called.<br /> - sii902x_bridge_get_edid() tries to use the i2c to read the edid.<br /> However, the sii902x driver has not set up the i2c part yet, leading<br /> to the crash.<br /> <br /> Fix this by moving the drm_bridge_add() to the end of the<br /> sii902x_init(), which is also at the very end of sii902x_probe().

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts&amp;#39; contents via carefully timed post creation while another user deletes posts.<br /> <br />

Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts&amp;#39; contents in channels they are not a member of.<br /> <br />