Weekly Vulnerabilities Reports > July 8 to 14, 2024

Overview

586 new vulnerabilities reported during this period, including 35 critical vulnerabilities and 313 high severity vulnerabilities. This weekly summary report vulnerabilities in 226 products from 125 vendors including Microsoft, Linux, Level1, Siemens, and Realtek. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", "Use After Free", and "Authorization Bypass Through User-Controlled Key".

  • 413 reported vulnerabilities are remotely exploitables.
  • 149 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 279 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 124 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

35 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-07-09 CVE-2024-38089 Microsoft Unspecified vulnerability in Microsoft Defender for IOT

Microsoft Defender for IoT Elevation of Privilege Vulnerability

9.9
2024-07-09 CVE-2024-39872 Siemens Unspecified vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).

9.9
2024-07-14 CVE-2024-6728 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0

A vulnerability was found in itsourcecode Tailoring Management System 1.0.

9.8
2024-07-12 CVE-2024-39917 Neutrinolabs Improper Restriction of Excessive Authentication Attempts vulnerability in Neutrinolabs Xrdp

xrdp is an open source RDP server.

9.8
2024-07-12 CVE-2024-40539 Codermy SQL Injection vulnerability in Codermy My-Springsecurity-Plus

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.

9.8
2024-07-12 CVE-2024-40540 Codermy SQL Injection vulnerability in Codermy My-Springsecurity-Plus

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept.

9.8
2024-07-12 CVE-2024-40541 Codermy SQL Injection vulnerability in Codermy My-Springsecurity-Plus

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build.

9.8
2024-07-12 CVE-2024-40542 Codermy SQL Injection vulnerability in Codermy My-Springsecurity-Plus

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset.

9.8
2024-07-12 CVE-2024-6328 The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7.
9.8
2024-07-11 CVE-2024-6385 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.

9.8
2024-07-11 CVE-2024-6624 Parorrey Unspecified vulnerability in Parorrey Json API User

The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3.

9.8
2024-07-11 CVE-2024-6397 Instawp Improper Authentication vulnerability in Instawp Connect

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44.

9.8
2024-07-10 CVE-2024-4879 Servicenow Unspecified vulnerability in Servicenow Utah/Vancouver/Washingtondc

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases.

9.8
2024-07-10 CVE-2024-5217 Servicenow Incorrect Comparison vulnerability in Servicenow Utah/Vancouver/Washingtondc

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases.

9.8
2024-07-10 CVE-2024-6422 Pepperl Fuchs Missing Authentication for Critical Function vulnerability in Pepperl-Fuchs products

An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.

9.8
2024-07-09 CVE-2024-37873 Itsourcecode SQL Injection vulnerability in Itsourcecode Payroll Management System Project in PHP With Source Code 1.0

SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

9.8
2024-07-09 CVE-2023-48194 Tenda Unspecified vulnerability in Tenda Ac8V4 Firmware 16.03.34.09

Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0.

9.8
2024-07-09 CVE-2024-38074 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

9.8
2024-07-09 CVE-2024-38076 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

9.8
2024-07-09 CVE-2024-38077 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

9.8
2024-07-09 CVE-2024-39171 Phpvibe Path Traversal vulnerability in PHPvibe

Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix.

9.8
2024-07-09 CVE-2024-27782 Fortinet Insufficient Session Expiration vulnerability in Fortinet Fortiaiops 2.0.0

Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.

9.8
2024-07-09 CVE-2024-37934 Ninjaforms Code Injection vulnerability in Ninjaforms Ninja Forms

Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.

9.8
2024-07-09 CVE-2024-37112 Wishlist Member SQL Injection vulnerability in Wishlist Member Wishlist Member

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.

9.8
2024-07-09 CVE-2024-37555 Zealousweb Unrestricted Upload of File with Dangerous Type vulnerability in Zealousweb Generate PDF Using Contact Form 7

Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6.

9.8
2024-07-09 CVE-2024-6313 The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users can specify the allowed file types in the 'upload' function in versions up to, and including, 2.2.9.
9.8
2024-07-09 CVE-2024-6314 The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process_image_upload' function in versions up to, and including, 2.2.7.
9.8
2024-07-09 CVE-2024-28747 An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
9.8
2024-07-09 CVE-2024-6365 The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function.
9.8
2024-07-08 CVE-2023-46685 Level1 Use of Hard-coded Credentials vulnerability in Level1 Wbr-6013 Firmware Rer4Av3411B2T2Rlev09170623

A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623.

9.8
2024-07-08 CVE-2024-39677 Nhibernate SQL Injection vulnerability in Nhibernate Nhibernate-Core

NHibernate is an object-relational mapper for the .NET framework.

9.8
2024-07-08 CVE-2024-39742 IBM Incorrect Comparison vulnerability in IBM MQ Operator

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability.

9.8
2024-07-08 CVE-2024-27903 Openvpn Unrestricted Upload of File with Dangerous Type vulnerability in Openvpn

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

9.8
2024-07-10 CVE-2024-21524 Magiclen Out-of-bounds Read vulnerability in Magiclen Stringbuilder

All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input.

9.1
2024-07-09 CVE-2024-28751 An high privileged remote attacker can enable telnet access that accepts hardcoded credentials. 
9.1

313 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-07-14 CVE-2024-6732 Oretnom23 SQL Injection vulnerability in Oretnom23 Student Study Center Desk Management System 1.0

A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0.

8.8
2024-07-14 CVE-2024-6733 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0

A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical.

8.8
2024-07-14 CVE-2024-6731 Oretnom23 SQL Injection vulnerability in Oretnom23 Student Study Center Desk Management System 1.0

A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0.

8.8
2024-07-14 CVE-2024-6729 Mayurik SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0.

8.8
2024-07-12 CVE-2024-40518 Seacms Unspecified vulnerability in Seacms 12.9

SeaCMS 12.9 has a remote code execution vulnerability.

8.8
2024-07-12 CVE-2024-40519 Seacms Unspecified vulnerability in Seacms 12.9

SeaCMS 12.9 has a remote code execution vulnerability.

8.8
2024-07-12 CVE-2024-40520 Seacms Unspecified vulnerability in Seacms 12.9

SeaCMS 12.9 has a remote code execution vulnerability.

8.8
2024-07-12 CVE-2024-40521 Seacms Unspecified vulnerability in Seacms 12.9

SeaCMS 12.9 has a remote code execution vulnerability.

8.8
2024-07-12 CVE-2024-40522 Seacms Unspecified vulnerability in Seacms 12.9

There is a remote code execution vulnerability in SeaCMS 12.9.

8.8
2024-07-12 CVE-2024-40543 Publiccms Server-Side Request Forgery (SSRF) vulnerability in Publiccms

PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage.

8.8
2024-07-12 CVE-2024-40544 Publiccms Server-Side Request Forgery (SSRF) vulnerability in Publiccms

PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit.

8.8
2024-07-12 CVE-2024-40545 Publiccms Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms

An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

8.8
2024-07-12 CVE-2024-40546 Publiccms Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms

An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

8.8
2024-07-12 CVE-2024-40548 Publiccms Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

8.8
2024-07-12 CVE-2024-40549 Publiccms Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

8.8
2024-07-12 CVE-2024-40550 Publiccms Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

8.8
2024-07-12 CVE-2024-40551 Publiccms Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

8.8
2024-07-12 CVE-2024-40552 Publiccms Unspecified vulnerability in Publiccms

PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java.

8.8
2024-07-12 CVE-2024-6353 The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'search[value]' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
8.8
2024-07-12 CVE-2024-6022 Adamsolymosi Cross-Site Request Forgery (CSRF) vulnerability in Adamsolymosi Contentlock 1.0.2/1.0.3

The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

8.8
2024-07-12 CVE-2024-6023 Adamsolymosi Cross-Site Request Forgery (CSRF) vulnerability in Adamsolymosi Contentlock 1.0.2/1.0.3

The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack

8.8
2024-07-11 CVE-2024-6666 Wedevs SQL Injection vulnerability in Wedevs WP ERP

The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

8.8
2024-07-11 CVE-2024-1845 E4Jconnect Cross-Site Request Forgery (CSRF) vulnerability in E4Jconnect Vikrentcar

The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

8.8
2024-07-10 CVE-2024-39565 An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device.  While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials.
8.8
2024-07-10 CVE-2024-6652 Adrianmercurio SQL Injection vulnerability in Adrianmercurio GYM Management System 1.0

A vulnerability was found in itsourcecode Gym Management System 1.0.

8.8
2024-07-10 CVE-2024-6148 Citrix Unspecified vulnerability in Citrix Workspace

Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5

8.8
2024-07-10 CVE-2024-40332 Idccms Cross-Site Request Forgery (CSRF) vulnerability in Idccms 1.35

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord

8.8
2024-07-10 CVE-2024-28828 Checkmk Cross-Site Request Forgery (CSRF) vulnerability in Checkmk 2.0.0/2.1.0/2.2.0

Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.

8.8
2024-07-10 CVE-2024-40334 Idccms Cross-Site Request Forgery (CSRF) vulnerability in Idccms 1.35

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3

8.8
2024-07-10 CVE-2024-6411 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9.
8.8
2024-07-10 CVE-2023-7061 Advancedfilemanager Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager File Manager Advanced Shortcode 2.3.2/2.5.3

The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3.

8.8
2024-07-10 CVE-2023-7062 The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.
8.8
2024-07-10 CVE-2024-5792 The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes ‘belong_to’ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
8.8
2024-07-10 CVE-2024-21417 Windows Text Services Framework Elevation of Privilege Vulnerability
8.8
2024-07-09 CVE-2024-39880 Deltaww Out-of-bounds Write vulnerability in Deltaww Cncsoft-G2 2.0.0.5

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.

8.8
2024-07-09 CVE-2024-39881 Deltaww Out-of-bounds Write vulnerability in Deltaww Cncsoft-G2 2.0.0.5

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition.

8.8
2024-07-09 CVE-2024-39882 Deltaww Out-of-bounds Read vulnerability in Deltaww Cncsoft-G2 2.0.0.5

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer.

8.8
2024-07-09 CVE-2024-39883 Deltaww Out-of-bounds Write vulnerability in Deltaww Cncsoft-G2 2.0.0.5

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer.

8.8
2024-07-09 CVE-2024-40034 Idccms Project Cross-Site Request Forgery (CSRF) vulnerability in Idccms Project Idccms 1.35

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del

8.8
2024-07-09 CVE-2024-40037 Idccms Project Cross-Site Request Forgery (CSRF) vulnerability in Idccms Project Idccms 1.35

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del

8.8
2024-07-09 CVE-2024-40039 Idccms Project Cross-Site Request Forgery (CSRF) vulnerability in Idccms Project Idccms 1.35

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del

8.8
2024-07-09 CVE-2024-20701 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-21303 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-21308 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
8.8
2024-07-09 CVE-2024-21317 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
8.8
2024-07-09 CVE-2024-21331 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
8.8
2024-07-09 CVE-2024-21332 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
8.8
2024-07-09 CVE-2024-21333 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
8.8
2024-07-09 CVE-2024-21335 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
8.8
2024-07-09 CVE-2024-21373 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
8.8
2024-07-09 CVE-2024-21398 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
8.8
2024-07-09 CVE-2024-21414 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
8.8
2024-07-09 CVE-2024-21415 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
8.8
2024-07-09 CVE-2024-21425 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
8.8
2024-07-09 CVE-2024-21428 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
8.8
2024-07-09 CVE-2024-21449 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-28899 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.8
2024-07-09 CVE-2024-28928 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
8.8
2024-07-09 CVE-2024-30013 Microsoft Unspecified vulnerability in Microsoft products

Windows MultiPoint Services Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-35256 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-35271 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-35272 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37318 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37319 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37320 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37321 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37322 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37323 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37324 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37326 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37327 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37328 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37329 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37330 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37331 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37332 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37333 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37334 Microsoft Unspecified vulnerability in Microsoft products

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37336 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-37973 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.8
2024-07-09 CVE-2024-38021 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Outlook Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-38053 Microsoft Use After Free vulnerability in Microsoft products

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-38060 Microsoft Out-of-bounds Write vulnerability in Microsoft products

Windows Imaging Component Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-38087 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-38088 Microsoft Unspecified vulnerability in Microsoft products

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-38092 Microsoft Unspecified vulnerability in Microsoft Azure Cyclecloud

Azure CycleCloud Elevation of Privilege Vulnerability

8.8
2024-07-09 CVE-2024-38104 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Windows Fax Service Remote Code Execution Vulnerability

8.8
2024-07-09 CVE-2024-23663 Fortinet Unspecified vulnerability in Fortinet Fortiextender Firmware

An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.

8.8
2024-07-09 CVE-2024-27783 Fortinet Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fortiaiops 2.0.0

Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.

8.8
2024-07-09 CVE-2024-6609 Mozilla Unspecified vulnerability in Mozilla Firefox

When almost out-of-memory an elliptic curve key which was never allocated could have been freed again.

8.8
2024-07-09 CVE-2024-37513 Themewinter Path Traversal vulnerability in Themewinter Wpcafe

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27.

8.8
2024-07-09 CVE-2024-37520 Radiustheme Path Traversal vulnerability in Radiustheme Shopbuilder

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons allows Path Traversal.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through 2.1.12.

8.8
2024-07-09 CVE-2024-37952 Themeenergy Unspecified vulnerability in Themeenergy Book Your Travel

Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17.

8.8
2024-07-09 CVE-2024-39570 Siemens Command Injection vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1).

8.8
2024-07-09 CVE-2024-39571 Siemens Command Injection vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1).

8.8
2024-07-09 CVE-2024-39865 Siemens Unrestricted Upload of File with Dangerous Type vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).

