Vulnerabilities

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected.<br /> <br /> Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute.  ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.<br /> Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high.

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check<br /> <br /> taprio_parse_tc_entry() is not correctly checking<br /> TCA_TAPRIO_TC_ENTRY_INDEX attribute:<br /> <br /> int tc; // Signed value<br /> <br /> tc = nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]);<br /> if (tc &gt;= TC_QOPT_MAX_QUEUE) {<br /> NL_SET_ERR_MSG_MOD(extack, "TC entry index out of range");<br /> return -ERANGE;<br /> }<br /> <br /> syzbot reported that it could fed arbitary negative values:<br /> <br /> UBSAN: shift-out-of-bounds in net/sched/sch_taprio.c:1722:18<br /> shift exponent -2147418108 is negative<br /> CPU: 0 PID: 5066 Comm: syz-executor367 Not tainted 6.8.0-rc7-syzkaller-00136-gc8a5c731fd12 #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024<br /> Call Trace:<br /> <br /> __dump_stack lib/dump_stack.c:88 [inline]<br /> dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106<br /> ubsan_epilogue lib/ubsan.c:217 [inline]<br /> __ubsan_handle_shift_out_of_bounds+0x3c7/0x420 lib/ubsan.c:386<br /> taprio_parse_tc_entry net/sched/sch_taprio.c:1722 [inline]<br /> taprio_parse_tc_entries net/sched/sch_taprio.c:1768 [inline]<br /> taprio_change+0xb87/0x57d0 net/sched/sch_taprio.c:1877<br /> taprio_init+0x9da/0xc80 net/sched/sch_taprio.c:2134<br /> qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355<br /> tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776<br /> rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6617<br /> netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543<br /> netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]<br /> netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367<br /> netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908<br /> sock_sendmsg_nosec net/socket.c:730 [inline]<br /> __sock_sendmsg+0x221/0x270 net/socket.c:745<br /> ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584<br /> ___sys_sendmsg net/socket.c:2638 [inline]<br /> __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667<br /> do_syscall_64+0xf9/0x240<br /> entry_SYSCALL_64_after_hwframe+0x6f/0x77<br /> RIP: 0033:0x7f1b2dea3759<br /> Code: 48 83 c4 28 c3 e8 d7 19 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48<br /> RSP: 002b:00007ffd4de452f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e<br /> RAX: ffffffffffffffda RBX: 00007f1b2def0390 RCX: 00007f1b2dea3759<br /> RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004<br /> RBP: 0000000000000003 R08: 0000555500000000 R09: 0000555500000000<br /> R10: 0000555500000000 R11: 0000000000000246 R12: 00007ffd4de45340<br /> R13: 00007ffd4de45310 R14: 0000000000000001 R15: 00007ffd4de45340

A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver().

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.