Weekly Vulnerabilities Reports > July 8 to 14, 2024
Overview
586 new vulnerabilities reported during this period, including 35 critical vulnerabilities and 313 high severity vulnerabilities. This weekly summary report vulnerabilities in 226 products from 125 vendors including Microsoft, Linux, Level1, Siemens, and Realtek. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", "Use After Free", and "Authorization Bypass Through User-Controlled Key".
- 413 reported vulnerabilities are remotely exploitables.
- 149 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 279 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 124 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
35 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-07-09 | CVE-2024-38089 | Microsoft | Unspecified vulnerability in Microsoft Defender for IOT Microsoft Defender for IoT Elevation of Privilege Vulnerability | 9.9 |
2024-07-09 | CVE-2024-39872 | Siemens | Unspecified vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 9.9 |
2024-07-14 | CVE-2024-6728 | Angeljudesuarez | SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0 A vulnerability was found in itsourcecode Tailoring Management System 1.0. | 9.8 |
2024-07-12 | CVE-2024-39917 | Neutrinolabs | Improper Restriction of Excessive Authentication Attempts vulnerability in Neutrinolabs Xrdp xrdp is an open source RDP server. | 9.8 |
2024-07-12 | CVE-2024-40539 | Codermy | SQL Injection vulnerability in Codermy My-Springsecurity-Plus my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user. | 9.8 |
2024-07-12 | CVE-2024-40540 | Codermy | SQL Injection vulnerability in Codermy My-Springsecurity-Plus my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept. | 9.8 |
2024-07-12 | CVE-2024-40541 | Codermy | SQL Injection vulnerability in Codermy My-Springsecurity-Plus my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build. | 9.8 |
2024-07-12 | CVE-2024-40542 | Codermy | SQL Injection vulnerability in Codermy My-Springsecurity-Plus my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset. | 9.8 |
2024-07-12 | CVE-2024-6328 | The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. | 9.8 | |
2024-07-11 | CVE-2024-6385 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. | 9.8 |
2024-07-11 | CVE-2024-6624 | Parorrey | Unspecified vulnerability in Parorrey Json API User The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. | 9.8 |
2024-07-11 | CVE-2024-6397 | Instawp | Improper Authentication vulnerability in Instawp Connect The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. | 9.8 |
2024-07-10 | CVE-2024-4879 | Servicenow | Unspecified vulnerability in Servicenow Utah/Vancouver/Washingtondc ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. | 9.8 |
2024-07-10 | CVE-2024-5217 | Servicenow | Incorrect Comparison vulnerability in Servicenow Utah/Vancouver/Washingtondc ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. | 9.8 |
2024-07-10 | CVE-2024-6422 | Pepperl Fuchs | Missing Authentication for Critical Function vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. | 9.8 |
2024-07-09 | CVE-2024-37873 | Itsourcecode | SQL Injection vulnerability in Itsourcecode Payroll Management System Project in PHP With Source Code 1.0 SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 9.8 |
2024-07-09 | CVE-2023-48194 | Tenda | Unspecified vulnerability in Tenda Ac8V4 Firmware 16.03.34.09 Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. | 9.8 |
2024-07-09 | CVE-2024-38074 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 9.8 |
2024-07-09 | CVE-2024-38076 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 9.8 |
2024-07-09 | CVE-2024-38077 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 9.8 |
2024-07-09 | CVE-2024-39171 | Phpvibe | Path Traversal vulnerability in PHPvibe Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. | 9.8 |
2024-07-09 | CVE-2024-27782 | Fortinet | Insufficient Session Expiration vulnerability in Fortinet Fortiaiops 2.0.0 Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests. | 9.8 |
2024-07-09 | CVE-2024-37934 | Ninjaforms | Code Injection vulnerability in Ninjaforms Ninja Forms Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4. | 9.8 |
2024-07-09 | CVE-2024-37112 | Wishlist Member | SQL Injection vulnerability in Wishlist Member Wishlist Member Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | 9.8 |
2024-07-09 | CVE-2024-37555 | Zealousweb | Unrestricted Upload of File with Dangerous Type vulnerability in Zealousweb Generate PDF Using Contact Form 7 Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6. | 9.8 |
2024-07-09 | CVE-2024-6313 | The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users can specify the allowed file types in the 'upload' function in versions up to, and including, 2.2.9. | 9.8 | |
2024-07-09 | CVE-2024-6314 | The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process_image_upload' function in versions up to, and including, 2.2.7. | 9.8 | |
2024-07-09 | CVE-2024-28747 | An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges. | 9.8 | |
2024-07-09 | CVE-2024-6365 | The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. | 9.8 | |
2024-07-08 | CVE-2023-46685 | Level1 | Use of Hard-coded Credentials vulnerability in Level1 Wbr-6013 Firmware Rer4Av3411B2T2Rlev09170623 A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. | 9.8 |
2024-07-08 | CVE-2024-39677 | Nhibernate | SQL Injection vulnerability in Nhibernate Nhibernate-Core NHibernate is an object-relational mapper for the .NET framework. | 9.8 |
2024-07-08 | CVE-2024-39742 | IBM | Incorrect Comparison vulnerability in IBM MQ Operator IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. | 9.8 |
2024-07-08 | CVE-2024-27903 | Openvpn | Unrestricted Upload of File with Dangerous Type vulnerability in Openvpn OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service. | 9.8 |
2024-07-10 | CVE-2024-21524 | Magiclen | Out-of-bounds Read vulnerability in Magiclen Stringbuilder All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. | 9.1 |
2024-07-09 | CVE-2024-28751 | An high privileged remote attacker can enable telnet access that accepts hardcoded credentials. | 9.1 |
313 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-07-14 | CVE-2024-6732 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Student Study Center Desk Management System 1.0 A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. | 8.8 |