8.8
2024-07-09 CVE-2024-39866 Siemens Unspecified vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).

8.8
2024-07-09 CVE-2023-3287 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system.

8.8
2024-07-09 CVE-2023-3288 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system.

8.8
2024-07-09 CVE-2024-37419 Codeless Path Traversal vulnerability in Codeless Cowidgets

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Codeless Cowidgets – Elementor Addons allows Path Traversal.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1.

8.8
2024-07-09 CVE-2024-37454 Awsm Path Traversal vulnerability in Awsm Team

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AWSM Innovations AWSM Team allows Path Traversal.This issue affects AWSM Team: from n/a through 1.3.1.

8.8
2024-07-09 CVE-2024-37455 Brainstormforce Unspecified vulnerability in Brainstormforce Ultimate Addons for Elementor

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31.

8.8
2024-07-09 CVE-2024-37462 G5Plus Path Traversal vulnerability in G5Plus Ultimate Bootstrap Elements for Elementor

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows Path Traversal.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.2.

8.8
2024-07-09 CVE-2024-37090 Stylemixthemes SQL Injection vulnerability in Stylemixthemes products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0.

8.8
2024-07-09 CVE-2024-37268 Kaptinlin Path Traversal vulnerability in Kaptinlin Striking

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in kaptinlin Striking allows Path Traversal.This issue affects Striking: from n/a through 2.3.4.

8.8
2024-07-09 CVE-2024-37225 Zoho SQL Injection vulnerability in Zoho Marketing Automation

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7.

8.8
2024-07-09 CVE-2024-37494 Kainelabs SQL Injection vulnerability in Kainelabs Youzify

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaineLabs Youzify.This issue affects Youzify: from n/a through 1.2.5.

8.8
2024-07-09 CVE-2024-3604 Hyumika SQL Injection vulnerability in Hyumika Openstreetmap

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

8.8
2024-07-09 CVE-2024-5456 The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selected_button' parameter.
8.8
2024-07-09 CVE-2024-6069 The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation/deactivation due to missing capability checks on the pieregister_install_addon, pieregister_activate_addon and pieregister_deactivate_addon functions in all versions up to, and including, 3.8.3.4.
8.8
2024-07-09 CVE-2024-6161 The Default Thumbnail Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'get_cache_image' function in all versions up to, and including, 1.0.2.3.
8.8
2024-07-09 CVE-2024-6309 The Attachment File Icons (AF Icons) plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3.
8.8
2024-07-09 CVE-2024-6316 The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6.
8.8
2024-07-09 CVE-2024-6317 The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6.
8.8
2024-07-09 CVE-2024-6320 The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.2.2.
8.8
2024-07-09 CVE-2024-6321 The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1.
8.8
2024-07-09 CVE-2024-5441 Webnus Unrestricted Upload of File with Dangerous Type vulnerability in Webnus Modern Events Calendar

The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function in all versions up to, and including, 7.11.0.

8.8
2024-07-09 CVE-2024-6166 Unlimited Elements SQL Injection vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates)

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘addons_order’ parameter in all versions up to, and including, 1.5.112 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

8.8
2024-07-09 CVE-2024-5793 The Houzez Theme - Functionality plugin for WordPress is vulnerable to SQL Injection via the ‘currency_code’ parameter in all versions up to, and including, 3.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
8.8
2024-07-08 CVE-2023-47677 Realtek
Level1
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11.

8.8
2024-07-08 CVE-2024-39202 Dlink Unspecified vulnerability in Dlink Dir-823X Ax3000 Firmware 240126

D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings.

8.8
2024-07-09 CVE-2024-37984 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.4
2024-07-10 CVE-2023-32467 Dell Improper Initialization vulnerability in Dell products

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability.

8.2
2024-07-10 CVE-2023-32472 Dell Out-of-bounds Write vulnerability in Dell products

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability.

8.2
2024-07-11 CVE-2024-28872 ISC Improper Certificate Validation vulnerability in ISC Stork

The TLS certificate validation code is flawed.

8.1
2024-07-11 CVE-2024-22280 Vmware SQL Injection vulnerability in VMWare Aria Automation and Cloud Foundation

VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.

8.1
2024-07-09 CVE-2024-35264 Microsoft Unspecified vulnerability in Microsoft .Net and Visual Studio 2022

.NET and Visual Studio Remote Code Execution Vulnerability

8.1
2024-07-09 CVE-2024-38049 Microsoft Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products

Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability

8.1
2024-07-09 CVE-2023-38047 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin).

8.1
2024-07-09 CVE-2023-38048 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider).

8.1
2024-07-09 CVE-2023-38049 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin).

8.1
2024-07-09 CVE-2023-38050 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin).

8.1
2024-07-09 CVE-2023-38051 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary).

8.1
2024-07-09 CVE-2023-38052 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin).

8.1
2024-07-09 CVE-2023-38053 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin).

8.1
2024-07-09 CVE-2023-38054 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer).

8.1
2024-07-09 CVE-2023-38055 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin).

8.1
2024-07-09 CVE-2024-37969 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-09 CVE-2024-37970 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-09 CVE-2024-37971 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-09 CVE-2024-37972 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-09 CVE-2024-37974 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-09 CVE-2024-37975 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-09 CVE-2024-37977 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-09 CVE-2024-37978 Microsoft Unspecified vulnerability in Microsoft Windows 11 22H2 and Windows 11 23H2

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-09 CVE-2024-37981 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-09 CVE-2024-37986 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-09 CVE-2024-37987 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-09 CVE-2024-37988 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-09 CVE-2024-37989 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-09 CVE-2024-38010 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-09 CVE-2024-38011 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

8.0
2024-07-14 CVE-2023-52885 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the established child sock, there is a window that the newsock retaining a freed listener svc_sock in sk_user_data which cloning from parent.

7.8
2024-07-12 CVE-2024-39494 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites.

7.8
2024-07-12 CVE-2024-39495 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: greybus: Fix use-after-free bug in gb_interface_release due to race condition. In gb_interface_create, &intf->mode_switch_completion is bound with gb_interface_mode_switch_work.

7.8
2024-07-12 CVE-2024-39496 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free due to race with dev replace While loading a zone's info during creation of a block group, we can race with a device replace operation and then trigger a use-after-free on the device that was just replaced (source device of the replace operation). This happens because at btrfs_load_zone_info() we extract a device from the chunk map into a local variable and then use the device while not under the protection of the device replace rwsem.

7.8
2024-07-12 CVE-2024-39510 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0xb41/0xb60 Read of size 8 at addr ffff888122e84088 by task ondemand-04-dae/963 CPU: 13 PID: 963 Comm: ondemand-04-dae Not tainted 6.8.0-dirty #564 Call Trace: kasan_report+0x93/0xc0 cachefiles_ondemand_daemon_read+0xb41/0xb60 vfs_read+0x169/0xb50 ksys_read+0xf5/0x1e0 Allocated by task 116: kmem_cache_alloc+0x140/0x3a0 cachefiles_lookup_cookie+0x140/0xcd0 fscache_cookie_state_machine+0x43c/0x1230 [...] Freed by task 792: kmem_cache_free+0xfe/0x390 cachefiles_put_object+0x241/0x480 fscache_cookie_state_machine+0x5c8/0x1230 [...] ================================================================== Following is the process that triggers the issue: mount | daemon_thread1 | daemon_thread2 ------------------------------------------------------------ cachefiles_withdraw_cookie cachefiles_ondemand_clean_object(object) cachefiles_ondemand_send_req REQ_A = kzalloc(sizeof(*req) + data_len) wait_for_completion(&REQ_A->done) cachefiles_daemon_read cachefiles_ondemand_daemon_read REQ_A = cachefiles_ondemand_select_req msg->object_id = req->object->ondemand->ondemand_id ------ restore ------ cachefiles_ondemand_restore xas_for_each(&xas, req, ULONG_MAX) xas_set_mark(&xas, CACHEFILES_REQ_NEW) cachefiles_daemon_read cachefiles_ondemand_daemon_read REQ_A = cachefiles_ondemand_select_req copy_to_user(_buffer, msg, n) xa_erase(&cache->reqs, id) complete(&REQ_A->done) ------ close(fd) ------ cachefiles_ondemand_fd_release cachefiles_put_object cachefiles_put_object kmem_cache_free(cachefiles_object_jar, object) REQ_A->object->ondemand->ondemand_id // object UAF !!! When we see the request within xa_lock, req->object must not have been freed yet, so grab the reference count of object before xa_unlock to avoid the above issue.

7.8
2024-07-12 CVE-2024-40899 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0x609/0xab0 Write of size 4 at addr ffff888109164a80 by task ondemand-04-dae/4962 CPU: 11 PID: 4962 Comm: ondemand-04-dae Not tainted 6.8.0-rc7-dirty #542 Call Trace: kasan_report+0x94/0xc0 cachefiles_ondemand_daemon_read+0x609/0xab0 vfs_read+0x169/0xb50 ksys_read+0xf5/0x1e0 Allocated by task 626: __kmalloc+0x1df/0x4b0 cachefiles_ondemand_send_req+0x24d/0x690 cachefiles_create_tmpfile+0x249/0xb30 cachefiles_create_file+0x6f/0x140 cachefiles_look_up_object+0x29c/0xa60 cachefiles_lookup_cookie+0x37d/0xca0 fscache_cookie_state_machine+0x43c/0x1230 [...] Freed by task 626: kfree+0xf1/0x2c0 cachefiles_ondemand_send_req+0x568/0x690 cachefiles_create_tmpfile+0x249/0xb30 cachefiles_create_file+0x6f/0x140 cachefiles_look_up_object+0x29c/0xa60 cachefiles_lookup_cookie+0x37d/0xca0 fscache_cookie_state_machine+0x43c/0x1230 [...] ================================================================== Following is the process that triggers the issue: mount | daemon_thread1 | daemon_thread2 ------------------------------------------------------------ cachefiles_ondemand_init_object cachefiles_ondemand_send_req REQ_A = kzalloc(sizeof(*req) + data_len) wait_for_completion(&REQ_A->done) cachefiles_daemon_read cachefiles_ondemand_daemon_read REQ_A = cachefiles_ondemand_select_req cachefiles_ondemand_get_fd copy_to_user(_buffer, msg, n) process_open_req(REQ_A) ------ restore ------ cachefiles_ondemand_restore xas_for_each(&xas, req, ULONG_MAX) xas_set_mark(&xas, CACHEFILES_REQ_NEW); cachefiles_daemon_read cachefiles_ondemand_daemon_read REQ_A = cachefiles_ondemand_select_req write(devfd, ("copen %u,%llu", msg->msg_id, size)); cachefiles_ondemand_copen xa_erase(&cache->reqs, id) complete(&REQ_A->done) kfree(REQ_A) cachefiles_ondemand_get_fd(REQ_A) fd = get_unused_fd_flags file = anon_inode_getfile fd_install(fd, file) load = (void *)REQ_A->msg.data; load->fd = fd; // load UAF !!! This issue is caused by issuing a restore command when the daemon is still alive, which results in a request being processed multiple times thus triggering a UAF.

7.8
2024-07-12 CVE-2024-40902 Linux Classic Buffer Overflow vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging.

7.8
2024-07-12 CVE-2024-40903 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps There could be a potential use-after-free case in tcpm_register_source_caps().

7.8
2024-07-12 CVE-2024-40906 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always stop health timer during driver removal Currently, if teardown_hca fails to execute during driver removal, mlx5 does not stop the health timer.

7.8
2024-07-12 CVE-2024-40909 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free in bpf_link_free() After commit 1a80dbcb2dba, bpf_link can be freed by link->ops->dealloc_deferred, but the code still tests and uses link->ops->dealloc afterward, which leads to a use-after-free as reported by syzbot.

7.8
2024-07-12 CVE-2024-40954 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: do not leave a dangling sk pointer, when socket creation fails It is possible to trigger a use-after-free by: * attaching an fentry probe to __sock_release() and the probe calling the bpf_get_socket_cookie() helper * running traceroute -I 1.1.1.1 on a freshly booted VM A KASAN enabled kernel will log something like below (decoded and stripped): ================================================================== BUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) Read of size 8 at addr ffff888007110dd8 by task traceroute/299 CPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1)) print_report (mm/kasan/report.c:378 mm/kasan/report.c:488) ? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) kasan_report (mm/kasan/report.c:603) ? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189) __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) bpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092) bpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e bpf_trampoline_6442506592+0x47/0xaf __sock_release (net/socket.c:652) __sock_create (net/socket.c:1601) ... Allocated by task 299 on cpu 2 at 78.328492s: kasan_save_stack (mm/kasan/common.c:48) kasan_save_track (mm/kasan/common.c:68) __kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338) kmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007) sk_prot_alloc (net/core/sock.c:2075) sk_alloc (net/core/sock.c:2134) inet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252) __sock_create (net/socket.c:1572) __sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706) __x64_sys_socket (net/socket.c:1718) do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Freed by task 299 on cpu 2 at 78.328502s: kasan_save_stack (mm/kasan/common.c:48) kasan_save_track (mm/kasan/common.c:68) kasan_save_free_info (mm/kasan/generic.c:582) poison_slab_object (mm/kasan/common.c:242) __kasan_slab_free (mm/kasan/common.c:256) kmem_cache_free (mm/slub.c:4437 mm/slub.c:4511) __sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208) inet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252) __sock_create (net/socket.c:1572) __sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706) __x64_sys_socket (net/socket.c:1718) do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Fix this by clearing the struct socket reference in sk_common_release() to cover all protocol families create functions, which may already attached the reference to the sk object with sock_init_data().

