Vulnerabilities

Microsoft Common Log File System Elevation of Privilege Vulnerability

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2024-0193.

In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible.

In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users.

Issue summary: The POLY1305 MAC (message authentication code) implementation<br /> contains a bug that might corrupt the internal state of applications running<br /> on PowerPC CPU based platforms if the CPU provides vector instructions.<br /> <br /> Impact summary: If an attacker can influence whether the POLY1305 MAC<br /> algorithm is used, the application state might be corrupted with various<br /> application dependent consequences.<br /> <br /> The POLY1305 MAC (message authentication code) implementation in OpenSSL for<br /> PowerPC CPUs restores the contents of vector registers in a different order<br /> than they are saved. Thus the contents of some of these vector registers<br /> are corrupted when returning to the caller. The vulnerable code is used only<br /> on newer PowerPC processors supporting the PowerISA 2.07 instructions.<br /> <br /> The consequences of this kind of internal application state corruption can<br /> be various - from no consequences, if the calling application does not<br /> depend on the contents of non-volatile XMM registers at all, to the worst<br /> consequences, where the attacker could get complete control of the application<br /> process. However unless the compiler uses the vector registers for storing<br /> pointers, the most likely consequence, if any, would be an incorrect result<br /> of some application dependent calculations or a crash leading to a denial of<br /> service.<br /> <br /> The POLY1305 MAC algorithm is most frequently used as part of the<br /> CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)<br /> algorithm. The most common usage of this AEAD cipher is with TLS protocol<br /> versions 1.2 and 1.3. If this cipher is enabled on the server a malicious<br /> client can influence whether this AEAD cipher is used. This implies that<br /> TLS server applications using OpenSSL can be potentially impacted. However<br /> we are currently not aware of any concrete application that would be affected<br /> by this issue therefore we consider this a Low severity security issue.

A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.