2024-07-14 | CVE-2024-6733 | Angeljudesuarez | SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0 A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. | 8.8 |
2024-07-14 | CVE-2024-6731 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Student Study Center Desk Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. | 8.8 |
2024-07-14 | CVE-2024-6729 | Mayurik | SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0 A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. | 8.8 |
2024-07-12 | CVE-2024-40518 | Seacms | Unspecified vulnerability in Seacms 12.9 SeaCMS 12.9 has a remote code execution vulnerability. | 8.8 |
2024-07-12 | CVE-2024-40519 | Seacms | Unspecified vulnerability in Seacms 12.9 SeaCMS 12.9 has a remote code execution vulnerability. | 8.8 |
2024-07-12 | CVE-2024-40520 | Seacms | Unspecified vulnerability in Seacms 12.9 SeaCMS 12.9 has a remote code execution vulnerability. | 8.8 |
2024-07-12 | CVE-2024-40521 | Seacms | Unspecified vulnerability in Seacms 12.9 SeaCMS 12.9 has a remote code execution vulnerability. | 8.8 |
2024-07-12 | CVE-2024-40522 | Seacms | Unspecified vulnerability in Seacms 12.9 There is a remote code execution vulnerability in SeaCMS 12.9. | 8.8 |
2024-07-12 | CVE-2024-40543 | Publiccms | Server-Side Request Forgery (SSRF) vulnerability in Publiccms PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage. | 8.8 |
2024-07-12 | CVE-2024-40544 | Publiccms | Server-Side Request Forgery (SSRF) vulnerability in Publiccms PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit. | 8.8 |
2024-07-12 | CVE-2024-40545 | Publiccms | Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | 8.8 |
2024-07-12 | CVE-2024-40546 | Publiccms | Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | 8.8 |
2024-07-12 | CVE-2024-40548 | Publiccms | Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | 8.8 |
2024-07-12 | CVE-2024-40549 | Publiccms | Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | 8.8 |
2024-07-12 | CVE-2024-40550 | Publiccms | Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | 8.8 |
2024-07-12 | CVE-2024-40551 | Publiccms | Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | 8.8 |
2024-07-12 | CVE-2024-40552 | Publiccms | Unspecified vulnerability in Publiccms PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. | 8.8 |
2024-07-12 | CVE-2024-6353 | The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'search[value]' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 | |
2024-07-12 | CVE-2024-6022 | Adamsolymosi | Cross-Site Request Forgery (CSRF) vulnerability in Adamsolymosi Contentlock 1.0.2/1.0.3 The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 8.8 |
2024-07-12 | CVE-2024-6023 | Adamsolymosi | Cross-Site Request Forgery (CSRF) vulnerability in Adamsolymosi Contentlock 1.0.2/1.0.3 The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack | 8.8 |
2024-07-11 | CVE-2024-6666 | Wedevs | SQL Injection vulnerability in Wedevs WP ERP The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
2024-07-11 | CVE-2024-1845 | E4Jconnect | Cross-Site Request Forgery (CSRF) vulnerability in E4Jconnect Vikrentcar The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | 8.8 |
2024-07-10 | CVE-2024-39565 | An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. | 8.8 | |
2024-07-10 | CVE-2024-6652 | Adrianmercurio | SQL Injection vulnerability in Adrianmercurio GYM Management System 1.0 A vulnerability was found in itsourcecode Gym Management System 1.0. | 8.8 |
2024-07-10 | CVE-2024-6148 | Citrix | Unspecified vulnerability in Citrix Workspace Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5 | 8.8 |
2024-07-10 | CVE-2024-40332 | Idccms | Cross-Site Request Forgery (CSRF) vulnerability in Idccms 1.35 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord | 8.8 |
2024-07-10 | CVE-2024-28828 | Checkmk | Cross-Site Request Forgery (CSRF) vulnerability in Checkmk 2.0.0/2.1.0/2.2.0 Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site. | 8.8 |
2024-07-10 | CVE-2024-40334 | Idccms | Cross-Site Request Forgery (CSRF) vulnerability in Idccms 1.35 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3 | 8.8 |
2024-07-10 | CVE-2024-6411 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. | 8.8 | |
2024-07-10 | CVE-2023-7061 | Advancedfilemanager | Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager File Manager Advanced Shortcode 2.3.2/2.5.3 The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. | 8.8 |
2024-07-10 | CVE-2023-7062 | The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. | 8.8 | |
2024-07-10 | CVE-2024-5792 | The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes ‘belong_to’ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 | |
2024-07-10 | CVE-2024-21417 | Windows Text Services Framework Elevation of Privilege Vulnerability | 8.8 | |
2024-07-09 | CVE-2024-39880 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Cncsoft-G2 2.0.0.5 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. | 8.8 |
2024-07-09 | CVE-2024-39881 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Cncsoft-G2 2.0.0.5 Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. | 8.8 |
2024-07-09 | CVE-2024-39882 | Deltaww | Out-of-bounds Read vulnerability in Deltaww Cncsoft-G2 2.0.0.5 Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. | 8.8 |
2024-07-09 | CVE-2024-39883 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Cncsoft-G2 2.0.0.5 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. | 8.8 |
2024-07-09 | CVE-2024-40034 | Idccms Project | Cross-Site Request Forgery (CSRF) vulnerability in Idccms Project Idccms 1.35 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del | 8.8 |
2024-07-09 | CVE-2024-40037 | Idccms Project | Cross-Site Request Forgery (CSRF) vulnerability in Idccms Project Idccms 1.35 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del | 8.8 |
2024-07-09 | CVE-2024-40039 | Idccms Project | Cross-Site Request Forgery (CSRF) vulnerability in Idccms Project Idccms 1.35 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del | 8.8 |
2024-07-09 | CVE-2024-20701 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-21303 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-21308 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 | |
2024-07-09 | CVE-2024-21317 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 | |