7.8
2024-07-12 CVE-2024-40956 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Use list_for_each_entry_safe() to allow iterating through the list and deleting the entry in the iteration process.

7.8
2024-07-12 CVE-2024-40958 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netns: Make get_net_ns() handle zero refcount net Syzkaller hit a warning: refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0 Modules linked in: CPU: 3 PID: 7890 Comm: tun Not tainted 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:refcount_warn_saturate+0xdf/0x1d0 Code: 41 49 04 31 ff 89 de e8 9f 1e cd fe 84 db 75 9c e8 76 26 cd fe c6 05 b6 41 49 04 01 90 48 c7 c7 b8 8e 25 86 e8 d2 05 b5 fe 90 <0f> 0b 90 90 e9 79 ff ff ff e8 53 26 cd fe 0f b6 1 RSP: 0018:ffff8881067b7da0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c72ac RDX: ffff8881026a2140 RSI: ffffffff811c72b5 RDI: 0000000000000001 RBP: ffff8881067b7db0 R08: 0000000000000000 R09: 205b5d3730353139 R10: 0000000000000000 R11: 205d303938375420 R12: ffff8881086500c4 R13: ffff8881086500c4 R14: ffff8881086500b0 R15: ffff888108650040 FS: 00007f5b2961a4c0(0000) GS:ffff88823bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055d7ed36fd18 CR3: 00000001482f6000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? show_regs+0xa3/0xc0 ? __warn+0xa5/0x1c0 ? refcount_warn_saturate+0xdf/0x1d0 ? report_bug+0x1fc/0x2d0 ? refcount_warn_saturate+0xdf/0x1d0 ? handle_bug+0xa1/0x110 ? exc_invalid_op+0x3c/0xb0 ? asm_exc_invalid_op+0x1f/0x30 ? __warn_printk+0xcc/0x140 ? __warn_printk+0xd5/0x140 ? refcount_warn_saturate+0xdf/0x1d0 get_net_ns+0xa4/0xc0 ? __pfx_get_net_ns+0x10/0x10 open_related_ns+0x5a/0x130 __tun_chr_ioctl+0x1616/0x2370 ? __sanitizer_cov_trace_switch+0x58/0xa0 ? __sanitizer_cov_trace_const_cmp2+0x1c/0x30 ? __pfx_tun_chr_ioctl+0x10/0x10 tun_chr_ioctl+0x2f/0x40 __x64_sys_ioctl+0x11b/0x160 x64_sys_call+0x1211/0x20d0 do_syscall_64+0x9e/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5b28f165d7 Code: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 8 RSP: 002b:00007ffc2b59c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b28f165d7 RDX: 0000000000000000 RSI: 00000000000054e3 RDI: 0000000000000003 RBP: 00007ffc2b59c650 R08: 00007f5b291ed8c0 R09: 00007f5b2961a4c0 R10: 0000000029690010 R11: 0000000000000246 R12: 0000000000400730 R13: 00007ffc2b59cf40 R14: 0000000000000000 R15: 0000000000000000 </TASK> Kernel panic - not syncing: kernel: panic_on_warn set ... This is trigger as below: ns0 ns1 tun_set_iff() //dev is tun0 tun->dev = dev //ip link set tun0 netns ns1 put_net() //ref is 0 __tun_chr_ioctl() //TUNGETDEVNETNS net = dev_net(tun->dev); open_related_ns(&net->ns, get_net_ns); //ns1 get_net_ns() get_net() //addition on 0 Use maybe_get_net() in get_net_ns in case net's ref is zero to fix this

7.8
2024-07-12 CVE-2024-40994 Linux Integer Overflow or Wraparound vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow.

7.8
2024-07-12 CVE-2024-40996 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid splat in pskb_pull_reason syzkaller builds (CONFIG_DEBUG_NET=y) frequently trigger a debug hint in pskb_may_pull. We'd like to retain this debug check because it might hint at integer overflows and other issues (kernel code should pull headers, not huge value). In bpf case, this splat isn't interesting at all: such (nonsensical) bpf programs are typically generated by a fuzzer anyway. Do what Eric suggested and suppress such warning. For CONFIG_DEBUG_NET=n we don't need the extra check because pskb_may_pull will do the right thing: return an error without the WARN() backtrace.

7.8
2024-07-12 CVE-2024-41000 Linux Integer Overflow or Wraparound vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer shows this report: [ 62.982337] ------------[ cut here ]------------ [ 62.985692] cgroup: Invalid name [ 62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46 [ 62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1 [ 62.992992] 9223372036854775807 + 4095 cannot be represented in type 'long long' [ 62.997827] 9pnet_fd: p9_fd_create_tcp (7345): problem connecting socket to 127.0.0.1 [ 62.999369] random: crng reseeded on system resumption [ 63.000634] GUP no longer grows the stack in syz-executor.2 (7353): 20002000-20003000 (20001000) [ 63.000668] CPU: 0 PID: 7353 Comm: syz-executor.2 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 63.000677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.000682] Call Trace: [ 63.000686] <TASK> [ 63.000731] dump_stack_lvl+0x93/0xd0 [ 63.000919] __get_user_pages+0x903/0xd30 [ 63.001030] __gup_longterm_locked+0x153e/0x1ba0 [ 63.001041] ? _raw_read_unlock_irqrestore+0x17/0x50 [ 63.001072] ? try_get_folio+0x29c/0x2d0 [ 63.001083] internal_get_user_pages_fast+0x1119/0x1530 [ 63.001109] iov_iter_extract_pages+0x23b/0x580 [ 63.001206] bio_iov_iter_get_pages+0x4de/0x1220 [ 63.001235] iomap_dio_bio_iter+0x9b6/0x1410 [ 63.001297] __iomap_dio_rw+0xab4/0x1810 [ 63.001316] iomap_dio_rw+0x45/0xa0 [ 63.001328] ext4_file_write_iter+0xdde/0x1390 [ 63.001372] vfs_write+0x599/0xbd0 [ 63.001394] ksys_write+0xc8/0x190 [ 63.001403] do_syscall_64+0xd4/0x1b0 [ 63.001421] ? arch_exit_to_user_mode_prepare+0x3a/0x60 [ 63.001479] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 63.001535] RIP: 0033:0x7f7fd3ebf539 [ 63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539 [ 63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004 [ 63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000 [ 63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8 ... [ 63.018142] ---[ end trace ]--- Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang; It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's rework this overflow checking logic to not actually perform an overflow during the check itself, thus avoiding the UBSAN splat. [1]: https://github.com/llvm/llvm-project/pull/82432

7.8
2024-07-11 CVE-2024-39520 Juniper OS Command Injection vulnerability in Juniper Junos OS Evolved

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * All version before 20.4R3-S6-EVO,  * 21.2-EVO versions before 21.2R3-S4-EVO, * 21.4-EVO versions before 21.4R3-S6-EVO,  * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,  * 22.3-EVO versions before 22.3R2-EVO.

7.8
2024-07-11 CVE-2024-39521 Juniper OS Command Injection vulnerability in Juniper Junos OS Evolved

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved:  * 21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO,  * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.1-EVO versions before 22.1R3-S6-EVO,  * 22.2-EVO versions before 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO.

7.8
2024-07-11 CVE-2024-39522 Juniper OS Command Injection vulnerability in Juniper Junos OS Evolved 22.3/22.4

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * 22.3-EVO versions before 22.3R2-EVO, * 22.4-EVO versions before 22.4R1-S1-EVO, 22.4R2-EVO.

7.8
2024-07-11 CVE-2024-39523 Juniper OS Command Injection vulnerability in Juniper Junos OS Evolved

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved:  * All versions before 20.4R3-S7-EVO, * 21.2-EVO versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.1-EVO versions before 22.1R3-S6-EVO,  * 22.2-EVO versions before 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO, * 22.4-EVO versions before 22.4R2-EVO.

7.8
2024-07-11 CVE-2024-39524 Juniper OS Command Injection vulnerability in Juniper Junos OS Evolved

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: All versions before 20.4R3-S7-EVO, 21.2-EVO versions before 21.2R3-S8-EVO, 21.4-EVO versions before 21.4R3-S7-EVO,  22.2-EVO versions before 22.2R3-EVO, 22.3-EVO versions before 22.3R2-EVO, 22.4-EVO versions before 22.4R2-EVO.

7.8
2024-07-11 CVE-2024-2602 Schneider Electric Path Traversal vulnerability in Schneider-Electric Foxrtu Station

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor.

7.8
2024-07-11 CVE-2024-5681 Schneider Electric Improper Input Validation vulnerability in Schneider-Electric Ecostruxure Foxboro DCS Control Core Services

CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

7.8
2024-07-10 CVE-2024-38301 Dell Unspecified vulnerability in Dell Alienware Command Center

Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability.

7.8
2024-07-09 CVE-2024-20781 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-07-09 CVE-2024-20782 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-07-09 CVE-2024-20783 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-07-09 CVE-2024-20785 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-07-09 CVE-2024-34139 Adobe Integer Overflow or Wraparound vulnerability in Adobe Bridge

Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-07-09 CVE-2024-30079 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-35261 Microsoft Unspecified vulnerability in Microsoft Azure Network Watcher Agent

Azure Network Watcher VM Extension Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-38034 Microsoft Unspecified vulnerability in Microsoft products

Windows Filtering Platform Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-38043 Microsoft Unspecified vulnerability in Microsoft products

PowerShell Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-38047 Microsoft Unspecified vulnerability in Microsoft products

PowerShell Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-38050 Microsoft Integer Underflow (Wrap or Wraparound) vulnerability in Microsoft products

Windows Workstation Service Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-38051 Microsoft Out-of-bounds Write vulnerability in Microsoft products

Windows Graphics Component Remote Code Execution Vulnerability

7.8
2024-07-09 CVE-2024-38052 Microsoft Unspecified vulnerability in Microsoft products

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-38054 Microsoft Out-of-bounds Write vulnerability in Microsoft products

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-38057 Microsoft Unspecified vulnerability in Microsoft products

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-38059 Microsoft Unspecified vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-38062 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-38066 Microsoft Use After Free vulnerability in Microsoft products

Windows Win32k Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-38070 Microsoft Unspecified vulnerability in Microsoft products

Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability

7.8
2024-07-09 CVE-2024-38079 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-38080 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-38085 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-38100 Microsoft Unspecified vulnerability in Microsoft products

Windows File Explorer Elevation of Privilege Vulnerability

7.8
2024-07-09 CVE-2024-32056 Siemens Out-of-bounds Write vulnerability in Siemens Simcenter Femap

A vulnerability has been identified in Simcenter Femap (All versions < V2406).

7.8
2024-07-09 CVE-2024-33653 Siemens Out-of-bounds Read vulnerability in Siemens Simcenter Femap

A vulnerability has been identified in Simcenter Femap (All versions < V2406).

7.8
2024-07-09 CVE-2024-33654 Siemens Out-of-bounds Read vulnerability in Siemens Simcenter Femap

A vulnerability has been identified in Simcenter Femap (All versions < V2406).

7.8
2024-07-09 CVE-2024-39568 Siemens Command Injection vulnerability in Siemens Sinema Remote Connect Client

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1).

7.8
2024-07-09 CVE-2024-39870 Siemens Unspecified vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).

7.8
2024-07-09 CVE-2024-4944 Watchguard Command Injection vulnerability in Watchguard Mobile VPN With SSL

A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged.

7.8
2024-07-08 CVE-2024-27459 Openvpn Out-of-bounds Write vulnerability in Openvpn

The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.

7.8
2024-07-08 CVE-2024-37999 Siemens Unspecified vulnerability in Siemens Medicalis Workflow Orchestrator

A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions).

7.8
2024-07-08 CVE-2024-38330 IBM Uncontrolled Search Path Element vulnerability in IBM I 7.2/7.3/7.4

IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call.

7.8
2024-07-09 CVE-2024-39598 SAP Server-Side Request Forgery (SSRF) vulnerability in SAP products

SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests.

7.7
2024-07-09 CVE-2024-35266 Microsoft Unspecified vulnerability in Microsoft Azure Devops Server 2022.1.0

Azure DevOps Server Spoofing Vulnerability

7.6
2024-07-09 CVE-2024-35267 Microsoft Unspecified vulnerability in Microsoft Azure Devops Server 2022.1.0

Azure DevOps Server Spoofing Vulnerability

7.6
2024-07-14 CVE-2024-39732 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Datacap

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user.

7.5
2024-07-11 CVE-2024-39531 An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS). If a value is configured for DDoS bandwidth or burst parameters for any protocol in a queue, all protocols which share the same queue will have their bandwidth or burst value changed to the new value.
7.5
2024-07-11 CVE-2024-39540 An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives specific valid TCP traffic, the pfe crashes and restarts leading to a momentary but complete service outage. This issue affects Junos OS: 21.2 releases from 21.2R3-S5 before 21.2R3-S6. This issue does not affect earlier or later releases.
7.5
2024-07-11 CVE-2024-39542 An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS). This issue can occur in two scenarios: 1.
7.5
2024-07-11 CVE-2024-39548 An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition.
7.5
2024-07-11 CVE-2024-39549 Juniper Memory Leak vulnerability in Juniper Junos

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute.

7.5
2024-07-11 CVE-2024-39551 An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of  Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS).  Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command. user@host> show usp memory segment sha data objcache jsf  This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC:  * 20.4 before 20.4R3-S10,  * 21.2 before 21.2R3-S6,  * 21.3 before 21.3R3-S5,  * 21.4 before 21.4R3-S6,  * 22.1 before 22.1R3-S4,  * 22.2 before 22.2R3-S2,  * 22.3 before 22.3R3-S1,  * 22.4 before 22.4R3,  * 23.2 before 23.2R2.
7.5
2024-07-11 CVE-2024-39552 An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts. Continuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations.
7.5
2024-07-11 CVE-2024-39529 Juniper Use of Externally-Controlled Format String vulnerability in Juniper Junos

A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service. This issue affects Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.

