LF-Edge, Zededa Security Vulnerabilities

HTTP Response Splitting

Apache HTTP Server is vulnerable to HTTP Response splitting. The vulnerability is due to inadequate handling of malicious response headers, allowing an attacker to inject headers into backend applications and cause an HTTP desynchronization...

Memory Exhaustion

nghttp2 is vulnerable to a memory exhaustion issue. The vulnerability is due to temporary buffering of HTTP/2 incoming headers exceeding the limit, which is intended to generate an informative HTTP 413 response. However, if a client continues to send headers without stopping, it leads to memory...

Privilege Escalation

nodejs is vulnerable to Privilege Escalation. The vulnerability is due to a bug in the implementation of the exception of CAP_NET_BIND_SERVICE, Node.js incorrectly applies this exception even when other capabilities have been set. It potentially allows unprivileged users to execute code with...

Out-of-bounds Read

ibX11.so is vulnerable to Out-of-bounds Read. The vulnerability is due to function _XkbReadKeySyms allocating insufficient memory for the keysym buffer also failure to handle errors returned by _XkbReadBufferCopyKeySyms. This can leads to potential buffer overflow and out-of-bounds memory...

Denial Of Service (DoS) Through Infinite Loop

libX11.so is vulnerable to Denial of Service (DoS). The vulnerability is due to incorrect calculation of SubImageWidth in the PutSubImage function when communicating with an X server which creates oversized requests. This miscalculation triggers an infinite loop, potentially leading to a Denial of....

Integer Overflow

libX11.so is vulnerable to integer overflow. The vulnerability is due to insufficient validation checks within the XCreateImage function when calculating the image data size. This issue happen during the calculation of min_bytes_per_line, which can potentially return a value that is too small for.....

Unauthenticated Remote Attack

Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition is vulnerable to an unauthenticated remote attack via multiple protocols. This vulnerability affects multiple versions, including Oracle Java SE 8u391, 11.0.21, 17.0.9, and 21.0.1, Oracle GraalVM for JDK 17.0.9 and 21.0.1,...

Privilege Escalation

Firefox is vulnerable to a Privilege Escalation. The vulnerability is due to the unauthorized injection of an event handler into a privileged object, leading to arbitrary JavaScript execution in the parent...

Improper Input Validation

Apache is vulnerable to Improper Input Validation. The vulnerability is caused due to inadequate input validation, which can be exploited by attackers to manipulate HTTP...

CVE-2023-7237

Lantronix XPort sends weakly encoded credentials within web request...

Linux kernel vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-6.5 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-6.5 - Linux kernel for...

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

Linux kernel vulnerabilities

Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems linux-gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems linux-hwe - Linux...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

Linux kernel (Azure) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-azure-6.5 - Linux kernel for Microsoft Azure cloud systems Details Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: JFS...

Denial Of Service (DoS)

Libraries that implement HTTP/2 are vulnerable to Denial Of Service (DoS). The vulnerability could be exploited by attackers via sending a large number of HTTP/2 requests to a vulnerable server, then canceling them, causing the server to consume excessive resources and become unavailable to...

Security Bulletin: IBM Edge Application Manager 4.5.5 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.5 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2024-29041 DESCRIPTION: **Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An...

CVE-2024-21337

Microsoft Edge (Chromium-based) Elevation of Privilege...

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-hwe-5.15 - Linux hardware enablement (HWE) kernel linux-raspi - Linux kernel for Raspberry Pi systems Details It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action...

Linux kernel (Low Latency) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-lowlatency-hwe-6.5 - Linux low latency kernel Details Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: JFS file system;...

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux...

Linux kernel (AWS) vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems Details Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

Linux kernel vulnerabilities

Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems...

Use After Free

libxml2 is vulnerable to Use After Free. The vulnerability is caused due to a lack of validation within the xmlTextReader module. When parsing a crafted XML document using the XML Reader interface with DTD validation and XInclude expansion enabled, a xmlValidatePopElement use-after-free exception.....

Linux kernel vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-6.5 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-gcp - Linux kernel for...

Linux kernel vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux-aws-6.5 - Linux kernel for Amazon Web Services (AWS) systems linux-raspi - Linux kernel for Raspberry Pi systems Details Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero...

CVE-2020-0878

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

CVE-2024-26196

Microsoft Edge for Android (Chromium-based) Information Disclosure...

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-lowlatency - Linux low latency kernel linux-nvidia - Linux kernel for NVIDIA systems Details Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the...

Linux kernel vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-6.5 - Linux kernel for Microsoft Azure cloud systems linux-gcp - Linux kernel for Google...

CVE-2021-43396

In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor...

VMware SD-WAN Edge and SD-WAN Orchestrator updates address multiple security vulnerabilities.

3a. Unauthenticated Command Injection vulnerability in SD-WAN Edge (CVE-2024-22246) VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. VMware has evaluated the severity of this issue to be in the Important severity range...

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

Edge < 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Display Name

Description The Edge theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary....

CVE-2024-29057

Microsoft Edge (Chromium-based) Spoofing...

CVE-2024-26247

Microsoft Edge (Chromium-based) Security Feature Bypass...

Rogue Session Attack (Terrapin)

asyncssh-pypi is vulnerable to Rogue Session Attack. The vulnerability is due to malicious negotiation of extensions during the SSH connection setup process. This issue can be exploited by an attacker via injecting malicious extensions during the negotiation process, resulting in a SSH security...

Linux kernel (Azure) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-azure-6.5 - Linux kernel for Microsoft Azure cloud systems Details Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local...

Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device....

Cisco IOS XE Software SD Access Fabric Edge Node DoS (cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and...

Microsoft Edge Chromium Installed

Microsoft Edge (Chromium-based), a Chromium-based web browser, is installed on the remote...

Linux kernel (Azure) vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel for Microsoft Azure cloud systems Details Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly...

CVE-2023-4465

A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX....

CVE-2023-4464

A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201,...

Microsoft Edge Browser Installed (Windows)

Microsoft Edge, the replacement for Internet Explorer, is installed on the remote Windows...

CVE-2023-4462

A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250,...