2024-07-09 | CVE-2024-21331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 | |
2024-07-09 | CVE-2024-21332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 | |
2024-07-09 | CVE-2024-21333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 | |
2024-07-09 | CVE-2024-21335 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 | |
2024-07-09 | CVE-2024-21373 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 | |
2024-07-09 | CVE-2024-21398 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 | |
2024-07-09 | CVE-2024-21414 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 | |
2024-07-09 | CVE-2024-21415 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 | |
2024-07-09 | CVE-2024-21425 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 | |
2024-07-09 | CVE-2024-21428 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 | |
2024-07-09 | CVE-2024-21449 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-28899 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.8 |
2024-07-09 | CVE-2024-28928 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 | |
2024-07-09 | CVE-2024-30013 | Microsoft | Unspecified vulnerability in Microsoft products Windows MultiPoint Services Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-35256 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-35271 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-35272 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37318 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37319 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37320 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37321 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37322 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37323 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37324 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37326 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37327 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37328 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37329 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37330 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37331 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37332 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37333 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37334 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37336 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-37973 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.8 |
2024-07-09 | CVE-2024-38021 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Outlook Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-38053 | Microsoft | Use After Free vulnerability in Microsoft products Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-38060 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Windows Imaging Component Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-38087 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-38088 | Microsoft | Unspecified vulnerability in Microsoft products SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-38092 | Microsoft | Unspecified vulnerability in Microsoft Azure Cyclecloud Azure CycleCloud Elevation of Privilege Vulnerability | 8.8 |
2024-07-09 | CVE-2024-38104 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows Fax Service Remote Code Execution Vulnerability | 8.8 |
2024-07-09 | CVE-2024-23663 | Fortinet | Unspecified vulnerability in Fortinet Fortiextender Firmware An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request. | 8.8 |
2024-07-09 | CVE-2024-27783 | Fortinet | Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fortiaiops 2.0.0 Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests. | 8.8 |
2024-07-09 | CVE-2024-6609 | Mozilla | Unspecified vulnerability in Mozilla Firefox When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. | 8.8 |
2024-07-09 | CVE-2024-37513 | Themewinter | Path Traversal vulnerability in Themewinter Wpcafe Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27. | 8.8 |
2024-07-09 | CVE-2024-37520 | Radiustheme | Path Traversal vulnerability in Radiustheme Shopbuilder Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons allows Path Traversal.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through 2.1.12. | 8.8 |
2024-07-09 | CVE-2024-37952 | Themeenergy | Unspecified vulnerability in Themeenergy Book Your Travel Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17. | 8.8 |
2024-07-09 | CVE-2024-39570 | Siemens | Command Injection vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). | 8.8 |
2024-07-09 | CVE-2024-39571 | Siemens | Command Injection vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). | 8.8 |
2024-07-09 | CVE-2024-39865 | Siemens | Unrestricted Upload of File with Dangerous Type vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 8.8 |
2024-07-09 | CVE-2024-39866 | Siemens | Unspecified vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 8.8 |
2024-07-09 | CVE-2023-3287 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. | 8.8 |
2024-07-09 | CVE-2023-3288 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. | 8.8 |
2024-07-09 | CVE-2024-37419 | Codeless | Path Traversal vulnerability in Codeless Cowidgets Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Codeless Cowidgets – Elementor Addons allows Path Traversal.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1. | 8.8 |
2024-07-09 | CVE-2024-37454 | Awsm | Path Traversal vulnerability in Awsm Team Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AWSM Innovations AWSM Team allows Path Traversal.This issue affects AWSM Team: from n/a through 1.3.1. | 8.8 |
2024-07-09 | CVE-2024-37455 | Brainstormforce | Unspecified vulnerability in Brainstormforce Ultimate Addons for Elementor Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31. | 8.8 |
2024-07-09 | CVE-2024-37462 | G5Plus | Path Traversal vulnerability in G5Plus Ultimate Bootstrap Elements for Elementor Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows Path Traversal.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.2. | 8.8 |
2024-07-09 | CVE-2024-37090 | Stylemixthemes | SQL Injection vulnerability in Stylemixthemes products Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0. | 8.8 |
