| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service. |
| Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability |
| Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability |
| The Secure attribute is missing on multiple cookies provided by the MEAC300-FNADE4. An attacker can trick a user to establish an unencrypted HTTP connection to the server and intercept the request containing the PHPSESSID cookie. |
| IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. |
| IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system. |
| A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the server to initiate an HTTP request to an arbitrary internal or external network address. Successful exploitation could lead to internal network reconnaissance, port scanning, or the retrieval of sensitive information. The vulnerability may be present in the backend API called by or associated with the path `/admin/#/webset/?head_tab_active=0`, where user-provided XML data is processed. |
| IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system. |
| An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file. |
| Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device control APIs to change feeding schedules, trigger manual feeds, access camera feeds, and modify device settings without authorization checks. |
| Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through /device/devicePetRelation/getBoundDevices using pet IDs, enabling full device control without proper authorization checks. |
| Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerability that allows authenticated users to access other users' pet data by exploiting missing ownership verification. Attackers can send requests to /member/pet/detailV2 with arbitrary pet IDs to retrieve sensitive information including pet details, member IDs, and avatar URLs without proper authorization checks. |
| NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering. |
| Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains. |
| Improper Restriction of XML External Entity Reference vulnerability in Apache SIS.
It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the following SIS services:
* Reading of GeoTIFF files having the GEO_METADATA tag defined by the Defense Geospatial Information Working Group (DGIWG).
* Parsing of ISO 19115 metadata in XML format.
* Parsing of Coordinate Reference Systems defined in the GML format.
* Parsing of files in GPS Exchange Format (GPX).
This issue affects Apache SIS from versions 0.4 through 1.5 inclusive. Users are recommended to upgrade to version 1.6, which will fix the issue. In the meantime, the security vulnerability can be avoided by launching Java with the javax.xml.accessExternalDTD system property sets to a comma-separated list of authorized protocols. For example:
java -Djavax.xml.accessExternalDTD="" ... |
| A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a sustained DoS condition.
For the issue to occur, BGP multipath with "pause-computation-during-churn" must be configured on the device, and the attacker must send the paths via a BGP UPDATE from a established BGP peer.
This issue affects:
Junos OS:
* All versions before 21.4R3-S7,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R2.
Junos OS Evolved:
* All versions before 21.4R3-S7-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S5-EVO,
* from 23.2 before 23.2R2-EVO,
* from 23.4 before 23.4R2-EVO. |
| A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).On all Junos OS and Junos OS Evolved devices, when route validation is enabled, a rare condition during BGP initial session establishment can lead to an rpd crash and restart. This occurs specifically when the connection request fails during error-handling scenario.
Continued session establishment failures leads to a sustained DoS condition.
This issue affects Junos OS:
* All versions before 22.2R3-S6,
* from 22.4 before 22.4R3-S6,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R2;
Junos OS Evolved:
* All versions before 22.2R3-S6-EVO,
* from 22.4 before 22.4R3-S6-EVO,
* from 23.2 before 23.2R2-S3-EVO,
* from 23.4 before 23.4R2-S4-EVO,
* from 24.2 before 24.2R2-EVO. |
| In the Linux kernel, the following vulnerability has been resolved:
ext4: remove a BUG_ON in ext4_mb_release_group_pa()
If a malicious fuzzer overwrites the ext4 superblock while it is
mounted such that the s_first_data_block is set to a very large
number, the calculation of the block group can underflow, and trigger
a BUG_ON check. Change this to be an ext4_warning so that we don't
crash the kernel. |
| Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control. |
| In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix assertion when building free space tree
When building the free space tree with the block group tree feature
enabled, we can hit an assertion failure like this:
BTRFS info (device loop0 state M): rebuilding free space tree
assertion failed: ret == 0, in fs/btrfs/free-space-tree.c:1102
------------[ cut here ]------------
kernel BUG at fs/btrfs/free-space-tree.c:1102!
Internal error: Oops - BUG: 00000000f2000800 [#1] SMP
Modules linked in:
CPU: 1 UID: 0 PID: 6592 Comm: syz-executor322 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102
lr : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102
sp : ffff8000a4ce7600
x29: ffff8000a4ce76e0 x28: ffff0000c9bc6000 x27: ffff0000ddfff3d8
x26: ffff0000ddfff378 x25: dfff800000000000 x24: 0000000000000001
x23: ffff8000a4ce7660 x22: ffff70001499cecc x21: ffff0000e1d8c160
x20: ffff0000e1cb7800 x19: ffff0000e1d8c0b0 x18: 00000000ffffffff
x17: ffff800092f39000 x16: ffff80008ad27e48 x15: ffff700011e740c0
x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff
x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 94ef24f55d2dbc00
x8 : 94ef24f55d2dbc00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000a4ce6f98 x4 : ffff80008f415ba0 x3 : ffff800080548ef0
x2 : 0000000000000000 x1 : 0000000100000000 x0 : 000000000000003e
Call trace:
populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102 (P)
btrfs_rebuild_free_space_tree+0x14c/0x54c fs/btrfs/free-space-tree.c:1337
btrfs_start_pre_rw_mount+0xa78/0xe10 fs/btrfs/disk-io.c:3074
btrfs_remount_rw fs/btrfs/super.c:1319 [inline]
btrfs_reconfigure+0x828/0x2418 fs/btrfs/super.c:1543
reconfigure_super+0x1d4/0x6f0 fs/super.c:1083
do_remount fs/namespace.c:3365 [inline]
path_mount+0xb34/0xde0 fs/namespace.c:4200
do_mount fs/namespace.c:4221 [inline]
__do_sys_mount fs/namespace.c:4432 [inline]
__se_sys_mount fs/namespace.c:4409 [inline]
__arm64_sys_mount+0x3e8/0x468 fs/namespace.c:4409
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767
el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
Code: f0047182 91178042 528089c3 9771d47b (d4210000)
---[ end trace 0000000000000000 ]---
This happens because we are processing an empty block group, which has
no extents allocated from it, there are no items for this block group,
including the block group item since block group items are stored in a
dedicated tree when using the block group tree feature. It also means
this is the block group with the highest start offset, so there are no
higher keys in the extent root, hence btrfs_search_slot_for_read()
returns 1 (no higher key found).
Fix this by asserting 'ret' is 0 only if the block group tree feature
is not enabled, in which case we should find a block group item for
the block group since it's stored in the extent root and block group
item keys are greater than extent item keys (the value for
BTRFS_BLOCK_GROUP_ITEM_KEY is 192 and for BTRFS_EXTENT_ITEM_KEY and
BTRFS_METADATA_ITEM_KEY the values are 168 and 169 respectively).
In case 'ret' is 1, we just need to add a record to the free space
tree which spans the whole block group, and we can achieve this by
making 'ret == 0' as the while loop's condition. |
