Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-26 | CVE-2024-42790 | Cross-site Scripting vulnerability in Lopalopa Music Management System 1.0 A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Kashipara Music Management System v1.0. | 5.4 |
| 2024-08-26 | CVE-2024-8174 | Cross-site Scripting vulnerability in Blood Bank System Project Blood Bank System 1.0 A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. | 6.1 |
| 2024-08-26 | CVE-2024-43967 | Cross-site Scripting vulnerability in Starkdigital WP Testimonial Widget Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1. | 4.8 |
| 2024-08-26 | CVE-2024-8172 | Cross-site Scripting vulnerability in Rems QR Code Attendance System 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Attendance System 1.0. | 6.1 |
| 2024-08-26 | CVE-2024-8166 | Unrestricted Upload of File with Dangerous Type vulnerability in Ruijie Eg2000K Firmware 11.1(6)B2 A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. | 4.9 |
| 2024-08-26 | CVE-2023-49582 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Portable Runtime Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. | 5.5 |
| 2024-08-26 | CVE-2024-8165 | Path Traversal vulnerability in Beikeshop A vulnerability, which was classified as problematic, was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. | 6.5 |
| 2024-08-26 | CVE-2024-44938 | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift exponent -1 to be negative. This patch fixes the issue by exiting the loop directly when negative shift is found. | 5.5 |
| 2024-08-26 | CVE-2024-44939 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry [syzbot reported] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713 ... [Analyze] In dtInsertEntry(), when the pointer h has the same value as p, after writing name in UniStrncpy_to_le(), p->header.flag will be cleared. | 5.5 |
| 2024-08-26 | CVE-2024-43885 | Improper Locking vulnerability in Linux Kernel 6.11 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double inode unlock for direct IO sync writes If we do a direct IO sync write, at btrfs_sync_file(), and we need to skip inode logging or we get an error starting a transaction or an error when flushing delalloc, we end up unlocking the inode when we shouldn't under the 'out_release_extents' label, and then unlock it again at btrfs_direct_write(). Fix that by checking if we have to skip inode unlocking under that label. | 5.5 |