2024-07-09 | CVE-2024-37268 | Kaptinlin | Path Traversal vulnerability in Kaptinlin Striking Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in kaptinlin Striking allows Path Traversal.This issue affects Striking: from n/a through 2.3.4. | 8.8 |
2024-07-09 | CVE-2024-37225 | Zoho | SQL Injection vulnerability in Zoho Marketing Automation Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7. | 8.8 |
2024-07-09 | CVE-2024-37494 | Kainelabs | SQL Injection vulnerability in Kainelabs Youzify Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaineLabs Youzify.This issue affects Youzify: from n/a through 1.2.5. | 8.8 |
2024-07-09 | CVE-2024-3604 | Hyumika | SQL Injection vulnerability in Hyumika Openstreetmap The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
2024-07-09 | CVE-2024-5456 | The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selected_button' parameter. | 8.8 | |
2024-07-09 | CVE-2024-6069 | The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation/deactivation due to missing capability checks on the pieregister_install_addon, pieregister_activate_addon and pieregister_deactivate_addon functions in all versions up to, and including, 3.8.3.4. | 8.8 | |
2024-07-09 | CVE-2024-6161 | The Default Thumbnail Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'get_cache_image' function in all versions up to, and including, 1.0.2.3. | 8.8 | |
2024-07-09 | CVE-2024-6309 | The Attachment File Icons (AF Icons) plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3. | 8.8 | |
2024-07-09 | CVE-2024-6316 | The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. | 8.8 | |
2024-07-09 | CVE-2024-6317 | The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. | 8.8 | |
2024-07-09 | CVE-2024-6320 | The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.2.2. | 8.8 | |
2024-07-09 | CVE-2024-6321 | The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. | 8.8 | |
2024-07-09 | CVE-2024-5441 | Webnus | Unrestricted Upload of File with Dangerous Type vulnerability in Webnus Modern Events Calendar The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function in all versions up to, and including, 7.11.0. | 8.8 |
2024-07-09 | CVE-2024-6166 | Unlimited Elements | SQL Injection vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates) The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘addons_order’ parameter in all versions up to, and including, 1.5.112 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
2024-07-09 | CVE-2024-5793 | The Houzez Theme - Functionality plugin for WordPress is vulnerable to SQL Injection via the ‘currency_code’ parameter in all versions up to, and including, 3.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 | |
2024-07-08 | CVE-2023-47677 | Realtek Level1 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. | 8.8 |
2024-07-08 | CVE-2024-39202 | Dlink | Unspecified vulnerability in Dlink Dir-823X Ax3000 Firmware 240126 D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings. | 8.8 |
2024-07-09 | CVE-2024-37984 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.4 |
2024-07-10 | CVE-2023-32467 | Dell | Improper Initialization vulnerability in Dell products Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. | 8.2 |
2024-07-10 | CVE-2023-32472 | Dell | Out-of-bounds Write vulnerability in Dell products Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. | 8.2 |
2024-07-11 | CVE-2024-28872 | ISC | Improper Certificate Validation vulnerability in ISC Stork The TLS certificate validation code is flawed. | 8.1 |
2024-07-11 | CVE-2024-22280 | Vmware | SQL Injection vulnerability in VMWare Aria Automation and Cloud Foundation VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. | 8.1 |
2024-07-09 | CVE-2024-35264 | Microsoft | Unspecified vulnerability in Microsoft .Net and Visual Studio 2022 .NET and Visual Studio Remote Code Execution Vulnerability | 8.1 |
2024-07-09 | CVE-2024-38049 | Microsoft | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability | 8.1 |
2024-07-09 | CVE-2023-38047 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). | 8.1 |
2024-07-09 | CVE-2023-38048 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). | 8.1 |
2024-07-09 | CVE-2023-38049 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). | 8.1 |
2024-07-09 | CVE-2023-38050 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). | 8.1 |
2024-07-09 | CVE-2023-38051 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). | 8.1 |
2024-07-09 | CVE-2023-38052 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). | 8.1 |
2024-07-09 | CVE-2023-38053 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). | 8.1 |
2024-07-09 | CVE-2023-38054 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). | 8.1 |
2024-07-09 | CVE-2023-38055 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). | 8.1 |
2024-07-09 | CVE-2024-37969 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-09 | CVE-2024-37970 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-09 | CVE-2024-37971 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-09 | CVE-2024-37972 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-09 | CVE-2024-37974 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-09 | CVE-2024-37975 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-09 | CVE-2024-37977 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-09 | CVE-2024-37978 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 22H2 and Windows 11 23H2 Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-09 | CVE-2024-37981 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-09 | CVE-2024-37986 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-09 | CVE-2024-37987 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-09 | CVE-2024-37988 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-09 | CVE-2024-37989 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-09 | CVE-2024-38010 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-09 | CVE-2024-38011 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 8.0 |
2024-07-14 | CVE-2023-52885 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the established child sock, there is a window that the newsock retaining a freed listener svc_sock in sk_user_data which cloning from parent. | 7.8 |
2024-07-12 | CVE-2024-39494 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites. | 7.8 |
2024-07-12 | CVE-2024-39495 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: greybus: Fix use-after-free bug in gb_interface_release due to race condition. In gb_interface_create, &intf->mode_switch_completion is bound with gb_interface_mode_switch_work. | 7.8 |
