Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()<br /> <br /> The per-netns IP tunnel hash table is protected by the RTNL mutex and<br /> ip_tunnel_find() is only called from the control path where the mutex is<br /> taken.<br /> <br /> Add a lockdep expression to hlist_for_each_entry_rcu() in<br /> ip_tunnel_find() in order to validate that the mutex is held and to<br /> silence the suspicious RCU usage warning [1].<br /> <br /> [1]<br /> WARNING: suspicious RCU usage<br /> 6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted<br /> -----------------------------<br /> net/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!<br /> <br /> other info that might help us debug this:<br /> <br /> rcu_scheduler_active = 2, debug_locks = 1<br /> 1 lock held by ip/362:<br /> #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60<br /> <br /> stack backtrace:<br /> CPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139<br /> Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011<br /> Call Trace:<br /> <br /> dump_stack_lvl+0xba/0x110<br /> lockdep_rcu_suspicious.cold+0x4f/0xd6<br /> ip_tunnel_find+0x435/0x4d0<br /> ip_tunnel_newlink+0x517/0x7a0<br /> ipgre_newlink+0x14c/0x170<br /> __rtnl_newlink+0x1173/0x19c0<br /> rtnl_newlink+0x6c/0xa0<br /> rtnetlink_rcv_msg+0x3cc/0xf60<br /> netlink_rcv_skb+0x171/0x450<br /> netlink_unicast+0x539/0x7f0<br /> netlink_sendmsg+0x8c1/0xd80<br /> ____sys_sendmsg+0x8f9/0xc20<br /> ___sys_sendmsg+0x197/0x1e0<br /> __sys_sendmsg+0x122/0x1f0<br /> do_syscall_64+0xbb/0x1d0<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f

A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges

An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges

Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&amp;action=getFieldTriggerValue&amp;searchField=*&amp;fromTable=HrmResourceManager&amp;whereClause=1%3d1&amp;triggerCondition=1&amp;expression=%3d&amp;fieldValue=1.

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system&amp;#39;s real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3).

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.

The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. <br /> <br /> Exploitation Status:<br /> Versa Networks is not aware of this exploitation in any production systems. A proof of concept exists in the lab environment.<br /> <br /> Workarounds or Mitigation:<br /> Starting with the latest 22.1.4 version of Versa Director, the software will automatically restrict access to the Postgres and HA ports to only the local and peer Versa Directors. For older releases, Versa recommends performing manual hardening of HA ports. Please refer to the following link for the steps https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Secure_HA_Ports <br /> <br /> This vulnerability is not exploitable on Versa Directors if published Firewall guidelines are implemented. We have validated that no Versa-hosted head ends have been affected by this vulnerability. All Versa-hosted head ends are patched and hardened. <br /> <br /> Please contact Versa Technical Support or Versa account team for any further assistance.<br /> <br /> Software Download Links:<br /> 22.1.4: https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1.

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.