7.5
2024-07-11 CVE-2024-39530 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an attempt is made to access specific sensors on platforms not supporting these sensors, either via GRPC or netconf, chassisd will crash and restart leading to a restart of all FPCs and thereby a complete outage. This issue affects Junos OS: * 21.4 versions from 21.4R3 before 21.4R3-S5, * 22.1 versions from 22.1R3 before 22.1R3-S4, * 22.2 versions from 22.2R2 before 22.2R3, * 22.3 versions from 22.3R1 before 22.3R2-S2, 22.3R3, * 22.4 versions from 22.4R1 before 22.4R2. This issue does not affect Junos OS versions earlier than 21.4.

7.5
2024-07-11 CVE-2024-37151 Oisf Improper Check for Unusual or Exceptional Conditions vulnerability in Oisf Suricata

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.

7.5
2024-07-11 CVE-2024-38534 Oisf Allocation of Resources Without Limits or Throttling vulnerability in Oisf Suricata

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.

7.5
2024-07-11 CVE-2024-38535 Oisf Allocation of Resources Without Limits or Throttling vulnerability in Oisf Suricata

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.

7.5
2024-07-11 CVE-2024-38536 Oisf NULL Pointer Dereference vulnerability in Oisf Suricata

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.

7.5
2024-07-11 CVE-2024-6407 Schneider Electric Unspecified vulnerability in Schneider-Electric Whc-5918A Firmware

CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device.

7.5
2024-07-10 CVE-2024-39518 A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS). When the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive.
7.5
2024-07-10 CVE-2024-39555 An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS).
7.5
2024-07-10 CVE-2024-39562 A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users.
7.5
2024-07-10 CVE-2024-6421 Pepperl Fuchs Unspecified vulnerability in Pepperl-Fuchs products

An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service.

7.5
2024-07-09 CVE-2024-27360 Samsung Improper Validation of Specified Quantity in Input vulnerability in Samsung products

A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service.

7.5
2024-07-09 CVE-2024-27362 Samsung Improper Validation of Specified Quantity in Input vulnerability in Samsung products

A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure.

7.5
2024-07-09 CVE-2024-31957 Samsung Improper Validation of Specified Quantity in Input vulnerability in Samsung Exynos 2200 Firmware and Exynos 2400 Firmware

A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length.

7.5
2024-07-09 CVE-2024-39698 Electron Improper Certificate Validation vulnerability in Electron Electron-Builder

electron-updater allows for automatic updates for Electron apps.

7.5
2024-07-09 CVE-2024-30098 Microsoft Unspecified vulnerability in Microsoft products

Windows Cryptographic Services Security Feature Bypass Vulnerability

7.5
2024-07-09 CVE-2024-30105 Microsoft Unspecified vulnerability in Microsoft .Net and Visual Studio 2022

.NET and Visual Studio Denial of Service Vulnerability

7.5
2024-07-09 CVE-2024-32987 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019

Microsoft SharePoint Server Information Disclosure Vulnerability

7.5
2024-07-09 CVE-2024-38015 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

7.5
2024-07-09 CVE-2024-38031 Microsoft Unspecified vulnerability in Microsoft products

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

7.5
2024-07-09 CVE-2024-38061 Microsoft Unspecified vulnerability in Microsoft products

DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability

7.5
2024-07-09 CVE-2024-38064 Microsoft Unspecified vulnerability in Microsoft products

Windows TCP/IP Information Disclosure Vulnerability

7.5
2024-07-09 CVE-2024-38067 Microsoft Unspecified vulnerability in Microsoft products

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

7.5
2024-07-09 CVE-2024-38068 Microsoft Unspecified vulnerability in Microsoft products

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

7.5
2024-07-09 CVE-2024-38071 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

7.5
2024-07-09 CVE-2024-38072 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

7.5
2024-07-09 CVE-2024-38073 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

7.5
2024-07-09 CVE-2024-38078 Microsoft Unspecified vulnerability in Microsoft Windows 11 21H2 and Windows 11 23H2

Xbox Wireless Adapter Remote Code Execution Vulnerability

7.5
2024-07-09 CVE-2024-38091 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WS-Discovery Denial of Service Vulnerability

7.5
2024-07-09 CVE-2024-38095 Microsoft Unspecified vulnerability in Microsoft .Net and Visual Studio 2022

.NET and Visual Studio Denial of Service Vulnerability

7.5
2024-07-09 CVE-2024-38112 Microsoft Unspecified vulnerability in Microsoft products

Windows MSHTML Platform Spoofing Vulnerability

7.5
2024-07-09 CVE-2024-39873 Siemens Improper Restriction of Excessive Authentication Attempts vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).

7.5
2024-07-09 CVE-2024-39874 Siemens Improper Restriction of Excessive Authentication Attempts vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).

7.5
2024-07-08 CVE-2024-6227 Aimstack Infinite Loop vulnerability in Aimstack AIM 3.19.3

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself.

7.5
2024-07-08 CVE-2024-23562 Hcltech Unspecified vulnerability in Hcltech Domino 11.0/12.0/14.0

A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information.

7.5
2024-07-08 CVE-2024-31504 Embedded Solutions Classic Buffer Overflow vulnerability in Embedded-Solutions Freemodbus 20180912

Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodbus v.2018-09-12 allows a remtoe attacker to cause a denial of service via the LINUXTCP server component.

7.5
2024-07-08 CVE-2024-25639 Khoj Command Injection vulnerability in Khoj

Khoj is an application that creates personal AI agents.

7.5
2024-07-08 CVE-2024-39743 IBM Unspecified vulnerability in IBM MQ Operator

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation.

7.5
2024-07-08 CVE-2024-24974 Openvpn Unspecified vulnerability in Openvpn

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.

7.5
2024-07-09 CVE-2023-50178 Fortinet Improper Certificate Validation vulnerability in Fortinet Fortiadc

An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud.

7.4
2024-07-11 CVE-2024-39546 A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system.  This issue affects Junos OS Evolved:  * All versions prior to 21.2R3-S8-EVO,  * 21.4 versions prior to  21.4R3-S6-EVO,  * 22.1 versions prior to 22.1R3-S5-EVO,  * 22.2 versions prior to 22.2R3-S3-EVO,  * 22.3 versions prior to 22.3R3-S3-EVO,  * 22.4 versions prior to 22.4R3-EVO,  * 23.2 versions prior to 23.2R2-EVO.
7.3
2024-07-09 CVE-2024-30061 Microsoft Unspecified vulnerability in Microsoft Dynamics 365 9.1

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

7.3
2024-07-09 CVE-2024-38033 Microsoft Unspecified vulnerability in Microsoft products

PowerShell Elevation of Privilege Vulnerability

7.3
2024-07-09 CVE-2024-38081 Microsoft Unspecified vulnerability in Microsoft .Net, .Net Framework and Visual Studio 2022

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

7.3
2024-07-09 CVE-2024-39867 Siemens Forced Browsing vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).

7.3
2024-07-09 CVE-2024-39868 Siemens Forced Browsing vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).

7.3
2024-07-12 CVE-2024-5902 The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping.
7.2
2024-07-11 CVE-2024-6447 The FULL – Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on the related functions.
7.2
2024-07-09 CVE-2024-35154 IBM Unspecified vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code.

7.2
2024-07-09 CVE-2024-38019 Microsoft Integer Overflow or Wraparound vulnerability in Microsoft products

Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

7.2
2024-07-09 CVE-2024-38023 Microsoft Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server 2016/2019

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2
2024-07-09 CVE-2024-38024 Microsoft Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server 2016/2019

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2
2024-07-09 CVE-2024-38025 Microsoft Out-of-bounds Write vulnerability in Microsoft products

Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

7.2
2024-07-09 CVE-2024-38028 Microsoft Out-of-bounds Read vulnerability in Microsoft products

Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

7.2
2024-07-09 CVE-2024-38044 Microsoft Incorrect Conversion between Numeric Types vulnerability in Microsoft products

DHCP Server Service Remote Code Execution Vulnerability

7.2
2024-07-09 CVE-2024-38094 Microsoft Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server 2016/2019

Microsoft SharePoint Remote Code Execution Vulnerability

7.2
2024-07-09 CVE-2024-39569 Siemens Command Injection vulnerability in Siemens Sinema Remote Connect Client

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1).

7.2
2024-07-09 CVE-2024-37410 Wpbeaveraddons Path Traversal vulnerability in Wpbeaveraddons Powerpack Lite for Beaver Builder

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beaver Addons PowerPack Lite for Beaver Builder allows Path Traversal.This issue affects PowerPack Lite for Beaver Builder: from n/a through 1.3.0.3.

7.2
2024-07-09 CVE-2024-37266 Themeum Path Traversal vulnerability in Themeum Tutor LMS

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.

7.2
2024-07-09 CVE-2024-37256 Themeum SQL Injection vulnerability in Themeum Tutor LMS

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1.

7.2
2024-07-09 CVE-2024-37486 Strangerstudios SQL Injection vulnerability in Strangerstudios Paid Memberships PRO

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5.

7.2
2024-07-09 CVE-2024-5479 The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.13 due to insufficient input sanitization and output escaping.
7.2
2024-07-09 CVE-2024-6123 The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.13.3.
7.2
2024-07-09 CVE-2024-6180 The EventON plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eventon_import_settings' ajax action in all versions up to, and including, 2.2.15.
7.2
2024-07-09 CVE-2024-28748 A remote attacker with high privileges may use a reading file function to inject OS commands.
7.2
2024-07-09 CVE-2024-28749 A remote attacker with high privileges may use a writing file function to inject OS commands.
7.2
2024-07-09 CVE-2024-5974 Watchguard Classic Buffer Overflow vulnerability in Watchguard Fireware

A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3.

7.2
2024-07-08 CVE-2023-34435 Realtek
Level1
Improper Verification of Cryptographic Signature vulnerability in multiple products

A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-41251 Realtek
Level1
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-45215 Realtek
Level1
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-45742 Realtek
Level1
Integer Overflow or Wraparound vulnerability in multiple products

An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-47856 Realtek
Level1
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-48270 Realtek
Level1
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-49073 Realtek
Level1
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-49593 Level1 Unspecified vulnerability in Level1 Wbr-6013 Firmware Rer4Av3411B2T2Rlev09170623

Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623.

7.2
2024-07-08 CVE-2023-49595 Realtek
Level1
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-49867 Realtek
Level1
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-50239 Realtek
Level1
Out-of-bounds Write vulnerability in multiple products

Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-50240 Realtek
Level1
Out-of-bounds Write vulnerability in multiple products

Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-50243 Realtek
Level1
Out-of-bounds Write vulnerability in multiple products

Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-50244 Realtek
Level1
Out-of-bounds Write vulnerability in multiple products

Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-50330 Realtek
Level1
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-50381 Realtek
Level1
OS Command Injection vulnerability in multiple products

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-50382 Realtek
Level1
OS Command Injection vulnerability in multiple products

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2023-50383 Realtek
Level1
OS Command Injection vulnerability in multiple products

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-08 CVE-2024-21778 Realtek
Level1
Out-of-bounds Write vulnerability in multiple products

A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11.

7.2
2024-07-11 CVE-2024-5679 Schneider Electric Out-of-bounds Write vulnerability in Schneider-Electric Ecostruxure Foxboro DCS Control Core Services

CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

7.1
2024-07-09 CVE-2024-30081 Microsoft Unspecified vulnerability in Microsoft products

Windows NTLM Spoofing Vulnerability

7.1
2024-07-09 CVE-2024-38032 Microsoft Out-of-bounds Write vulnerability in Microsoft products

Microsoft Xbox Remote Code Execution Vulnerability

7.1
2024-07-09 CVE-2024-39487 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() In function bond_option_arp_ip_targets_set(), if newval->string is an empty string, newval->string+1 will point to the byte after the string, causing an out-of-bound read. BUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418 Read of size 1 at addr ffff8881119c4781 by task syz-executor665/8107 CPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0xc1/0x5e0 mm/kasan/report.c:475 kasan_report+0xbe/0xf0 mm/kasan/report.c:588 strlen+0x7d/0xa0 lib/string.c:418 __fortify_strlen include/linux/fortify-string.h:210 [inline] in4_pton+0xa3/0x3f0 net/core/utils.c:130 bond_option_arp_ip_targets_set+0xc2/0x910 drivers/net/bonding/bond_options.c:1201 __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767 __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792 bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817 bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156 dev_attr_store+0x54/0x80 drivers/base/core.c:2366 sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136 kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x96a/0xd80 fs/read_write.c:584 ksys_write+0x122/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b ---[ end trace ]--- Fix it by adding a check of string length before using it.

7.1
2024-07-09 CVE-2024-34123 Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution.
7.0
2024-07-09 CVE-2024-6222 Docker Unspecified vulnerability in Docker Desktop

In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop  v4.31.0 https://docs.docker.com/desktop/release-notes/#4310  additionally changes the default configuration to enable this setting by default.

7.0
2024-07-09 CVE-2024-38022 Microsoft Link Following vulnerability in Microsoft products

Windows Image Acquisition Elevation of Privilege Vulnerability

7.0
2024-07-09 CVE-2024-38069 Microsoft Improper Verification of Cryptographic Signature vulnerability in Microsoft products

Windows Enroll Engine Security Feature Bypass Vulnerability

7.0

233 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-07-09 CVE-2024-26184 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

6.8
2024-07-09 CVE-2024-38058 Microsoft Unspecified vulnerability in Microsoft products

BitLocker Security Feature Bypass Vulnerability

6.8
2024-07-09 CVE-2024-38065 Microsoft Out-of-bounds Write vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

6.8
2024-07-11 CVE-2024-38433 Nuvoton Improper Authentication vulnerability in Nuvoton products

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.