2024-07-12 | CVE-2024-39496 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free due to race with dev replace While loading a zone's info during creation of a block group, we can race with a device replace operation and then trigger a use-after-free on the device that was just replaced (source device of the replace operation). This happens because at btrfs_load_zone_info() we extract a device from the chunk map into a local variable and then use the device while not under the protection of the device replace rwsem. | 7.8 |
2024-07-12 | CVE-2024-39510 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0xb41/0xb60 Read of size 8 at addr ffff888122e84088 by task ondemand-04-dae/963 CPU: 13 PID: 963 Comm: ondemand-04-dae Not tainted 6.8.0-dirty #564 Call Trace: kasan_report+0x93/0xc0 cachefiles_ondemand_daemon_read+0xb41/0xb60 vfs_read+0x169/0xb50 ksys_read+0xf5/0x1e0 Allocated by task 116: kmem_cache_alloc+0x140/0x3a0 cachefiles_lookup_cookie+0x140/0xcd0 fscache_cookie_state_machine+0x43c/0x1230 [...] Freed by task 792: kmem_cache_free+0xfe/0x390 cachefiles_put_object+0x241/0x480 fscache_cookie_state_machine+0x5c8/0x1230 [...] ================================================================== Following is the process that triggers the issue: mount | daemon_thread1 | daemon_thread2 ------------------------------------------------------------ cachefiles_withdraw_cookie cachefiles_ondemand_clean_object(object) cachefiles_ondemand_send_req REQ_A = kzalloc(sizeof(*req) + data_len) wait_for_completion(&REQ_A->done) cachefiles_daemon_read cachefiles_ondemand_daemon_read REQ_A = cachefiles_ondemand_select_req msg->object_id = req->object->ondemand->ondemand_id ------ restore ------ cachefiles_ondemand_restore xas_for_each(&xas, req, ULONG_MAX) xas_set_mark(&xas, CACHEFILES_REQ_NEW) cachefiles_daemon_read cachefiles_ondemand_daemon_read REQ_A = cachefiles_ondemand_select_req copy_to_user(_buffer, msg, n) xa_erase(&cache->reqs, id) complete(&REQ_A->done) ------ close(fd) ------ cachefiles_ondemand_fd_release cachefiles_put_object cachefiles_put_object kmem_cache_free(cachefiles_object_jar, object) REQ_A->object->ondemand->ondemand_id // object UAF !!! When we see the request within xa_lock, req->object must not have been freed yet, so grab the reference count of object before xa_unlock to avoid the above issue. | 7.8 |
2024-07-12 | CVE-2024-40899 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0x609/0xab0 Write of size 4 at addr ffff888109164a80 by task ondemand-04-dae/4962 CPU: 11 PID: 4962 Comm: ondemand-04-dae Not tainted 6.8.0-rc7-dirty #542 Call Trace: kasan_report+0x94/0xc0 cachefiles_ondemand_daemon_read+0x609/0xab0 vfs_read+0x169/0xb50 ksys_read+0xf5/0x1e0 Allocated by task 626: __kmalloc+0x1df/0x4b0 cachefiles_ondemand_send_req+0x24d/0x690 cachefiles_create_tmpfile+0x249/0xb30 cachefiles_create_file+0x6f/0x140 cachefiles_look_up_object+0x29c/0xa60 cachefiles_lookup_cookie+0x37d/0xca0 fscache_cookie_state_machine+0x43c/0x1230 [...] Freed by task 626: kfree+0xf1/0x2c0 cachefiles_ondemand_send_req+0x568/0x690 cachefiles_create_tmpfile+0x249/0xb30 cachefiles_create_file+0x6f/0x140 cachefiles_look_up_object+0x29c/0xa60 cachefiles_lookup_cookie+0x37d/0xca0 fscache_cookie_state_machine+0x43c/0x1230 [...] ================================================================== Following is the process that triggers the issue: mount | daemon_thread1 | daemon_thread2 ------------------------------------------------------------ cachefiles_ondemand_init_object cachefiles_ondemand_send_req REQ_A = kzalloc(sizeof(*req) + data_len) wait_for_completion(&REQ_A->done) cachefiles_daemon_read cachefiles_ondemand_daemon_read REQ_A = cachefiles_ondemand_select_req cachefiles_ondemand_get_fd copy_to_user(_buffer, msg, n) process_open_req(REQ_A) ------ restore ------ cachefiles_ondemand_restore xas_for_each(&xas, req, ULONG_MAX) xas_set_mark(&xas, CACHEFILES_REQ_NEW); cachefiles_daemon_read cachefiles_ondemand_daemon_read REQ_A = cachefiles_ondemand_select_req write(devfd, ("copen %u,%llu", msg->msg_id, size)); cachefiles_ondemand_copen xa_erase(&cache->reqs, id) complete(&REQ_A->done) kfree(REQ_A) cachefiles_ondemand_get_fd(REQ_A) fd = get_unused_fd_flags file = anon_inode_getfile fd_install(fd, file) load = (void *)REQ_A->msg.data; load->fd = fd; // load UAF !!! This issue is caused by issuing a restore command when the daemon is still alive, which results in a request being processed multiple times thus triggering a UAF. | 7.8 |
2024-07-12 | CVE-2024-40902 | Linux | Classic Buffer Overflow vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. | 7.8 |
2024-07-12 | CVE-2024-40903 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps There could be a potential use-after-free case in tcpm_register_source_caps(). | 7.8 |
2024-07-12 | CVE-2024-40906 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always stop health timer during driver removal Currently, if teardown_hca fails to execute during driver removal, mlx5 does not stop the health timer. | 7.8 |
2024-07-12 | CVE-2024-40909 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free in bpf_link_free() After commit 1a80dbcb2dba, bpf_link can be freed by link->ops->dealloc_deferred, but the code still tests and uses link->ops->dealloc afterward, which leads to a use-after-free as reported by syzbot. | 7.8 |
