The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.

CVE-2021-43570: Release v1.0.1 · starkbank/ecdsa-java

The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.

CVE-2021-43571: Release v1.1.3 · starkbank/ecdsa-node

In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.

@@ -1122,6 +1122,8 @@ static void simple\_decode\_row(x3f\_info\_t \*I, x3f\_directory\_entry\_t \*DE, x3f\_image\_data\_t \*ID = &DEH->data\_subsection.image\_data; x3f\_huffman\_t \*HUF = ID->huffman;  
if (row\*row\_stride > ID->data\_size - (ID->columns\*sizeof(uint32\_t))) throw LIBRAW\_EXCEPTION\_IO\_CORRUPT; uint32\_t \*data = (uint32\_t \*)((unsigned char \*)ID->data + row \* row\_stride);  
uint16\_t c\[3\] = {0, 0, 0};

CVE-2020-35532: X3F/simple_decode_row: check for data offset limit · LibRaw/LibRaw@5ab45b0

A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies. If you are not happy with the use of these cookies, please review our Cookie Policy to learn how they can be disabled. By disabling cookies, some features of the site will not work

CVE-2023-26085: Arm Security Center

During installation with certain driver software or application packages an arbitrary code execution could occur.

CVE-2020-28419: HPSBPI03723 rev. 1 - Certain HP LaserJet, HP LaserJet Pro, HP PageWide, HP PageWide Pro, HP inkjet, HP OfficeJet software and certain applications - Arbitrary code execution

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges.

**Vaikutus**

High

**Tiedot**

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

CVE(s) Addressed  
 

Product

Affected Version(s)

Updated Version(s)

Link to Update

CVE-2023-28047

Dell Display Manager

2.1.0 and prior

2.1.1

Support for Dell Display Manager 2.x | Drivers & Downloads

CVE-2023-28046

Dell Display Manager

2.1.0 and prior

2.1.1

Support for Dell Display Manager 2.x | Drivers & Downloads

CVE(s) Addressed  
 

Product

Affected Version(s)

Updated Version(s)

Link to Update

CVE-2023-28047

Dell Display Manager

2.1.0 and prior

2.1.1

Support for Dell Display Manager 2.x | Drivers & Downloads

CVE-2023-28046

Dell Display Manager

2.1.0 and prior

2.1.1

Support for Dell Display Manager 2.x | Drivers & Downloads

**Keinoja ongelman kiertämiseen tai lieventämiseen**

None.

**Kiitokset**

Acknowledgements: Dell would like to thank Marius Gabriel Mihai for reporting these issues.  
 

**Versiohistoria**

Revision

Date

Description

1.0

2023-04-04

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

04 huhtik. 2023

CVE-2023-28046: DSA-2023-123: Dell Display Manager Security Update for Arbitrary File or Folder Creation/Deletion Vulnerabilities

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.

Expand Up

@@ -868,6 +868,9 @@ static inline void tcp\_parse\_option\_mss(struct pico\_socket\_tcp \*t, uint8\_t len,

if (tcpopt\_len\_check(idx, len, PICO\_TCPOPTLEN\_MSS) < 0)

return;

  

if ((\*idx + PICO\_TCPOPTLEN\_MSS) > len)

return;

  

t->mss\_ok = 1;

mss = short\_from(opt + \*idx);

\*idx += (uint32\_t)sizeof(uint16\_t);

Expand Down Expand Up

@@ -896,6 +899,10 @@ static int tcp\_parse\_options(struct pico\_frame \*f)

uint8\_t \*opt = f->transport\_hdr + PICO\_SIZE\_TCPHDR;

uint32\_t i = 0;

f->timestamp = 0;

  

if (f->buffer + f->buffer\_len > f->transport\_hdr + f->transport\_len)

return -1;

  

while (i < (f->transport\_len - PICO\_SIZE\_TCPHDR)) {

uint8\_t type = opt\[i++\];

uint8\_t len;

Expand Down

CVE-2023-35849: More checks for correct header sizes · virtualsquare/picotcp@4b9a167

A vulnerability exists in the ABB Cylon FLXeon controller that allows unauthenticated access to the Building Management System (BMS) or Building Automation System (BAS) dashboard. This exposes sensitive information, including system status, events, and alarms related to HVAC operations. Additionally, an attacker could manipulate environmental controls such as temperature settings, potentially disrupting building climate regulation and operational safety.

Title: ABB Cylon FLXeon 9.3.4 Unauthenticated Dashboard Access  
Advisory ID: ZSL-2025-5923  
Type: Local/Remote  
Impact: Security Bypass, Exposure of System Information  
Risk: (4/5)  
Release Date: 14.02.2025

**Summary**

BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boilers, chillers, cooling towers, heat pump systems, air handling units (constant volume, variable air volume, and multi-zone), rooftop units, electrical systems such as lighting control, variable frequency drives and metering.

The FLXeon Controller Series uses BACnet/IP standards to deliver unprecedented connectivity and open integration for your building automation systems. It's scalable, and modular, allowing you to control a diverse range of HVAC functions.

**Description**

A vulnerability exists in the ABB Cylon FLXeon controller that allows unauthenticated access to the Building Management System (BMS) or Building Automation System (BAS) dashboard. This exposes sensitive information, including system status, events, and alarms related to HVAC operations. Additionally, an attacker could manipulate environmental controls such as temperature settings, potentially disrupting building climate regulation and operational safety.

**Vendor**

ABB Ltd. - https://www.global.abb

**Affected Version**

FLXeon Series (FBXi Series, FBTi Series, FBVi Series)  
CBX Series (FLX Series)  
CBT Series  
CBV Series  
Firmware: <=9.3.4

**Tested On**

Linux Kernel 5.4.27  
Linux Kernel 4.15.13  
NodeJS/8.4.0  
Express

**Vendor Status**

\[21.04.2024\] Vulnerability discovered.  
\[22.04.2024\] Vendor contacted.  
\[22.04.2024\] Vendor responds.  
\[02.05.2024\] Working with the vendor.  
\[20.01.2025\] Vendor releases version 9.3.5 to address this issue.  
\[14.02.2025\] Public security advisory released.

**PoC**

abb\_flxeon\_dash1.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

\[1\] https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch  
\[2\] https://packetstorm.news/files/id/189252/

**Changelog**

\[14.02.2025\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

ABB Cylon FLXeon 9.3.4 Unauthenticated Dashboard Access

The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.

CVE-2013-4300

An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.

One of the checks for 'override-antispoof' permission in the AntiSpoof extension is inverted, here: https://github.com/wikimedia/mediawiki-extensions-AntiSpoof/blob/7a5fc55dc31a0ab654a80a0fa6293027293c5b7c/includes/AntiSpoofPreAuthenticationProvider.php#L145

This might not be a real security issue – it looks like the faulty code path is only used for displaying UI messages (JS checks on Special:CreateAccount), and not for actually creating accounts. But I didn't go through everything to prove that for sure, so I'm filing as a security task just in case.

It's also not reproducible on Wikimedia wikis, because the anti-spoof checks there are handled by code in CentralAuth, which doesn't have the bug: https://github.com/wikimedia/mediawiki-extensions-CentralAuth/blob/061b493dc96a874bb49e1e67c10e416fce6040be/includes/CentralAuthPrimaryAuthenticationProvider.php#L512

This has been introduced in https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AntiSpoof/+/618623, by accidentally removing a ! to negate a condition.

I discovered the problem while testing a patch for T167163.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us