6.7
2024-07-09 CVE-2024-38013 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Windows Server Backup Elevation of Privilege Vulnerability

6.7
2024-07-08 CVE-2024-6563 Renesas Classic Buffer Overflow vulnerability in Renesas Arm-Trusted-Firmware

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code.

6.7
2024-07-08 CVE-2024-6564 Renesas Classic Buffer Overflow vulnerability in Renesas Arm-Trusted-Firmware

Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE.

6.7
2024-07-10 CVE-2024-39512 An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges. This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO,  * from 23.4R1-EVO before 23.4R2-EVO.
6.6
2024-07-12 CVE-2024-31947 Stonefly Path Traversal vulnerability in Stonefly Storage Concentrator

StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users.

6.5
2024-07-12 CVE-2024-40547 Publiccms Unspecified vulnerability in Publiccms

PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace.

6.5
2024-07-11 CVE-2024-39537 An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports. This issue affects Junos OS Evolved on ACX 7000 Series: * All versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO.
6.5
2024-07-11 CVE-2024-39538 A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a  Denial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of the affected FPC until it is manually recovered. This issue affects Junos OS Evolved on ACX7000 Series: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO,  * 22.4-EVO versions before 22.4R3-S2-EVO,  * 23.2-EVO versions before 23.2R2-EVO,  * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.
6.5
2024-07-11 CVE-2024-39541 An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart. This issue affects: Junos OS: * 22.4 versions before 22.4R3-S1, * 23.2 versions before 23.2R2,  * 23.4 versions before 23.4R1-S1, 23.4R2,  This issue does not affect Junos OS versions earlier than 22.4R1. Junos OS Evolved: * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO, This issue does not affect Junos OS Evolved versions earlier than before 22.4R1.
6.5
2024-07-11 CVE-2024-39543 A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects  Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3-S2,  * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R2. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO,  * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S2-EVO,  * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R2-EVO.
6.5
2024-07-11 CVE-2024-39550 A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS).
6.5
2024-07-11 CVE-2024-39553 An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity. This issue only happens when inline jflow is configured. This does not impact any forwarding traffic.
6.5
2024-07-11 CVE-2024-39519 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved 22.2/22.3/22.4

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). On all ACX 7000 Series platforms running Junos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets.

6.5
2024-07-10 CVE-2024-39514 An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). An attacker can send specific traffic to the device, which causes the rpd to crash and restart.
6.5
2024-07-10 CVE-2024-39517 An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS). In an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang.
6.5
2024-07-10 CVE-2024-39557 An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS). Certain MAC table updates cause a small amount of memory to leak.  Once memory utilization reaches its limit, the issue will result in a system crash and restart. To identify the issue, execute the CLI command: user@device> show platform application-info allocations app l2ald-agent EVL Object Allocation Statistics: Node   Application     Context Name                               Live   Allocs   Fails     Guids re0   l2ald-agent               net::juniper::rtnh::L2Rtinfo       1069096 1069302   0         1069302 re0   l2ald-agent               net::juniper::rtnh::NHOpaqueTlv     114     195       0         195 This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.
6.5
2024-07-10 CVE-2024-39560 An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS). The kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected. System kernel memory can be monitored through the use of the 'show system kernel memory' command as shown below: user@router> show system kernel memory   Real memory total/reserved: 4130268/ 133344 Kbytes kmem map free: 18014398509110220 Kbytes This issue affects: Junos OS: * All versions before 20.4R3-S9, * All versions of 21.2, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2; Junos OS Evolved: * All versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.
6.5
2024-07-10 CVE-2024-6649 Oretnom23 Cross-Site Request Forgery (CSRF) vulnerability in Oretnom23 Employee and Visitor Gate Pass Logging System 1.0

A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic.

6.5
2024-07-09 CVE-2024-21993 Netapp Unspecified vulnerability in Netapp Snapcenter

SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials.

6.5
2024-07-09 CVE-2024-38020 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Outlook Spoofing Vulnerability

6.5
2024-07-09 CVE-2024-38027 Microsoft Unspecified vulnerability in Microsoft products

Windows Line Printer Daemon Service Denial of Service Vulnerability

6.5
2024-07-09 CVE-2024-38030 Microsoft Unspecified vulnerability in Microsoft products

Windows Themes Spoofing Vulnerability

6.5
2024-07-09 CVE-2024-38048 Microsoft Out-of-bounds Read vulnerability in Microsoft products

Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability

6.5
2024-07-09 CVE-2024-38101 Microsoft Unspecified vulnerability in Microsoft products

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

6.5
2024-07-09 CVE-2024-38102 Microsoft Unspecified vulnerability in Microsoft products

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

6.5
2024-07-09 CVE-2024-38105 Microsoft Unspecified vulnerability in Microsoft products

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

6.5
2024-07-09 CVE-2024-6237 Redhat Unspecified vulnerability in Redhat products

A flaw was found in the 389 Directory Server.

6.5
2024-07-09 CVE-2023-50181 Fortinet Unspecified vulnerability in Fortinet Fortiadc

An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests.

6.5
2024-07-09 CVE-2024-27784 Fortinet Information Exposure Through Log Files vulnerability in Fortinet Fortiaiops 2.0.0

Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files.

6.5
2024-07-09 CVE-2024-27785 Fortinet Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortiaiops 2.0.0

An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports.

6.5
2024-07-09 CVE-2024-39869 Siemens Unspecified vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).

6.5
2024-07-09 CVE-2023-3286 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system.

6.5
2024-07-09 CVE-2023-3289 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin).

6.5
2024-07-09 CVE-2024-37224 Smartypantsplugins Path Traversal vulnerability in Smartypantsplugins SP Project & Document Manager

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71.

6.5
2024-07-09 CVE-2024-37175 SAP Missing Authorization vulnerability in SAP products

SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges.

6.5
2024-07-09 CVE-2024-39592 SAP Missing Authorization vulnerability in SAP S4Core and S4Coreop

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.

6.5
2024-07-08 CVE-2024-39695 Exiv2 Out-of-bounds Read vulnerability in Exiv2 0.28.0/0.28.1/0.28.2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

6.5
2024-07-08 CVE-2024-4341 Extremepacs Unspecified vulnerability in Extremepacs Extreme XDS

Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd.

6.5
2024-07-12 CVE-2024-39916 Fogproject Insecure Default Initialization of Resource vulnerability in Fogproject

FOG is a free open-source cloning/imaging/rescue suite/inventory management system.

6.4
2024-07-12 CVE-2024-6495 The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-07-12 CVE-2024-6588 The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘media_url’ parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping.
6.4
2024-07-10 CVE-2024-39556 A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution. By exploiting the 'set security certificates' command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user's command interpreter, or potentially trigger a stack-based buffer overflow. This issue affects:  Junos OS: * All versions before 21.4R3-S7, * from 22.1 before 22.1R3-S6, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2;  Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * from 22.1-EVO before 22.1R3-S6-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S2-EVO, * from 23.2-EVO before 23.2R2-EVO, * from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.
6.4
2024-07-10 CVE-2024-4866 The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-07-09 CVE-2024-38086 Microsoft Unspecified vulnerability in Microsoft Azure Kinect Software Development KIT

Azure Kinect SDK Remote Code Execution Vulnerability

6.4
2024-07-09 CVE-2024-6391 The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bw_button shortcode in all versions up to, and including, 4.10.3 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-07-09 CVE-2024-4862 The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-07-09 CVE-2024-5946 The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tab’ shortcode in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping.
6.4
2024-07-09 CVE-2024-4868 The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's EE Events and EE Flipbox widgets in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-07-09 CVE-2024-5669 The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.6.4.
6.4
2024-07-09 CVE-2024-5937 The Simple Alert Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-07-09 CVE-2024-5881 The Webico Slider Flatsome Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbc_image shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-07-11 CVE-2024-39532 An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information. This issue affects: Junos OS: * All versions before 22.1R2-S2, * 22.1R3 and later versions, * 22.2 versions before 22.2R2-S1, 22.2R3, * 22.3 versions before 22.3R1-S2, 22.3R2; Junos OS Evolved: * All versions before before 22.1R3-EVO, * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO, * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.
6.3
2024-07-12 CVE-2024-5626 Data443 Cross-site Scripting vulnerability in Data443 Inline Related Posts

The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2024-07-11 CVE-2024-6035 Gaizhenbiao Cross-site Scripting vulnerability in Gaizhenbiao Chuanhuchatgpt 20240410

A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410.

6.1
2024-07-11 CVE-2024-6528 Schneider Electric Cross-site Scripting vulnerability in Schneider-Electric products

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.

6.1
2024-07-10 CVE-2024-38354 Hackmd Cross-site Scripting vulnerability in Hackmd Codimd

CodiMD allows realtime collaborative markdown notes on all platforms.

6.1
2024-07-10 CVE-2023-6813 The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wle’ parameter in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping.
6.1
2024-07-09 CVE-2024-37830 Getoutline Open Redirect vulnerability in Getoutline Outline

An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie.

6.1
2024-07-09 CVE-2024-27183 DJ Extensions Cross-site Scripting vulnerability in Dj-Extensions Dj-Helpfularticles

XSS vulnerability in DJ-HelpfulArticles component for Joomla.

6.1
2024-07-09 CVE-2024-38972 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/.

6.1
2024-07-09 CVE-2024-40726 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/.

6.1
2024-07-09 CVE-2024-40727 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/.

6.1
2024-07-09 CVE-2024-40728 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/.

6.1
2024-07-09 CVE-2024-40729 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/.

6.1
2024-07-09 CVE-2024-40730 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/{id}/edit/.

6.1
2024-07-09 CVE-2024-40731 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/{id}/edit/.

6.1
2024-07-09 CVE-2024-40732 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/.

6.1
2024-07-09 CVE-2024-40733 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/{id}/edit/.

6.1
2024-07-09 CVE-2024-40734 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/.

6.1
2024-07-09 CVE-2024-40735 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/.

6.1
2024-07-09 CVE-2024-40736 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add.

6.1
2024-07-09 CVE-2024-40737 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add.

6.1
2024-07-09 CVE-2024-40738 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/.

6.1
2024-07-09 CVE-2024-40739 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add.

6.1
2024-07-09 CVE-2024-40740 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/.

6.1
2024-07-09 CVE-2024-40741 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/{id}/edit/.

6.1
2024-07-09 CVE-2024-40742 Netbox Cross-site Scripting vulnerability in Netbox 4.0.3

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add.

6.1
2024-07-09 CVE-2024-21729 Joomla Cross-site Scripting vulnerability in Joomla Joomla!

Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.

6.1
2024-07-09 CVE-2024-21731 Joomla Cross-site Scripting vulnerability in Joomla Joomla!

Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.

6.1
2024-07-09 CVE-2024-26278 Joomla Cross-site Scripting vulnerability in Joomla Joomla!

The Custom Fields component not correctly filter inputs, leading to a XSS vector.

6.1
2024-07-09 CVE-2024-26279 Joomla Cross-site Scripting vulnerability in Joomla Joomla!

The wrapper extensions do not correctly validate inputs, leading to XSS vectors.

6.1
2024-07-09 CVE-2024-34685 SAP Cross-site Scripting vulnerability in SAP Netweaver Knowledge Management and Collaboration (Kmc-Cm) 7.50

Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability.

6.1
2024-07-09 CVE-2024-37173 SAP Cross-site Scripting vulnerability in SAP products

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script.

6.1
2024-07-09 CVE-2024-37174 SAP Cross-site Scripting vulnerability in SAP products

Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability.

6.1
2024-07-08 CVE-2024-39203 Zblogcn Cross-site Scripting vulnerability in Zblogcn Z-Blogphp

A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

6.1
2024-07-08 CVE-2024-5711 Stitionai Cross-site Scripting vulnerability in Stitionai Devika

A stored Cross-Site Scripting (XSS) vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input.

6.1
2024-07-10 CVE-2024-39554 A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS).
5.9
2024-07-10 CVE-2024-39559 An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device (vmcore) by sending a specific TCP packet over an established TCP session with MD5 authentication enabled, destined to an accessible port on the device, resulting in a Denial of Service (DoS).  The receipt of this packet must occur within a specific timing window outside the attacker's control (i.e., race condition). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects dual RE systems with Nonstop Active Routing (NSR) enabled. Exploitation can only occur over TCP sessions with MD5 authentication enabled (e.g., BGP with MD5 authentication). This issue affects Junos OS Evolved:  * All versions before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S6-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R2-S2-EVO, 22.4R3-EVO.
5.9
2024-07-09 CVE-2024-37865 S3Browser Improper Certificate Validation vulnerability in S3Browser S3 Browser

An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component.

5.9
2024-07-09 CVE-2024-38099 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

5.9
2024-07-09 CVE-2023-50179 Fortinet Improper Certificate Validation vulnerability in Fortinet Fortiadc

An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors.

