Vulnerabilities

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function.

<br /> CWE-287: Improper Authentication may allow Authentication Bypass<br /> <br />

<br /> Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: &amp;#39;Path Traversal&amp;#39; may allow RCE<br /> <br />

<br /> Unitronics Unistream Unilogic – Versions prior to 1.35.227 - <br /> <br /> CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices<br /> <br />

<br /> Unitronics Unistream Unilogic – Versions prior to 1.35.227 - <br /> <br /> CWE-23: Relative Path Traversal<br /> <br />

<br /> Unitronics Unistream Unilogic – Versions prior to 1.35.227 -<br /> <br /> CWE-22: &amp;#39;Path Traversal&amp;#39; may allow RCE<br /> <br />

A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function.

A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tcp: add sanity checks to rx zerocopy<br /> <br /> TCP rx zerocopy intent is to map pages initially allocated<br /> from NIC drivers, not pages owned by a fs.<br /> <br /> This patch adds to can_map_frag() these additional checks:<br /> <br /> - Page must not be a compound one.<br /> - page-&gt;mapping must be NULL.<br /> <br /> This fixes the panic reported by ZhangPeng.<br /> <br /> syzbot was able to loopback packets built with sendfile(),<br /> mapping pages owned by an ext4 file to TCP rx zerocopy.<br /> <br /> r3 = socket$inet_tcp(0x2, 0x1, 0x0)<br /> mmap(&amp;(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)<br /> r4 = socket$inet_tcp(0x2, 0x1, 0x0)<br /> bind$inet(r4, &amp;(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10)<br /> connect$inet(r4, &amp;(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10)<br /> r5 = openat$dir(0xffffffffffffff9c, &amp;(0x7f00000000c0)=&amp;#39;./file0\x00&amp;#39;,<br /> 0x181e42, 0x0)<br /> fallocate(r5, 0x0, 0x0, 0x85b8)<br /> sendfile(r4, r5, 0x0, 0x8ba0)<br /> getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23,<br /> &amp;(0x7f00000001c0)={&amp;(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0,<br /> 0x0, 0x0, 0x0, 0x0}, &amp;(0x7f0000000440)=0x40)<br /> r6 = openat$dir(0xffffffffffffff9c, &amp;(0x7f00000000c0)=&amp;#39;./file0\x00&amp;#39;,<br /> 0x181e42, 0x0)