Vulnerabilities

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.

ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1.<br />

Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don&amp;#39;t fit any of the pre-defined link formats. As the "Custom" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.<br /> <br />

An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.

nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.

SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> x86/fpu: Stop relying on userspace for info to fault in xsave buffer<br /> <br /> Before this change, the expected size of the user space buffer was<br /> taken from fx_sw-&gt;xstate_size. fx_sw-&gt;xstate_size can be changed<br /> from user-space, so it is possible construct a sigreturn frame where:<br /> <br /> * fx_sw-&gt;xstate_size is smaller than the size required by valid bits in<br /> fx_sw-&gt;xfeatures.<br /> * user-space unmaps parts of the sigrame fpu buffer so that not all of<br /> the buffer required by xrstor is accessible.<br /> <br /> In this case, xrstor tries to restore and accesses the unmapped area<br /> which results in a fault. But fault_in_readable succeeds because buf +<br /> fx_sw-&gt;xstate_size is within the still mapped area, so it goes back and<br /> tries xrstor again. It will spin in this loop forever.<br /> <br /> Instead, fault in the maximum size which can be touched by XRSTOR (taken<br /> from fpstate-&gt;user_size).<br /> <br /> [ dhansen: tweak subject / changelog ]

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Revert "kobject: Remove redundant checks for whether ktype is NULL"<br /> <br /> This reverts commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31.<br /> <br /> It is reported to cause problems, so revert it for now until the root<br /> cause can be found.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI/ASPM: Fix deadlock when enabling ASPM<br /> <br /> A last minute revert in 6.7-final introduced a potential deadlock when<br /> enabling ASPM during probe of Qualcomm PCIe controllers as reported by<br /> lockdep:<br /> <br /> ============================================<br /> WARNING: possible recursive locking detected<br /> 6.7.0 #40 Not tainted<br /> --------------------------------------------<br /> kworker/u16:5/90 is trying to acquire lock:<br /> ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc<br /> <br /> but task is already holding lock:<br /> ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc<br /> <br /> other info that might help us debug this:<br /> Possible unsafe locking scenario:<br /> <br /> CPU0<br /> ----<br /> lock(pci_bus_sem);<br /> lock(pci_bus_sem);<br /> <br /> *** DEADLOCK ***<br /> <br /> Call trace:<br /> print_deadlock_bug+0x25c/0x348<br /> __lock_acquire+0x10a4/0x2064<br /> lock_acquire+0x1e8/0x318<br /> down_read+0x60/0x184<br /> pcie_aspm_pm_state_change+0x58/0xdc<br /> pci_set_full_power_state+0xa8/0x114<br /> pci_set_power_state+0xc4/0x120<br /> qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]<br /> pci_walk_bus+0x64/0xbc<br /> qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]<br /> <br /> The deadlock can easily be reproduced on machines like the Lenovo ThinkPad<br /> X13s by adding a delay to increase the race window during asynchronous<br /> probe where another thread can take a write lock.<br /> <br /> Add a new pci_set_power_state_locked() and associated helper functions that<br /> can be called with the PCI bus semaphore held to avoid taking the read lock<br /> twice.

Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.

In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user&amp;#39;s ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03.