5.9
2024-07-11 CVE-2024-39533 An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions ip-source-address ip-destination-address arp-type which are not supported for this type of filter, are used in an ethernet switching filter, and then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect. This issue affects Junos OS on QFX5000 Series and EX4600 Series: * All version before 21.2R3-S7,  * 21.4 versions before 21.4R3-S6, * 22.1 versions before 22.1R3-S5, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S2,  * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2. Please note that the implemented fix ensures these unsupported match conditions cannot be committed anymore.
5.8
2024-07-10 CVE-2024-39561 An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an attacker to send TCP packets with SYN/FIN or SYN/RST flags, bypassing the expected blocking of these packets. A TCP packet with SYN/FIN or SYN/RST should be dropped in flowd.
5.8
2024-07-11 CVE-2024-39528 Juniper Use After Free vulnerability in Juniper Junos

A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart. This issue affects:    Junos OS: * All versions before 21.2R3-S8,  * 21.4 versions before 21.4R3-S5, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S2, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.   Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S5-EVO, * 22.2-EVO versions before 22.2R3-S3-EVO,  * 22.3-EVO versions before 22.3R3-S2-EVO, * 22.4-EVO versions before 22.4R3-EVO, * 23.2-EVO versions before 23.2R2-EVO.

5.7
2024-07-09 CVE-2024-39593 SAP Unspecified vulnerability in SAP Landscape Management 3.0

SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response.

5.7
2024-07-14 CVE-2024-39733 IBM Insufficiently Protected Credentials vulnerability in IBM Datacap

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user.

5.5
2024-07-12 CVE-2024-39498 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 [Why] Commit: - commit 5aa1dfcdf0a4 ("drm/mst: Refactor the flow for payload allocation/removement") accidently overwrite the commit - commit 54d217406afe ("drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2") which cause regression. [How] Recover the original NULL fix and remove the unnecessary input parameter 'state' for drm_dp_add_payload_part2(). (cherry picked from commit 4545614c1d8da603e57b60dd66224d81b6ffc305)

5.5
2024-07-12 CVE-2024-39504 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: validate mandatory meta and payload Check for mandatory netlink attributes in payload and meta expression when used embedded from the inner expression, otherwise NULL pointer dereference is possible from userspace.

5.5
2024-07-12 CVE-2024-39506 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet In lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value, but then it is unconditionally passed to skb_add_rx_frag() which looks strange and could lead to null pointer dereference. lio_vf_rep_copy_packet() call trace looks like: octeon_droq_process_packets octeon_droq_fast_process_packets octeon_droq_dispatch_pkt octeon_create_recv_info ...search in the dispatch_list... ->disp_fn(rdisp->rinfo, ...) lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...) In this path there is no code which sets pg_info->page to NULL. So this check looks unneeded and doesn't solve potential problem. But I guess the author had reason to add a check and I have no such card and can't do real test. In addition, the code in the function liquidio_push_packet() in liquidio/lio_core.c does exactly the same. Based on this, I consider the most acceptable compromise solution to adjust this issue by moving skb_add_rx_frag() into conditional scope. Found by Linux Verification Center (linuxtesting.org) with SVACE.

5.5
2024-07-12 CVE-2024-40904 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages The syzbot fuzzer found that the interrupt-URB completion callback in the cdc-wdm driver was taking too long, and the driver's immediate resubmission of interrupt URBs with -EPROTO status combined with the dummy-hcd emulation to cause a CPU lockup: cdc_wdm 1-1:1.0: nonzero urb status received: -71 cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625] CPU#0 Utilization every 4s during lockup: #1: 98% system, 0% softirq, 3% hardirq, 0% idle #2: 98% system, 0% softirq, 3% hardirq, 0% idle #3: 98% system, 0% softirq, 3% hardirq, 0% idle #4: 98% system, 0% softirq, 3% hardirq, 0% idle #5: 98% system, 1% softirq, 3% hardirq, 0% idle Modules linked in: irq event stamp: 73096 hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline] hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994 hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline] softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582 softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588 CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Testing showed that the problem did not occur if the two error messages -- the first two lines above -- were removed; apparently adding material to the kernel log takes a surprisingly large amount of time. In any case, the best approach for preventing these lockups and to avoid spamming the log with thousands of error messages per second is to ratelimit the two dev_err() calls.

5.5
2024-07-12 CVE-2024-40907 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic in XDP_TX action In the XDP_TX path, ionic driver sends a packet to the TX path with rx page and corresponding dma address. After tx is done, ionic_tx_clean() frees that page. But RX ring buffer isn't reset to NULL. So, it uses a freed page, which causes kernel panic. BUG: unable to handle page fault for address: ffff8881576c110c PGD 773801067 P4D 773801067 PUD 87f086067 PMD 87efca067 PTE 800ffffea893e060 Oops: Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI CPU: 1 PID: 25 Comm: ksoftirqd/1 Not tainted 6.9.0+ #11 Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021 RIP: 0010:bpf_prog_f0b8caeac1068a55_balancer_ingress+0x3b/0x44f Code: 00 53 41 55 41 56 41 57 b8 01 00 00 00 48 8b 5f 08 4c 8b 77 00 4c 89 f7 48 83 c7 0e 48 39 d8 RSP: 0018:ffff888104e6fa28 EFLAGS: 00010283 RAX: 0000000000000002 RBX: ffff8881576c1140 RCX: 0000000000000002 RDX: ffffffffc0051f64 RSI: ffffc90002d33048 RDI: ffff8881576c110e RBP: ffff888104e6fa88 R08: 0000000000000000 R09: ffffed1027a04a23 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881b03a21a8 R13: ffff8881589f800f R14: ffff8881576c1100 R15: 00000001576c1100 FS: 0000000000000000(0000) GS:ffff88881ae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff8881576c110c CR3: 0000000767a90000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x254/0x790 ? __pfx_page_fault_oops+0x10/0x10 ? __pfx_is_prefetch.constprop.0+0x10/0x10 ? search_bpf_extables+0x165/0x260 ? fixup_exception+0x4a/0x970 ? exc_page_fault+0xcb/0xe0 ? asm_exc_page_fault+0x22/0x30 ? 0xffffffffc0051f64 ? bpf_prog_f0b8caeac1068a55_balancer_ingress+0x3b/0x44f ? do_raw_spin_unlock+0x54/0x220 ionic_rx_service+0x11ab/0x3010 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? ionic_tx_clean+0x29b/0xc60 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? __pfx_ionic_tx_clean+0x10/0x10 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? __pfx_ionic_rx_service+0x10/0x10 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? ionic_tx_cq_service+0x25d/0xa00 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? __pfx_ionic_rx_service+0x10/0x10 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ionic_cq_service+0x69/0x150 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ionic_txrx_napi+0x11a/0x540 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] __napi_poll.constprop.0+0xa0/0x440 net_rx_action+0x7e7/0xc30 ? __pfx_net_rx_action+0x10/0x10

5.5
2024-07-12 CVE-2024-40910 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount imbalance on inbound connections When releasing a socket in ax25_release(), we call netdev_put() to decrease the refcount on the associated ax.25 device.

5.5
2024-07-12 CVE-2024-40911 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Lock wiphy in cfg80211_get_station Wiphy should be locked before calling rdev_get_station() (see lockdep assert in ieee80211_get_station()). This fixes the following kernel NULL dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000003001000 [0000000000000050] pgd=0800000002dca003, p4d=0800000002dca003, pud=08000000028e9003, pmd=0000000000000000 Internal error: Oops: 0000000096000006 [#1] SMP Modules linked in: netconsole dwc3_meson_g12a dwc3_of_simple dwc3 ip_gre gre ath10k_pci ath10k_core ath9k ath9k_common ath9k_hw ath CPU: 0 PID: 1091 Comm: kworker/u8:0 Not tainted 6.4.0-02144-g565f9a3a7911-dirty #705 Hardware name: RPT (r1) (DT) Workqueue: bat_events batadv_v_elp_throughput_metric_update pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ath10k_sta_statistics+0x10/0x2dc [ath10k_core] lr : sta_set_sinfo+0xcc/0xbd4 sp : ffff000007b43ad0 x29: ffff000007b43ad0 x28: ffff0000071fa900 x27: ffff00000294ca98 x26: ffff000006830880 x25: ffff000006830880 x24: ffff00000294c000 x23: 0000000000000001 x22: ffff000007b43c90 x21: ffff800008898acc x20: ffff00000294c6e8 x19: ffff000007b43c90 x18: 0000000000000000 x17: 445946354d552d78 x16: 62661f7200000000 x15: 57464f445946354d x14: 0000000000000000 x13: 00000000000000e3 x12: d5f0acbcebea978e x11: 00000000000000e3 x10: 000000010048fe41 x9 : 0000000000000000 x8 : ffff000007b43d90 x7 : 000000007a1e2125 x6 : 0000000000000000 x5 : ffff0000024e0900 x4 : ffff800000a0250c x3 : ffff000007b43c90 x2 : ffff00000294ca98 x1 : ffff000006831920 x0 : 0000000000000000 Call trace: ath10k_sta_statistics+0x10/0x2dc [ath10k_core] sta_set_sinfo+0xcc/0xbd4 ieee80211_get_station+0x2c/0x44 cfg80211_get_station+0x80/0x154 batadv_v_elp_get_throughput+0x138/0x1fc batadv_v_elp_throughput_metric_update+0x1c/0xa4 process_one_work+0x1ec/0x414 worker_thread+0x70/0x46c kthread+0xdc/0xe0 ret_from_fork+0x10/0x20 Code: a9bb7bfd 910003fd a90153f3 f9411c40 (f9402814) This happens because STA has time to disconnect and reconnect before batadv_v_elp_throughput_metric_update() delayed work gets scheduled.

5.5
2024-07-12 CVE-2024-40912 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to synchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from softirq context.

5.5
2024-07-12 CVE-2024-40932 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/exynos/vidi: fix memory leak in .get_modes() The duplicated EDID is never freed.

5.5
2024-07-12 CVE-2024-40934 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Fix a memory leak on logi_dj_recv_send_report() error path.

5.5
2024-07-12 CVE-2024-40951 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() bdev->bd_super has been removed and commit 8887b94d9322 change the usage from bdev->bd_super to b_assoc_map->host->i_sb.

5.5
2024-07-12 CVE-2024-40952 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() bdev->bd_super has been removed and commit 8887b94d9322 change the usage from bdev->bd_super to b_assoc_map->host->i_sb.

5.5
2024-07-12 CVE-2024-40955 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists() We can trigger a slab-out-of-bounds with the following commands: mkfs.ext4 -F /dev/$disk 10G mount /dev/$disk /tmp/test echo 2147483647 > /sys/fs/ext4/$disk/mb_group_prealloc echo test > /tmp/test/file && sync ================================================================== BUG: KASAN: slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists+0x8a/0x200 [ext4] Read of size 8 at addr ffff888121b9d0f0 by task kworker/u2:0/11 CPU: 0 PID: 11 Comm: kworker/u2:0 Tainted: GL 6.7.0-next-20240118 #521 Call Trace: dump_stack_lvl+0x2c/0x50 kasan_report+0xb6/0xf0 ext4_mb_find_good_group_avg_frag_lists+0x8a/0x200 [ext4] ext4_mb_regular_allocator+0x19e9/0x2370 [ext4] ext4_mb_new_blocks+0x88a/0x1370 [ext4] ext4_ext_map_blocks+0x14f7/0x2390 [ext4] ext4_map_blocks+0x569/0xea0 [ext4] ext4_do_writepages+0x10f6/0x1bc0 [ext4] [...] ================================================================== The flow of issue triggering is as follows: // Set s_mb_group_prealloc to 2147483647 via sysfs ext4_mb_new_blocks ext4_mb_normalize_request ext4_mb_normalize_group_request ac->ac_g_ex.fe_len = EXT4_SB(sb)->s_mb_group_prealloc ext4_mb_regular_allocator ext4_mb_choose_next_group ext4_mb_choose_next_group_best_avail mb_avg_fragment_size_order order = fls(len) - 2 = 29 ext4_mb_find_good_group_avg_frag_lists frag_list = &sbi->s_mb_avg_fragment_size[order] if (list_empty(frag_list)) // Trigger SOOB! At 4k block size, the length of the s_mb_avg_fragment_size list is 14, but an oversized s_mb_group_prealloc is set, causing slab-out-of-bounds to be triggered by an attempt to access an element at index 29. Add a new attr_id attr_clusters_in_group with values in the range [0, sbi->s_clusters_per_group] and declare mb_group_prealloc as that type to fix the issue.

