Monthly
Remote denial of service in the Linux kernel's iSER (iSCSI Extensions for RDMA) target driver (IB/isert) allows an unauthenticated attacker on the RDMA fabric to crash a storage target node by sending an undersized iSCSI login PDU. The isert_login_recv_done() handler subtracts the 76-byte ISER_HEADERS_LEN from the received byte count without a lower bound, producing a negative signed login_req_len that is later sign-extended into a multi-gigabyte memcpy() length, causing a faulting out-of-bounds copy. Because the login phase precedes iSCSI authentication, no credentials are required; there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.21%).
Memory disclosure in GNU SASL's NTLM client implementation allows a malicious or man-in-the-middle server to extract portions of client process memory by delivering a crafted undersized challenge to the `_gsasl_ntlm_client_step` function. All GNU SASL versions before 2.2.4 are affected, with the fix confirmed in the 2.2.4 release and a Debian security advisory issued downstream. No active exploitation has been identified; the high attack complexity required to position a malicious NTLM server tempers the already-low CVSS 3.7 rating.
Uninitialized stack memory disclosure in Exim 4.88 through 4.99.3 allows remote unauthenticated attackers to read arbitrary stack memory contents by sending specially crafted short payloads to proxy-enabled SMTP listeners. The vulnerability is constrained to proxy configurations but requires no authentication and no user interaction (AV:N/AC:L/PR:N/UI:N), making it trivially reachable against exposed instances. No public exploit code or CISA KEV listing exists at time of analysis, and a vendor-released fix is available in Exim 4.99.4.
ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Remote denial of service in the Linux kernel's iSER (iSCSI Extensions for RDMA) target driver (IB/isert) allows an unauthenticated attacker on the RDMA fabric to crash a storage target node by sending an undersized iSCSI login PDU. The isert_login_recv_done() handler subtracts the 76-byte ISER_HEADERS_LEN from the received byte count without a lower bound, producing a negative signed login_req_len that is later sign-extended into a multi-gigabyte memcpy() length, causing a faulting out-of-bounds copy. Because the login phase precedes iSCSI authentication, no credentials are required; there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.21%).
Memory disclosure in GNU SASL's NTLM client implementation allows a malicious or man-in-the-middle server to extract portions of client process memory by delivering a crafted undersized challenge to the `_gsasl_ntlm_client_step` function. All GNU SASL versions before 2.2.4 are affected, with the fix confirmed in the 2.2.4 release and a Debian security advisory issued downstream. No active exploitation has been identified; the high attack complexity required to position a malicious NTLM server tempers the already-low CVSS 3.7 rating.
Uninitialized stack memory disclosure in Exim 4.88 through 4.99.3 allows remote unauthenticated attackers to read arbitrary stack memory contents by sending specially crafted short payloads to proxy-enabled SMTP listeners. The vulnerability is constrained to proxy configurations but requires no authentication and no user interaction (AV:N/AC:L/PR:N/UI:N), making it trivially reachable against exposed instances. No public exploit code or CISA KEV listing exists at time of analysis, and a vendor-released fix is available in Exim 4.99.4.
ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.