2024-07-12 | CVE-2024-40954 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: do not leave a dangling sk pointer, when socket creation fails It is possible to trigger a use-after-free by: * attaching an fentry probe to __sock_release() and the probe calling the bpf_get_socket_cookie() helper * running traceroute -I 1.1.1.1 on a freshly booted VM A KASAN enabled kernel will log something like below (decoded and stripped): ================================================================== BUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) Read of size 8 at addr ffff888007110dd8 by task traceroute/299 CPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1)) print_report (mm/kasan/report.c:378 mm/kasan/report.c:488) ? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) kasan_report (mm/kasan/report.c:603) ? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189) __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) bpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092) bpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e bpf_trampoline_6442506592+0x47/0xaf __sock_release (net/socket.c:652) __sock_create (net/socket.c:1601) ... Allocated by task 299 on cpu 2 at 78.328492s: kasan_save_stack (mm/kasan/common.c:48) kasan_save_track (mm/kasan/common.c:68) __kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338) kmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007) sk_prot_alloc (net/core/sock.c:2075) sk_alloc (net/core/sock.c:2134) inet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252) __sock_create (net/socket.c:1572) __sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706) __x64_sys_socket (net/socket.c:1718) do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Freed by task 299 on cpu 2 at 78.328502s: kasan_save_stack (mm/kasan/common.c:48) kasan_save_track (mm/kasan/common.c:68) kasan_save_free_info (mm/kasan/generic.c:582) poison_slab_object (mm/kasan/common.c:242) __kasan_slab_free (mm/kasan/common.c:256) kmem_cache_free (mm/slub.c:4437 mm/slub.c:4511) __sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208) inet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252) __sock_create (net/socket.c:1572) __sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706) __x64_sys_socket (net/socket.c:1718) do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Fix this by clearing the struct socket reference in sk_common_release() to cover all protocol families create functions, which may already attached the reference to the sk object with sock_init_data(). | 7.8 |
2024-07-12 | CVE-2024-40956 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Use list_for_each_entry_safe() to allow iterating through the list and deleting the entry in the iteration process. | 7.8 |
2024-07-12 | CVE-2024-40958 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netns: Make get_net_ns() handle zero refcount net Syzkaller hit a warning: refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0 Modules linked in: CPU: 3 PID: 7890 Comm: tun Not tainted 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:refcount_warn_saturate+0xdf/0x1d0 Code: 41 49 04 31 ff 89 de e8 9f 1e cd fe 84 db 75 9c e8 76 26 cd fe c6 05 b6 41 49 04 01 90 48 c7 c7 b8 8e 25 86 e8 d2 05 b5 fe 90 <0f> 0b 90 90 e9 79 ff ff ff e8 53 26 cd fe 0f b6 1 RSP: 0018:ffff8881067b7da0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c72ac RDX: ffff8881026a2140 RSI: ffffffff811c72b5 RDI: 0000000000000001 RBP: ffff8881067b7db0 R08: 0000000000000000 R09: 205b5d3730353139 R10: 0000000000000000 R11: 205d303938375420 R12: ffff8881086500c4 R13: ffff8881086500c4 R14: ffff8881086500b0 R15: ffff888108650040 FS: 00007f5b2961a4c0(0000) GS:ffff88823bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055d7ed36fd18 CR3: 00000001482f6000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? show_regs+0xa3/0xc0 ? __warn+0xa5/0x1c0 ? refcount_warn_saturate+0xdf/0x1d0 ? report_bug+0x1fc/0x2d0 ? refcount_warn_saturate+0xdf/0x1d0 ? handle_bug+0xa1/0x110 ? exc_invalid_op+0x3c/0xb0 ? asm_exc_invalid_op+0x1f/0x30 ? __warn_printk+0xcc/0x140 ? __warn_printk+0xd5/0x140 ? refcount_warn_saturate+0xdf/0x1d0 get_net_ns+0xa4/0xc0 ? __pfx_get_net_ns+0x10/0x10 open_related_ns+0x5a/0x130 __tun_chr_ioctl+0x1616/0x2370 ? __sanitizer_cov_trace_switch+0x58/0xa0 ? __sanitizer_cov_trace_const_cmp2+0x1c/0x30 ? __pfx_tun_chr_ioctl+0x10/0x10 tun_chr_ioctl+0x2f/0x40 __x64_sys_ioctl+0x11b/0x160 x64_sys_call+0x1211/0x20d0 do_syscall_64+0x9e/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5b28f165d7 Code: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 8 RSP: 002b:00007ffc2b59c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b28f165d7 RDX: 0000000000000000 RSI: 00000000000054e3 RDI: 0000000000000003 RBP: 00007ffc2b59c650 R08: 00007f5b291ed8c0 R09: 00007f5b2961a4c0 R10: 0000000029690010 R11: 0000000000000246 R12: 0000000000400730 R13: 00007ffc2b59cf40 R14: 0000000000000000 R15: 0000000000000000 </TASK> Kernel panic - not syncing: kernel: panic_on_warn set ... This is trigger as below: ns0 ns1 tun_set_iff() //dev is tun0 tun->dev = dev //ip link set tun0 netns ns1 put_net() //ref is 0 __tun_chr_ioctl() //TUNGETDEVNETNS net = dev_net(tun->dev); open_related_ns(&net->ns, get_net_ns); //ns1 get_net_ns() get_net() //addition on 0 Use maybe_get_net() in get_net_ns in case net's ref is zero to fix this | 7.8 |
2024-07-12 | CVE-2024-40994 | Linux | Integer Overflow or Wraparound vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. | 7.8 |
2024-07-12 | CVE-2024-40996 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid splat in pskb_pull_reason syzkaller builds (CONFIG_DEBUG_NET=y) frequently trigger a debug hint in pskb_may_pull. We'd like to retain this debug check because it might hint at integer overflows and other issues (kernel code should pull headers, not huge value). In bpf case, this splat isn't interesting at all: such (nonsensical) bpf programs are typically generated by a fuzzer anyway. Do what Eric suggested and suppress such warning. For CONFIG_DEBUG_NET=n we don't need the extra check because pskb_may_pull will do the right thing: return an error without the WARN() backtrace. | 7.8 |
2024-07-12 | CVE-2024-41000 | Linux | Integer Overflow or Wraparound vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer shows this report: [ 62.982337] ------------[ cut here ]------------ [ 62.985692] cgroup: Invalid name [ 62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46 [ 62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1 [ 62.992992] 9223372036854775807 + 4095 cannot be represented in type 'long long' [ 62.997827] 9pnet_fd: p9_fd_create_tcp (7345): problem connecting socket to 127.0.0.1 [ 62.999369] random: crng reseeded on system resumption [ 63.000634] GUP no longer grows the stack in syz-executor.2 (7353): 20002000-20003000 (20001000) [ 63.000668] CPU: 0 PID: 7353 Comm: syz-executor.2 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 63.000677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.000682] Call Trace: [ 63.000686] <TASK> [ 63.000731] dump_stack_lvl+0x93/0xd0 [ 63.000919] __get_user_pages+0x903/0xd30 [ 63.001030] __gup_longterm_locked+0x153e/0x1ba0 [ 63.001041] ? _raw_read_unlock_irqrestore+0x17/0x50 [ 63.001072] ? try_get_folio+0x29c/0x2d0 [ 63.001083] internal_get_user_pages_fast+0x1119/0x1530 [ 63.001109] iov_iter_extract_pages+0x23b/0x580 [ 63.001206] bio_iov_iter_get_pages+0x4de/0x1220 [ 63.001235] iomap_dio_bio_iter+0x9b6/0x1410 [ 63.001297] __iomap_dio_rw+0xab4/0x1810 [ 63.001316] iomap_dio_rw+0x45/0xa0 [ 63.001328] ext4_file_write_iter+0xdde/0x1390 [ 63.001372] vfs_write+0x599/0xbd0 [ 63.001394] ksys_write+0xc8/0x190 [ 63.001403] do_syscall_64+0xd4/0x1b0 [ 63.001421] ? arch_exit_to_user_mode_prepare+0x3a/0x60 [ 63.001479] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 63.001535] RIP: 0033:0x7f7fd3ebf539 [ 63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539 [ 63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004 [ 63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000 [ 63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8 ... [ 63.018142] ---[ end trace ]--- Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang; It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's rework this overflow checking logic to not actually perform an overflow during the check itself, thus avoiding the UBSAN splat. [1]: https://github.com/llvm/llvm-project/pull/82432 | 7.8 |
2024-07-11 | CVE-2024-39520 | Juniper | OS Command Injection vulnerability in Juniper Junos OS Evolved An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * All version before 20.4R3-S6-EVO, * 21.2-EVO versions before 21.2R3-S4-EVO, * 21.4-EVO versions before 21.4R3-S6-EVO, * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO. | 7.8 |
2024-07-11 | CVE-2024-39521 | Juniper | OS Command Injection vulnerability in Juniper Junos OS Evolved An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * 21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.1-EVO versions before 22.1R3-S6-EVO, * 22.2-EVO versions before 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO. | 7.8 |
2024-07-11 | CVE-2024-39522 | Juniper | OS Command Injection vulnerability in Juniper Junos OS Evolved 22.3/22.4 An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * 22.3-EVO versions before 22.3R2-EVO, * 22.4-EVO versions before 22.4R1-S1-EVO, 22.4R2-EVO. | 7.8 |
2024-07-11 | CVE-2024-39523 | Juniper | OS Command Injection vulnerability in Juniper Junos OS Evolved An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * All versions before 20.4R3-S7-EVO, * 21.2-EVO versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.1-EVO versions before 22.1R3-S6-EVO, * 22.2-EVO versions before 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO, * 22.4-EVO versions before 22.4R2-EVO. | 7.8 |
2024-07-11 | CVE-2024-39524 | Juniper | OS Command Injection vulnerability in Juniper Junos OS Evolved An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: All versions before 20.4R3-S7-EVO, 21.2-EVO versions before 21.2R3-S8-EVO, 21.4-EVO versions before 21.4R3-S7-EVO, 22.2-EVO versions before 22.2R3-EVO, 22.3-EVO versions before 22.3R2-EVO, 22.4-EVO versions before 22.4R2-EVO. | 7.8 |
2024-07-11 | CVE-2024-2602 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric Foxrtu Station CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor. | 7.8 |
2024-07-11 | CVE-2024-5681 | Schneider Electric | Improper Input Validation vulnerability in Schneider-Electric Ecostruxure Foxboro DCS Control Core Services CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | 7.8 |
2024-07-10 | CVE-2024-38301 | Dell | Unspecified vulnerability in Dell Alienware Command Center Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. | 7.8 |
2024-07-09 | CVE-2024-20781 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-07-09 | CVE-2024-20782 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-07-09 | CVE-2024-20783 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-07-09 | CVE-2024-20785 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-07-09 | CVE-2024-34139 | Adobe | Integer Overflow or Wraparound vulnerability in Adobe Bridge Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-07-09 | CVE-2024-30079 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-35261 | Microsoft | Unspecified vulnerability in Microsoft Azure Network Watcher Agent Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38034 | Microsoft | Unspecified vulnerability in Microsoft products Windows Filtering Platform Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38043 | Microsoft | Unspecified vulnerability in Microsoft products PowerShell Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38047 | Microsoft | Unspecified vulnerability in Microsoft products PowerShell Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38050 | Microsoft | Integer Underflow (Wrap or Wraparound) vulnerability in Microsoft products Windows Workstation Service Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38051 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38052 | Microsoft | Unspecified vulnerability in Microsoft products Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38054 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38057 | Microsoft | Unspecified vulnerability in Microsoft products Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38059 | Microsoft | Unspecified vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38062 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38066 | Microsoft | Use After Free vulnerability in Microsoft products Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38070 | Microsoft | Unspecified vulnerability in Microsoft products Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38079 | Microsoft | Unspecified vulnerability in Microsoft products Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38080 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38085 | Microsoft | Unspecified vulnerability in Microsoft products Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38100 | Microsoft | Unspecified vulnerability in Microsoft products Windows File Explorer Elevation of Privilege Vulnerability | 7.8 |
2024-07-09 | CVE-2024-32056 | Siemens | Out-of-bounds Write vulnerability in Siemens Simcenter Femap A vulnerability has been identified in Simcenter Femap (All versions < V2406). | 7.8 |
2024-07-09 | CVE-2024-33653 | Siemens | Out-of-bounds Read vulnerability in Siemens Simcenter Femap A vulnerability has been identified in Simcenter Femap (All versions < V2406). | 7.8 |
2024-07-09 | CVE-2024-33654 | Siemens | Out-of-bounds Read vulnerability in Siemens Simcenter Femap A vulnerability has been identified in Simcenter Femap (All versions < V2406). | 7.8 |