5.5
2024-07-12 CVE-2024-40957 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors input_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for PREROUTING hook, in PREROUTING hook, we should passing a valid indev, and a NULL outdev to NF_HOOK(), otherwise may trigger a NULL pointer dereference, as below: [74830.647293] BUG: kernel NULL pointer dereference, address: 0000000000000090 [74830.655633] #PF: supervisor read access in kernel mode [74830.657888] #PF: error_code(0x0000) - not-present page [74830.659500] PGD 0 P4D 0 [74830.660450] Oops: 0000 [#1] PREEMPT SMP PTI ... [74830.664953] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [74830.666569] RIP: 0010:rpfilter_mt+0x44/0x15e [ipt_rpfilter] ... [74830.689725] Call Trace: [74830.690402] <IRQ> [74830.690953] ? show_trace_log_lvl+0x1c4/0x2df [74830.692020] ? show_trace_log_lvl+0x1c4/0x2df [74830.693095] ? ipt_do_table+0x286/0x710 [ip_tables] [74830.694275] ? __die_body.cold+0x8/0xd [74830.695205] ? page_fault_oops+0xac/0x140 [74830.696244] ? exc_page_fault+0x62/0x150 [74830.697225] ? asm_exc_page_fault+0x22/0x30 [74830.698344] ? rpfilter_mt+0x44/0x15e [ipt_rpfilter] [74830.699540] ipt_do_table+0x286/0x710 [ip_tables] [74830.700758] ? ip6_route_input+0x19d/0x240 [74830.701752] nf_hook_slow+0x3f/0xb0 [74830.702678] input_action_end_dx4+0x19b/0x1e0 [74830.703735] ? input_action_end_t+0xe0/0xe0 [74830.704734] seg6_local_input_core+0x2d/0x60 [74830.705782] lwtunnel_input+0x5b/0xb0 [74830.706690] __netif_receive_skb_one_core+0x63/0xa0 [74830.707825] process_backlog+0x99/0x140 [74830.709538] __napi_poll+0x2c/0x160 [74830.710673] net_rx_action+0x296/0x350 [74830.711860] __do_softirq+0xcb/0x2ac [74830.713049] do_softirq+0x63/0x90 input_action_end_dx4() passing a NULL indev to NF_HOOK(), and finally trigger a NULL dereference in rpfilter_mt()->rpfilter_is_loopback(): static bool rpfilter_is_loopback(const struct sk_buff *skb, const struct net_device *in) { // in is NULL return skb->pkt_type == PACKET_LOOPBACK || in->flags & IFF_LOOPBACK; }

5.5
2024-07-12 CVE-2024-40959 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ip6_dst_idev() can return NULL, xfrm6_get_saddr() must act accordingly. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 12 Comm: kworker/u8:1 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker RIP: 0010:xfrm6_get_saddr+0x93/0x130 net/ipv6/xfrm6_policy.c:64 Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 97 00 00 00 4c 8b ab d8 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 86 00 00 00 4d 8b 6d 00 e8 ca 13 47 01 48 b8 00 RSP: 0018:ffffc90000117378 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff88807b079dc0 RCX: ffffffff89a0d6d7 RDX: 0000000000000000 RSI: ffffffff89a0d6e9 RDI: ffff88807b079e98 RBP: ffff88807ad73248 R08: 0000000000000007 R09: fffffffffffff000 R10: ffff88807b079dc0 R11: 0000000000000007 R12: ffffc90000117480 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4586d00440 CR3: 0000000079042000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> xfrm_get_saddr net/xfrm/xfrm_policy.c:2452 [inline] xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2481 [inline] xfrm_tmpl_resolve+0xa26/0xf10 net/xfrm/xfrm_policy.c:2541 xfrm_resolve_and_create_bundle+0x140/0x2570 net/xfrm/xfrm_policy.c:2835 xfrm_bundle_lookup net/xfrm/xfrm_policy.c:3070 [inline] xfrm_lookup_with_ifid+0x4d1/0x1e60 net/xfrm/xfrm_policy.c:3201 xfrm_lookup net/xfrm/xfrm_policy.c:3298 [inline] xfrm_lookup_route+0x3b/0x200 net/xfrm/xfrm_policy.c:3309 ip6_dst_lookup_flow+0x15c/0x1d0 net/ipv6/ip6_output.c:1256 send6+0x611/0xd20 drivers/net/wireguard/socket.c:139 wg_socket_send_skb_to_peer+0xf9/0x220 drivers/net/wireguard/socket.c:178 wg_socket_send_buffer_to_peer+0x12b/0x190 drivers/net/wireguard/socket.c:200 wg_packet_send_handshake_initiation+0x227/0x360 drivers/net/wireguard/send.c:40 wg_packet_handshake_send_worker+0x1c/0x30 drivers/net/wireguard/send.c:51 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

5.5
2024-07-12 CVE-2024-40960 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if __in6_dev_get() returns NULL. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f] CPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline] RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758 Code: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19 RSP: 0018:ffffc900034af070 EFLAGS: 00010203 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000 RDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c RBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a R13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000 FS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784 nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496 __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825 find_rr_leaf net/ipv6/route.c:853 [inline] rt6_select net/ipv6/route.c:897 [inline] fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195 ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231 pol_lookup_func include/net/ip6_fib.h:616 [inline] fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121 ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline] ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651 ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147 ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250 rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898 inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_write_iter+0x4b8/0x5c0 net/socket.c:1160 new_sync_write fs/read_write.c:497 [inline] vfs_write+0x6b6/0x1140 fs/read_write.c:590 ksys_write+0x1f8/0x260 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f

5.5
2024-07-12 CVE-2024-40961 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL. fib6_nh_init() ip6_validate_gw( &idev ) ip6_route_check_nh( idev ) *idev = in6_dev_get(dev); // can be NULL Oops: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7] CPU: 0 PID: 11237 Comm: syz-executor.3 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b8965297 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 RIP: 0010:fib6_nh_init+0x640/0x2160 net/ipv6/route.c:3606 Code: 00 00 fc ff df 4c 8b 64 24 58 48 8b 44 24 28 4c 8b 74 24 30 48 89 c1 48 89 44 24 28 48 8d 98 e0 05 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 b3 17 00 00 8b 1b 31 ff 89 de e8 b8 8b RSP: 0018:ffffc900032775a0 EFLAGS: 00010202 RAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000000000 RDX: 0000000000000010 RSI: ffffc90003277a54 RDI: ffff88802b3a08d8 RBP: ffffc900032778b0 R08: 00000000000002fc R09: 0000000000000000 R10: 00000000000002fc R11: 0000000000000000 R12: ffff88802b3a08b8 R13: 1ffff9200064eec8 R14: ffffc90003277a00 R15: dffffc0000000000 FS: 00007f940feb06c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000245e8000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ip6_route_info_create+0x99e/0x12b0 net/ipv6/route.c:3809 ip6_route_add+0x28/0x160 net/ipv6/route.c:3853 ipv6_route_ioctl+0x588/0x870 net/ipv6/route.c:4483 inet6_ioctl+0x21a/0x280 net/ipv6/af_inet6.c:579 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f940f07cea9

5.5
2024-07-12 CVE-2024-40964 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind() The cs35l41_hda_unbind() function clears the hda_component entry matching it's index and then dereferences the codec pointer held in the first element of the hda_component array, this is an issue when the device index was 0. Instead use the codec pointer stashed in the cs35l41_hda structure as it will still be valid.

5.5
2024-07-12 CVE-2024-40965 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: i2c: lpi2c: Avoid calling clk_get_rate during transfer Instead of repeatedly calling clk_get_rate for each transfer, lock the clock rate and cache the value. A deadlock has been observed while adding tlv320aic32x4 audio codec to the system.

5.5
2024-07-12 CVE-2024-40967 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.

5.5
2024-07-12 CVE-2024-40969 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: f2fs: don't set RO when shutting down f2fs Shutdown does not check the error of thaw_super due to readonly, which causes a deadlock like below. f2fs_ioc_shutdown(F2FS_GOING_DOWN_FULLSYNC) issue_discard_thread - bdev_freeze - freeze_super - f2fs_stop_checkpoint() - f2fs_handle_critical_error - sb_start_write - set RO - waiting - bdev_thaw - thaw_super_locked - return -EINVAL, if sb_rdonly() - f2fs_stop_discard_thread -> wait for kthread_stop(discard_thread);

5.5
2024-07-12 CVE-2024-40970 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Avoid hw_desc array overrun in dw-axi-dmac I have a use case where nr_buffers = 3 and in which each descriptor is composed by 3 segments, resulting in the DMA channel descs_allocated to be 9.

5.5
2024-07-12 CVE-2024-40973 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: media: mtk-vcodec: potential null pointer deference in SCP The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference.

5.5
2024-07-12 CVE-2024-40977 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery During chip recovery (e.g.

5.5
2024-07-12 CVE-2024-40980 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drop_monitor: replace spin_lock by raw_spin_lock trace_drop_common() is called with preemption disabled, and it acquires a spin_lock.

5.5
2024-07-12 CVE-2024-40981 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bypass empty buckets in batadv_purge_orig_ref() Many syzbot reports are pointing to soft lockups in batadv_purge_orig_ref() [1] Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting reports. [1] watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621] Modules linked in: irq event stamp: 6182794 hardirqs last enabled at (6182793): [<ffff8000801dae10>] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 hardirqs last disabled at (6182794): [<ffff80008ad66a78>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (6182794): [<ffff80008ad66a78>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (6182792): [<ffff80008aab71c4>] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (6182792): [<ffff80008aab71c4>] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 softirqs last disabled at (6182790): [<ffff80008aab61dc>] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (6182790): [<ffff80008aab61dc>] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271 CPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: bat_events batadv_purge_orig pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline] pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388 lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 sp : ffff800099007970 x29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000 x26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001 x23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4 x20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0 x17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001 x14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000 Call trace: __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline] arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline] __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300 process_one_work+0x694/0x1204 kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x938/0xef4 kernel/workqueue.c:2787 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51 lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103 sp : ffff800093a17d30 x29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4 x26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002 x23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000 x20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396 x17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001 ---truncated---

5.5
2024-07-12 CVE-2024-40982 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ssb: Fix potential NULL pointer dereference in ssb_device_uevent() The ssb_device_uevent() function first attempts to convert the 'dev' pointer to 'struct ssb_device *'.

5.5
2024-07-12 CVE-2024-40995 Linux Infinite Loop vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() syzbot found hanging tasks waiting on rtnl_lock [1] A reproducer is available in the syzbot bug. When a request to add multiple actions with the same index is sent, the second request will block forever on the first request.

5.5
2024-07-12 CVE-2024-40997 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on CPU EPP exit The cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is not freed in the analogous exit function, so fix that. [ rjw: Subject and changelog edits ]

5.5
2024-07-12 CVE-2024-41001 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: work around a potential audit memory leak kmemleak complains that there's a memory leak related to connect handling: unreferenced object 0xffff0001093bdf00 (size 128): comm "iou-sqp-455", pid 457, jiffies 4294894164 hex dump (first 32 bytes): 02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 2e481b1a): [<00000000c0a26af4>] kmemleak_alloc+0x30/0x38 [<000000009c30bb45>] kmalloc_trace+0x228/0x358 [<000000009da9d39f>] __audit_sockaddr+0xd0/0x138 [<0000000089a93e34>] move_addr_to_kernel+0x1a0/0x1f8 [<000000000b4e80e6>] io_connect_prep+0x1ec/0x2d4 [<00000000abfbcd99>] io_submit_sqes+0x588/0x1e48 [<00000000e7c25e07>] io_sq_thread+0x8a4/0x10e4 [<00000000d999b491>] ret_from_fork+0x10/0x20 which can can happen if: 1) The command type does something on the prep side that triggers an audit call. 2) The thread hasn't done any operations before this that triggered an audit call inside ->issue(), where we have audit_uring_entry() and audit_uring_exit(). Work around this by issuing a blanket NOP operation before the SQPOLL does anything.

5.5
2024-07-12 CVE-2024-41002 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - Fix memory leak for sec resource release The AIV is one of the SEC resources.

5.5
2024-07-12 CVE-2024-41006 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netrom: Fix a memory leak in nr_heartbeat_expiry() syzbot reported a memory leak in nr_create() [0]. Commit 409db27e3a2e ("netrom: Fix use-after-free of a listening socket.") added sock_hold() to the nr_heartbeat_expiry() function, where a) a socket has a SOCK_DESTROY flag or b) a listening socket has a SOCK_DEAD flag. But in the case "a," when the SOCK_DESTROY flag is set, the file descriptor has already been closed and the nr_release() function has been called. So it makes no sense to hold the reference count because no one will call another nr_destroy_socket() and put it as in the case "b." nr_connect nr_establish_data_link nr_start_heartbeat nr_release switch (nr->state) case NR_STATE_3 nr->state = NR_STATE_2 sock_set_flag(sk, SOCK_DESTROY); nr_rx_frame nr_process_rx_frame switch (nr->state) case NR_STATE_2 nr_state2_machine() nr_disconnect() nr_sk(sk)->state = NR_STATE_0 sock_set_flag(sk, SOCK_DEAD) nr_heartbeat_expiry switch (nr->state) case NR_STATE_0 if (sock_flag(sk, SOCK_DESTROY) || (sk->sk_state == TCP_LISTEN && sock_flag(sk, SOCK_DEAD))) sock_hold() // ( !!! ) nr_destroy_socket() To fix the memory leak, let's call sock_hold() only for a listening socket. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller. [0]: https://syzkaller.appspot.com/bug?extid=d327a1f3b12e1e206c16

5.5
2024-07-12 CVE-2024-6625 The WP Total Branding – Complete branding solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping.
5.5
2024-07-11 CVE-2024-5680 Schneider Electric Improper Validation of Array Index vulnerability in Schneider-Electric Ecostruxure Foxboro DCS Control Core Services

CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

5.5
2024-07-10 CVE-2024-39511 An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS). On running a specific operational dot1x command, the dot1x daemon crashes.
5.5
2024-07-10 CVE-2024-39513 An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS). When a specific "clear" command is run, the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts. The crash impacts all traffic going through the FPCs, causing a DoS.
5.5
2024-07-10 CVE-2024-39489 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update seg6_hmac_exit to only free the memory when allocated, so we can reuse the code directly.

5.5
2024-07-10 CVE-2024-39493 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Using completion_done to determine whether the caller has gone away only works after a complete call.

5.5
2024-07-10 CVE-2024-25023 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Cloud PAK for Security and Qradar Suite

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user.

5.5
2024-07-09 CVE-2024-34140 Adobe Out-of-bounds Read vulnerability in Adobe Bridge

Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-07-09 CVE-2024-38017 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing Information Disclosure Vulnerability

5.5
2024-07-09 CVE-2024-38041 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Information Disclosure Vulnerability

5.5
2024-07-09 CVE-2024-38055 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Windows Codecs Library Information Disclosure Vulnerability

5.5
2024-07-09 CVE-2024-38056 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Windows Codecs Library Information Disclosure Vulnerability

5.5
2024-07-09 CVE-2024-39118 Mommyheather Unspecified vulnerability in Mommyheather Advanced Backups

Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up.

