Vuldb Updates

A vulnerability was found in Linux Kernel up to 6.14.1. It has been classified as problematic. Affected by this issue is the function graph_util_parse_dai of the component ASoC. Performing manipulation results in privilege escalation. This vulnerability is known as CVE-2025-39930. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. The impacted element is the function is_copy_from_user of the component mce. Executing manipulation can lead to denial of service. This vulnerability is registered as CVE-2025-39989. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.1.134/6.6.87/6.12.24/6.14.2. It has been declared as problematic. The impacted element is the function devm_request_irq of the component pci_endpoint_test. Such manipulation leads to privilege escalation. This vulnerability is referenced as CVE-2025-23140. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.14.1. The affected element is an unknown function of the component net_sched. Performing manipulation results in reachable assertion. This vulnerability is cataloged as CVE-2025-38637. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apereo CAS 5.2.6. This affects the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component Groovy Code Handler. This manipulation causes code injection. The identification of this vulnerability is CVE-2025-3984. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in Apereo CAS 5.2.6. This vulnerability affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. Such manipulation of the argument Query leads to inefficient regular expression complexity. This vulnerability is referenced as CVE-2025-3985. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in Apereo CAS 5.2.6. This issue affects some unknown processing of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. Performing manipulation of the argument Name results in inefficient regular expression complexity. This vulnerability is identified as CVE-2025-3986. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as critical has been found in IBM Security Guardium 11.5. The affected element is an unknown function. Such manipulation leads to server-side request forgery. This vulnerability is listed as CVE-2024-49336. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability has been found in IROAD Dash Cam FX2 up to 20250308 and classified as problematic. This affects an unknown function of the file /mnt/extsd/event/ of the component HTTP/RTSP. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2025-2348. The attack must be carried out from within the local network. In addition, an exploit is available. It is recommended to apply restrictive firewalling.

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308 and classified as problematic. This impacts an unknown function of the file /etc/passwd of the component Password Hash Handler. The manipulation results in password hash with insufficient computational effort. This vulnerability is cataloged as CVE-2025-2349. The attack must originate from the local network. Furthermore, there is an exploit available. Applying restrictive firewalling is recommended.

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been classified as critical. Affected is an unknown function of the file /action/upload_file. This manipulation causes unrestricted upload. This vulnerability is registered as CVE-2025-2350. The attack requires access to the local network. Furthermore, an exploit is available. It is advisable to implement restrictive firewalling.

A vulnerability has been found in Dromara ujcms 9.7.5 and classified as problematic. This vulnerability affects the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2025-2490. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. It has been rated as problematic. This vulnerability affects unknown code of the component fsl-edma. The manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2025-38479. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in Asterisk 22. Affected is the function action_createconfig. The manipulation results in permission issues. This vulnerability is known as CVE-2024-57520. It is possible to launch the attack remotely. No exploit is available.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.6.86/6.12.22/6.13.10/6.14.1. Impacted is the function mtk_dp_wait_hpd_asserted of the component mediatek. Such manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2025-38240. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability has been found in tj-actions changed-files up to 45.0.7 and classified as problematic. This affects an unknown part. This manipulation causes embedded malicious code. This vulnerability is registered as CVE-2025-30066. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability marked as problematic has been reported in IBM Sterling File Gateway up to 6.1.2.5/6.2.0.3. This impacts an unknown function of the component Web UI. Performing manipulation results in cross site scripting. This vulnerability is reported as CVE-2023-52292. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in strongSwan 5.9.2/5.9.3/5.9.4/5.9.5. It has been declared as problematic. This impacts an unknown function of the component IKE/EAP. The manipulation results in authorization bypass. This vulnerability is identified as CVE-2022-4967. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in DCN DCME-320-L up to 9.3.2.114. Impacted is an unknown function of the file log_u_umount.php. Executing manipulation can lead to command injection. This vulnerability is registered as CVE-2024-48659. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in IceWhaleTech ZimaOS up to 1.2.4. It has been classified as critical. This issue affects some unknown processing of the file /v1/users/name` of the component API Endpoint. Performing manipulation results in improper access controls. This vulnerability is cataloged as CVE-2024-48932. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.