Vulnerabilities

A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. This affects an unknown part of the file /site/dist/auth_login.php. Performing manipulation of the argument Username results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formP2PLimitConfig. Such manipulation of the argument except leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was detected in Chanjet CRM up to 20251121. Affected is an unknown function of the file /tools/jxf_dump_table_demo.php. The manipulation of the argument gblOrgID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading the affected component is advised.

A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. Executing a manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. It is recommended to upgrade the affected component.

A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices<br /> <br /> Previously, APU platforms (and other scenarios with uninitialized VRAM managers)<br /> triggered a NULL pointer dereference in `ttm_resource_manager_usage()`. The root<br /> cause is not that the `struct ttm_resource_manager *man` pointer itself is NULL,<br /> but that `man-&gt;bdev` (the backing device pointer within the manager) remains<br /> uninitialized (NULL) on APUs—since APUs lack dedicated VRAM and do not fully<br /> set up VRAM manager structures. When `ttm_resource_manager_usage()` attempts to<br /> acquire `man-&gt;bdev-&gt;lru_lock`, it dereferences the NULL `man-&gt;bdev`, leading to<br /> a kernel OOPS.<br /> <br /> 1. **amdgpu_cs.c**: Extend the existing bandwidth control check in<br /> `amdgpu_cs_get_threshold_for_moves()` to include a check for<br /> `ttm_resource_manager_used()`. If the manager is not used (uninitialized<br /> `bdev`), return 0 for migration thresholds immediately—skipping VRAM-specific<br /> logic that would trigger the NULL dereference.<br /> <br /> 2. **amdgpu_kms.c**: Update the `AMDGPU_INFO_VRAM_USAGE` ioctl and memory info<br /> reporting to use a conditional: if the manager is used, return the real VRAM<br /> usage; otherwise, return 0. This avoids accessing `man-&gt;bdev` when it is<br /> NULL.<br /> <br /> 3. **amdgpu_virt.c**: Modify the vf2pf (virtual function to physical function)<br /> data write path. Use `ttm_resource_manager_used()` to check validity: if the<br /> manager is usable, calculate `fb_usage` from VRAM usage; otherwise, set<br /> `fb_usage` to 0 (APUs have no discrete framebuffer to report).<br /> <br /> This approach is more robust than APU-specific checks because it:<br /> - Works for all scenarios where the VRAM manager is uninitialized (not just APUs),<br /> - Aligns with TTM&amp;#39;s design by using its native helper function,<br /> - Preserves correct behavior for discrete GPUs (which have fully initialized<br /> `man-&gt;bdev` and pass the `ttm_resource_manager_used()` check).<br /> <br /> v4: use ttm_resource_manager_used(&amp;adev-&gt;mman.vram_mgr.manager) instead of checking the adev-&gt;gmc.is_app_apu flag (Christian)