5.5
2024-07-09 CVE-2024-5652 Docker Unspecified vulnerability in Docker Desktop

In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.

5.5
2024-07-09 CVE-2024-37442 AYS PRO Injection vulnerability in Ays-Pro Photo Gallery

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: from n/a before 5.7.1.

5.5
2024-07-08 CVE-2024-34602 Samsung Unspecified vulnerability in Samsung Android 12.0/13.0/14.0

Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

5.5
2024-07-08 CVE-2024-34603 Samsung Unspecified vulnerability in Samsung Android 13.0/14.0

Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data.

5.5
2024-07-12 CVE-2024-40690 IBM Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting.

5.4
2024-07-12 CVE-2024-2430 Matteoenna Cross-site Scripting vulnerability in Matteoenna Website Content in Page or Post

The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2024-07-12 CVE-2024-2640 Kibokolabs Cross-site Scripting vulnerability in Kibokolabs Watu Quiz

The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

5.4
2024-07-12 CVE-2024-5811 Quantumcloud Cross-site Scripting vulnerability in Quantumcloud Simple Video Directory

The Simple Video Directory WordPress plugin before 1.4.4 does not sanitise and escape some of its settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

5.4
2024-07-11 CVE-2024-6392 Sirv Missing Authorization vulnerability in Sirv

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7.

5.4
2024-07-11 CVE-2024-6256 Smashballoon Cross-site Scripting vulnerability in Smashballoon Feeds for Youtube

The Feeds for YouTube (YouTube video, channel, and gallery plugin) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-07-11 CVE-2024-4655 Dotcamp Cross-site Scripting vulnerability in Dotcamp Ultimate Blocks

The Ultimate Blocks WordPress plugin before 3.1.9 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2024-07-11 CVE-2024-5444 Bible Text Project Cross-site Scripting vulnerability in Bible Text Project Bible Text

The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2024-07-11 CVE-2024-6025 Expresstech Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks

5.4
2024-07-11 CVE-2024-6026 10Web Cross-site Scripting vulnerability in 10Web Slider

The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks

5.4
2024-07-10 CVE-2023-35006 IBM Cross-site Scripting vulnerability in IBM Security Qradar EDR 3.12

IBM Security QRadar EDR 3.12 is vulnerable to HTML injection.

5.4
2024-07-10 CVE-2024-5664 Sonaar Cross-site Scripting vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-07-10 CVE-2024-36450 Webmin Cross-site Scripting vulnerability in Webmin

Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910.

5.4
2024-07-09 CVE-2024-39900 Opensearch Authorization Bypass Through User-Controlled Key vulnerability in Opensearch Observability

OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards.

5.4
2024-07-09 CVE-2024-39901 Opensearch Authorization Bypass Through User-Controlled Key vulnerability in Opensearch Observability

OpenSearch Observability is collection of plugins and applications that visualize data-driven events.

5.4
2024-07-09 CVE-2024-38971 Vaethink Cross-site Scripting vulnerability in Vaethink 1.0.2

vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend.

5.4
2024-07-09 CVE-2024-21730 Joomla Cross-site Scripting vulnerability in Joomla Joomla!

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.

5.4
2024-07-09 CVE-2024-39871 Siemens Incorrect Authorization vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).

5.4
2024-07-09 CVE-2024-37437 Elementor Path Traversal vulnerability in Elementor Website Builder

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting (XSS), Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1.

5.4
2024-07-09 CVE-2024-3563 Wpengine Cross-site Scripting vulnerability in Wpengine Genesis Blocks

The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-07-09 CVE-2024-3603 Hyumika Cross-site Scripting vulnerability in Hyumika Openstreetmap

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osm_map' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'.

5.4
2024-07-09 CVE-2024-4102 The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1.
5.4
2024-07-09 CVE-2024-5457 Pandavideo Cross-site Scripting vulnerability in Pandavideo Panda Video

The Panda Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping.

5.4
2024-07-09 CVE-2024-5600 The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all versions up to, and including, 1.3.10.
5.4
2024-07-09 CVE-2024-5648 The LearnDash LMS – Reports plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.8.2.
5.4
2024-07-09 CVE-2024-5993 The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_session' function in all versions up to, and including, 3.0.1.
5.4
2024-07-09 CVE-2024-37172 SAP Missing Authorization vulnerability in SAP S4Core 107/108

SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges.

5.4
2024-07-09 CVE-2024-4667 Plugin Devs Cross-site Scripting vulnerability in Plugin-Devs Blog, Posts and Category Filter for Elementor

The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post and Category Filter widget in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied 'post_types' attribute.

5.4
2024-07-09 CVE-2024-6169 Unlimited Elements Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates)

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping.

5.4
2024-07-09 CVE-2024-6170 Unlimited Elements Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates)

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping.

5.4
2024-07-08 CVE-2024-39308 Rails Admin Project Cross-site Scripting vulnerability in Rails Admin Project Rails Admin

RailsAdmin is a Rails engine that provides an interface for managing data.

5.4
2024-07-08 CVE-2024-37389 Apache Cross-site Scripting vulnerability in Apache Nifi

Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting.

5.4
2024-07-08 CVE-2024-37528 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Business Automation

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting.

5.4
2024-07-13 CVE-2024-6574 The Laposta plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.12.
5.3
2024-07-12 CVE-2024-6555 The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1.
5.3
2024-07-11 CVE-2024-39536 A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). When a BFD session configured with authentication flaps, ppmd memory can leak.
5.3
2024-07-11 CVE-2024-39539 A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart. This issue affects Junos OS on MX Series: * All version before 21.2R3-S6, * 21.4 versions before 21.4R3-S6, * 22.1 versions before 22.1R3-S5, * 22.2 versions before 22.2R3-S3,  * 22.3 versions before 22.3R3-S2, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.
5.3
2024-07-11 CVE-2024-0619 Payflex Missing Authorization vulnerability in Payflex Payment Gateway

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0.

5.3
2024-07-11 CVE-2024-6554 Wpmudev Unspecified vulnerability in Wpmudev Branda

The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18.

5.3
2024-07-11 CVE-2024-6210 The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9.
5.3
2024-07-10 CVE-2023-33859 IBM Response Discrepancy Information Exposure vulnerability in IBM Security Qradar EDR 3.12

IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy.

5.3
2024-07-10 CVE-2023-33860 IBM Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in IBM Security Qradar EDR 3.12

IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies.

5.3
2024-07-10 CVE-2024-6556 The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8.
5.3
2024-07-10 CVE-2024-6550 The Gravity Forms: Multiple Form Instances plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.1.
5.3
2024-07-09 CVE-2024-22377 Pingidentity Path Traversal vulnerability in Pingidentity Pingfederate

The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.

5.3
2024-07-09 CVE-2024-35270 Microsoft Unspecified vulnerability in Microsoft products

Windows iSCSI Service Denial of Service Vulnerability

5.3
2024-07-09 CVE-2024-3228 Wpkube Unspecified vulnerability in Wpkube Kiwi Social Share

The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class.

5.3
2024-07-09 CVE-2024-5810 The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1.
5.3
2024-07-09 CVE-2024-6171 Unlimited Elements Unspecified vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates)

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval.

5.3
2024-07-08 CVE-2024-6163 Checkmk Authentication Bypass by Spoofing vulnerability in Checkmk

Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data

5.3
2024-07-09 CVE-2023-3290 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system.

5.0
2024-07-09 CVE-2024-34689 SAP Server-Side Request Forgery (SSRF) vulnerability in SAP Business Workflow and SAP Basis

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests.

5.0
2024-07-09 CVE-2024-37171 SAP Server-Side Request Forgery (SSRF) vulnerability in SAP Saptmui and Transportation Management

SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application.

5.0
2024-07-08 CVE-2024-39699 Monospace Server-Side Request Forgery (SSRF) vulnerability in Monospace Directus

Directus is a real-time API and App dashboard for managing SQL database content.

5.0
2024-07-11 CVE-2024-39317 Wagtail Unspecified vulnerability in Wagtail

Wagtail is an open source content management system built on Django.

4.9
2024-07-09 CVE-2024-38970 Vaethink Unspecified vulnerability in Vaethink 1.0.2

vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function.

4.9
2024-07-12 CVE-2024-3112 Bestwebsoft Unrestricted Upload of File with Dangerous Type vulnerability in Bestwebsoft Quotes and Tips

The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

4.8
2024-07-12 CVE-2024-4753 Wpexperts Cross-site Scripting vulnerability in Wpexperts WP Secure Maintenance

The WP Secure Maintenance WordPress plugin before 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2024-07-11 CVE-2024-6138 AYS PRO Cross-site Scripting vulnerability in Ays-Pro Secure Copy Content Protection and Content Locking

The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2024-07-10 CVE-2024-6650 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Employee and Visitor Gate Pass Logging System 1.0

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic.

4.8
2024-07-10 CVE-2024-27095 Decidim Cross-site Scripting vulnerability in Decidim

Decidim is a participatory democracy framework.

4.8
2024-07-09 CVE-2024-33509 Fortinet Improper Certificate Validation vulnerability in Fortinet Fortiweb

An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF).

4.8
2024-07-09 CVE-2024-5802 Mythemeshop Cross-site Scripting vulnerability in Mythemeshop URL Shortener

The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8
2024-07-12 CVE-2024-40905 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in __fib6_drop_pcpu_from() syzbot found a race in __fib6_drop_pcpu_from() [1] If compiler reads more than once (*ppcpu_rt), second read could read NULL, if another cpu clears the value in rt6_get_pcpu_route(). Add a READ_ONCE() to prevent this race. Also add rcu_read_lock()/rcu_read_unlock() because we rely on RCU protection while dereferencing pcpu_rt. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097] CPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Workqueue: netns cleanup_net RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984 Code: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48 RSP: 0018:ffffc900040df070 EFLAGS: 00010206 RAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16 RDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091 RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007 R10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8 R13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline] fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline] fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038 fib6_del_route net/ipv6/ip6_fib.c:1998 [inline] fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043 fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205 fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127 fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175 fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255 __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271 rt6_sync_down_dev net/ipv6/route.c:4906 [inline] rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911 addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855 addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778 notifier_call_chain+0xb9/0x410 kernel/notifier.c:93 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992 call_netdevice_notifiers_extack net/core/dev.c:2030 [inline] call_netdevice_notifiers net/core/dev.c:2044 [inline] dev_close_many+0x333/0x6a0 net/core/dev.c:1585 unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193 unregister_netdevice_many net/core/dev.c:11276 [inline] default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759 ops_exit_list+0x128/0x180 net/core/net_namespace.c:178 cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

4.7
2024-07-09 CVE-2024-30071 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Access Connection Manager Information Disclosure Vulnerability

4.7
2024-07-09 CVE-2024-26015 Fortinet Incorrect Type Conversion or Cast vulnerability in Fortinet Fortios and Fortiproxy

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.

4.7
2024-07-09 CVE-2024-34692 SAP Unrestricted Upload of File with Dangerous Type vulnerability in SAP Enable NOW

Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files.

4.6
2024-07-08 CVE-2024-39723 IBM Improper Authentication vulnerability in IBM Storage Virtualize 8.6

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator.

4.6
2024-07-14 CVE-2024-39734 IBM Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Datacap

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies.

4.3
2024-07-13 CVE-2024-6465 The WP Links Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplf_ajax_update_screenshots' function in all versions up to, and including, 4.9.5.
4.3
2024-07-12 CVE-2024-1375 The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing nonce check on the save_bulkdatas function in all versions up to, and including, 5.9.5.
4.3
2024-07-10 CVE-2024-6410 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing validation on a user controlled key.
4.3
2024-07-09 CVE-2024-22477 Pingidentity Cross-site Scripting vulnerability in Pingidentity Pingfederate

A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor.

4.3
2024-07-09 CVE-2024-21759 Fortinet Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortiportal

An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests.

4.3
2024-07-09 CVE-2024-6608 Mozilla Unspecified vulnerability in Mozilla Firefox

It was possible to move the cursor using pointerlock from an iframe.

4.3
2024-07-09 CVE-2024-6610 Mozilla Unspecified vulnerability in Mozilla Firefox

Form validation popups could capture escape key presses.

4.3
2024-07-09 CVE-2024-39875 Siemens Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).

4.3
2024-07-09 CVE-2024-5704 The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.6.4.
4.3
2024-07-09 CVE-2024-5856 The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cir_delete_image AJAX action in all versions up to, and including, 2.2.1.
4.3
2024-07-09 CVE-2024-6167 The Just Custom Fields plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX functions in all versions up to, and including, 3.3.2.
4.3
2024-07-09 CVE-2024-6168 The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2.
4.3
2024-07-09 CVE-2024-5855 The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulk_action_delete and delete_single_image_call AJAX actions in all versions up to, and including, 3.0.1.
4.3
2024-07-08 CVE-2024-31897 IBM Server-Side Request Forgery (SSRF) vulnerability in IBM Cloud PAK for Business Automation

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF).

4.3
2024-07-09 CVE-2024-39876 Siemens Allocation of Resources Without Limits or Throttling vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-07-09 CVE-2024-28067 Samsung Unspecified vulnerability in Samsung Exynos Modem 5300 Firmware

A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the victim in plaintext.

3.7
2024-07-12 CVE-2023-41093 Silabs Use After Free vulnerability in Silabs Bluetooth LOW Energy Software Development KIT

Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.

3.1
2024-07-11 CVE-2024-2880 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members.

2.7
2024-07-11 CVE-2024-5257 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace.

2.7
2024-07-11 CVE-2024-5470 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.

2.7