Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.7 MEDIUM]
Traefik versions prior to 2.11.38 and 3.6.9 fail to limit memory allocation when processing ForwardAuth middleware responses, allowing a malicious or compromised authentication server to trigger unbounded memory consumption. An attacker controlling the auth server can return an arbitrarily large response body that causes the Traefik process to exhaust available memory and crash, resulting in denial of service for all proxied routes. A patch is available in the specified versions.
Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.4 MEDIUM]
NetApp ONTAP 9.12.1 and later with S3 NAS buckets allows authenticated attackers to enumerate directory contents they lack authorization to access, resulting in unauthorized information disclosure. An attacker with valid credentials can exploit this to view sensitive file listings without proper permissions. No patch is currently available for this vulnerability.
Octopus Server allows authenticated attackers to generate new API keys from existing access tokens with extended lifetimes that exceed the original token's validity period. This token lifetime extension vulnerability (CWE-863) could enable attackers with valid credentials to maintain persistent access beyond intended restrictions. The vulnerability affects Octopus Server with no patch currently available.
Unauthorized wiki page creation in OpenProject prior to versions 17.0.5 and 17.1.2 allows authenticated attackers to bypass project access controls and create pages in projects they lack permission to access. The vulnerability stems from improper authentication validation on wiki page creation requests, enabling an attacker to modify project documentation without proper authorization. No patch is currently available for affected versions.
The Media Library Assistant plugin for WordPress through version 3.33 fails to validate user permissions in the mla_update_compat_fields_action() function, allowing authenticated subscribers and higher-privileged users to modify taxonomy terms on any attachment. This authorization bypass enables attackers to alter attachment metadata without proper capability restrictions. A patch is not currently available.
Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 4.0).
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.0 MEDIUM]
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. [CVSS 3.7 LOW]
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs. [CVSS 3.3 LOW]
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 3.3).
A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. [CVSS 3.3 LOW]
Stored cross-site scripting in Frappe versions prior to 16.11.0 and 15.102.0 allows unauthenticated attackers to execute arbitrary JavaScript in users' browsers through malicious image URLs in avatar fields and website comments. The vulnerability affects any user viewing a page containing the compromised avatar, enabling session hijacking, credential theft, or malware distribution without user interaction.
Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two references; on Ubuntu Linux 6.8 (Noble Numbat) kernel tree, they have only the queue reference, so the buffer is freed while still reachable and subsequent queue walks dereference freed memory, yielding a reliable local privile...