This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. It can be triggered via the stack_copy function. Mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. LPAR2RRD ? 4.53 and ? 3.5 has arbitrary command injection on the application server.Īn exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. Libpng before 1.6.32 does not properly check the length of chunks against the user limit. The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code. In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. This vulnerability is fixed in kustomize-controller v0.23.0 and helm-controller v0.19.0, both included in flux2 v0.29.0 Additional mitigations include applying restrictive AppArmor and SELinux profiles on the controller’s pod to limit what binaries can be executed. Workarounds include disabling functionality via Validating Admission webhooks by restricting users from setting the `spec.kubeConfig` field in Flux `Kustomization` and `HelmRelease` objects. In multi-tenancy deployments this can also lead to privilege escalation if the controller's service account has elevated permissions.
Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. For more information about these vulnerabilities, see the Details section of this advisory.įlux2 is an open and extensible continuous delivery solution for Kubernetes.
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM.
The AMDPowerProfiler.sys driver of AMD ?Prof tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.
To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host. Thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reservestack call.ĬMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. For details about the vulnerable configuration, see the Vulnerable Products section of this advisory. Note: This vulnerability exists because of a non-default device configuration that must be present for it to be exploitable. The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials.
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm.