Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-08 | CVE-2024-10269 | Cross-site Scripting vulnerability in Benjaminzekavica Easy SVG Support The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-08 | CVE-2024-10995 | SQL Injection vulnerability in Codezips Hospital Appointment System 1.0 A vulnerability was found in Codezips Hospital Appointment System 1.0 and classified as critical. | 9.8 |
| 2024-11-08 | CVE-2024-10996 | SQL Injection vulnerability in Bookstore Management System Project Bookstore Management System 1.0 A vulnerability was found in 1000 Projects Bookstore Management System 1.0. | 9.8 |
| 2024-11-08 | CVE-2024-10997 | SQL Injection vulnerability in Bookstore Management System Project Bookstore Management System 1.0 A vulnerability was found in 1000 Projects Bookstore Management System 1.0. | 9.8 |
| 2024-11-08 | CVE-2024-10621 | The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pw_map shortcode in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-11-08 | CVE-2024-10993 | Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Institute Management System 1.0 A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. | 8.8 |
| 2024-11-08 | CVE-2024-10994 | Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Institute Management System 1.0 A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. | 8.8 |
| 2024-11-08 | CVE-2024-50201 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix encoder->possible_clones Include the encoder itself in its possible_clones bitmask. In the past nothing validated that drivers were populating possible_clones correctly, but that changed in commit 74d2aacbe840 ("drm: Validate encoder->possible_clones"). Looks like radeon never got the memo and is still not following the rules 100% correctly. This results in some warnings during driver initialization: Bogus possible_clones: [ENCODER:46:TV-46] possible_clones=0x4 (full encoder mask=0x7) WARNING: CPU: 0 PID: 170 at drivers/gpu/drm/drm_mode_config.c:615 drm_mode_config_validate+0x113/0x39c ... (cherry picked from commit 3b6e7d40649c0d75572039aff9d0911864c689db) | 5.5 |
| 2024-11-08 | CVE-2024-50202 | Improper Handling of Exceptional Conditions vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails. If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check, for example when it is zero-filled, nilfs_check_folio() may continue to spit out error messages in bursts. Fix this issue by propagating the error to the callers when loading a page/folio fails in nilfs_find_entry(). The current interface of nilfs_find_entry() and its callers is outdated and cannot propagate error codes such as -EIO and -ENOMEM returned via nilfs_find_entry(), so fix it together. | 5.5 |
| 2024-11-08 | CVE-2024-50203 | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix address emission with tag-based KASAN enabled When BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_image struct on the stack is passed during the size calculation pass and an address on the heap is passed during code generation. | 7.8 |