Vulnerabilities

An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.

An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control policies.

Description<br /> <br /> In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input.<br /> <br /> Specifically, an application is vulnerable when all the following are true:<br /> <br /> * The header is prepared with org.springframework.http.ContentDisposition.<br /> * The filename is set via ContentDisposition.Builder#filename(String, Charset).<br /> * The value for the filename is derived from user-supplied input.<br /> * The application does not sanitize the user-supplied input.<br /> * The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details).<br /> <br /> <br /> An application is not vulnerable if any of the following is true:<br /> <br /> * The application does not set a “Content-Disposition” response header.<br /> * The header is not prepared with org.springframework.http.ContentDisposition.<br /> * The filename is set via one of: * ContentDisposition.Builder#filename(String), or<br /> * ContentDisposition.Builder#filename(String, ASCII)<br /> <br /> <br /> <br /> * The filename is not derived from user-supplied input.<br /> * The filename is derived from user-supplied input but sanitized by the application.<br /> * The attacker cannot inject malicious content in the downloaded content of the response.<br /> <br /> <br /> Affected Spring Products and VersionsSpring Framework:<br /> <br /> * 6.2.0 - 6.2.7<br /> * 6.1.0 - 6.1.20<br /> * 6.0.5 - 6.0.28<br /> * Older, unsupported versions are not affected<br /> <br /> <br /> MitigationUsers of affected versions should upgrade to the corresponding fixed version.<br /> <br /> Affected version(s)Fix versionAvailability6.2.x6.2.8OSS6.1.x6.1.21OSS6.0.x6.0.29 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary.<br /> <br /> <br /> CWE-113 in `Content-Disposition` handling in VMware Spring Framework versions 6.0.5 to 6.2.7 allows remote attackers to launch Reflected File Download (RFD) attacks via unsanitized user input in `ContentDisposition.Builder#filename(String, Charset)` with non-ASCII charsets.

Description:<br /> <br /> VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response  with a maximum CVSSv3 base score of 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N .<br /> <br /> Known Attack Vectors:<br /> <br /> An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.<br /> <br /> Resolution:<br /> <br /> To remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the &amp;#39;Fixed Version&amp;#39; column of the &amp;#39;Response Matrix&amp;#39; found below.<br /> <br /> Workarounds:<br /> <br /> None.<br /> <br /> Additional Documentation:<br /> <br /> None.<br /> <br /> Acknowledgements:<br /> <br /> VMware would like to thank Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/  for reporting this issue to us.<br /> <br /> Notes:<br /> <br /> None.<br /> <br />  <br /> <br /> Response Matrix:<br /> <br /> ProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 31.1.1-2p2 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html NoneNone<br /> <br /> CWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access.

yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.

PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.

Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

A username and password are required to authenticate to the central <br /> SinoTrack device management interface. The username for all devices is <br /> an identifier printed on the receiver. The default password is <br /> well-known and common to all devices. Modification of the default <br /> password is not enforced during device setup. A malicious actor can <br /> retrieve device identifiers with either physical access or by capturing <br /> identifiers from pictures of the devices posted on publicly accessible <br /> websites such as eBay.

User names used to access the web management interface are limited to <br /> the device identifier, which is a numerical identifier no more than 10 <br /> digits. A malicious actor can enumerate potential targets by <br /> incrementing or decrementing from known identifiers or through <br /> enumerating random digit sequences.

Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. <br /> <br /> When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.<br /> <br /> We recommend customers discontinue usage of any remaining Amazon Cloud Cams.

A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 <br /> SP1 and prior that, if exploited, could allow an authenticated attacker <br /> (with privileges to create/update annotations or upload media files) to <br /> persist arbitrary JavaScript code that will be executed by users who <br /> were socially engineered to disable content security policy protections <br /> while rendering annotation attachments from within a web browser.

AVEVA PI Data Archive products <br /> are vulnerable to an uncaught exception that, if exploited, could allow <br /> an authenticated user to shut down certain necessary PI Data Archive <br /> subsystems, resulting in a denial of service.