2024-07-09 | CVE-2024-39568 | Siemens | Command Injection vulnerability in Siemens Sinema Remote Connect Client A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). | 7.8 |
2024-07-09 | CVE-2024-39870 | Siemens | Unspecified vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 7.8 |
2024-07-09 | CVE-2024-4944 | Watchguard | Command Injection vulnerability in Watchguard Mobile VPN With SSL A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. | 7.8 |
2024-07-08 | CVE-2024-27459 | Openvpn | Out-of-bounds Write vulnerability in Openvpn The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges. | 7.8 |
2024-07-08 | CVE-2024-37999 | Siemens | Unspecified vulnerability in Siemens Medicalis Workflow Orchestrator A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). | 7.8 |
2024-07-08 | CVE-2024-38330 | IBM | Uncontrolled Search Path Element vulnerability in IBM I 7.2/7.3/7.4 IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. | 7.8 |
2024-07-09 | CVE-2024-39598 | SAP | Server-Side Request Forgery (SSRF) vulnerability in SAP products SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. | 7.7 |
2024-07-09 | CVE-2024-35266 | Microsoft | Unspecified vulnerability in Microsoft Azure Devops Server 2022.1.0 Azure DevOps Server Spoofing Vulnerability | 7.6 |
2024-07-09 | CVE-2024-35267 | Microsoft | Unspecified vulnerability in Microsoft Azure Devops Server 2022.1.0 Azure DevOps Server Spoofing Vulnerability | 7.6 |
2024-07-14 | CVE-2024-39732 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Datacap IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. | 7.5 |
2024-07-11 | CVE-2024-39531 | An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS). If a value is configured for DDoS bandwidth or burst parameters for any protocol in a queue, all protocols which share the same queue will have their bandwidth or burst value changed to the new value. | 7.5 | |
2024-07-11 | CVE-2024-39540 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives specific valid TCP traffic, the pfe crashes and restarts leading to a momentary but complete service outage. This issue affects Junos OS: 21.2 releases from 21.2R3-S5 before 21.2R3-S6. This issue does not affect earlier or later releases. | 7.5 | |
2024-07-11 | CVE-2024-39542 | An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS). This issue can occur in two scenarios: 1. | 7.5 | |
2024-07-11 | CVE-2024-39548 | An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. | 7.5 | |
2024-07-11 | CVE-2024-39549 | Juniper | Memory Leak vulnerability in Juniper Junos A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. | 7.5 |
2024-07-11 | CVE-2024-39551 | An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command. user@host> show usp memory segment sha data objcache jsf This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC: * 20.4 before 20.4R3-S10, * 21.2 before 21.2R3-S6, * 21.3 before 21.3R3-S5, * 21.4 before 21.4R3-S6, * 22.1 before 22.1R3-S4, * 22.2 before 22.2R3-S2, * 22.3 before 22.3R3-S1, * 22.4 before 22.4R3, * 23.2 before 23.2R2. | 7.5 | |
2024-07-11 | CVE-2024-39552 | An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts. Continuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. | 7.5 | |
2024-07-11 | CVE-2024-39529 | Juniper | Use of Externally-Controlled Format String vulnerability in Juniper Junos A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service. This issue affects Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2. | 7.5 |
2024-07-11 | CVE-2024-39530 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an attempt is made to access specific sensors on platforms not supporting these sensors, either via GRPC or netconf, chassisd will crash and restart leading to a restart of all FPCs and thereby a complete outage. This issue affects Junos OS: * 21.4 versions from 21.4R3 before 21.4R3-S5, * 22.1 versions from 22.1R3 before 22.1R3-S4, * 22.2 versions from 22.2R2 before 22.2R3, * 22.3 versions from 22.3R1 before 22.3R2-S2, 22.3R3, * 22.4 versions from 22.4R1 before 22.4R2. This issue does not affect Junos OS versions earlier than 21.4. | 7.5 |
2024-07-11 | CVE-2024-37151 | Oisf | Improper Check for Unusual or Exceptional Conditions vulnerability in Oisf Suricata Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. | 7.5 |
2024-07-11 | CVE-2024-38534 | Oisf | Allocation of Resources Without Limits or Throttling vulnerability in Oisf Suricata Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. | 7.5 |
2024-07-11 | CVE-2024-38535 | Oisf | Allocation of Resources Without Limits or Throttling vulnerability in Oisf Suricata Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. | 7.5 |
2024-07-11 | CVE-2024-38536 | Oisf | NULL Pointer Dereference vulnerability in Oisf Suricata Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. | 7.5 |
2024-07-11 | CVE-2024-6407 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Whc-5918A Firmware CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device. | 7.5 |
2024-07-10 | CVE-2024-39518 | A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS). When the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. | 7.5 | |
2024-07-10 | CVE-2024-39555 | An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). | 7.5 | |
2024-07-10 | CVE-2024-39562 | A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. | 7.5 | |
2024-07-10 | CVE-2024-6421 | Pepperl Fuchs | Unspecified vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service. | 7.5 |
2024-07-09 | CVE-2024-27360 | Samsung | Improper Validation of Specified Quantity in Input vulnerability in Samsung products A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service. | 7.5 |
2024-07-09 | CVE-2024-27362 | Samsung | Improper Validation of Specified Quantity in Input vulnerability in Samsung products A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure. | 7.5 |
2024-07-09 | CVE-2024-31957 | Samsung | Improper Validation of Specified Quantity in Input vulnerability in Samsung Exynos 2200 Firmware and Exynos 2400 Firmware A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length. | 7.5 |
2024-07-09 | CVE-2024-39698 | Electron | Improper Certificate Validation vulnerability in Electron Electron-Builder electron-updater allows for automatic updates for Electron apps. | 7.5 |
2024-07-09 | CVE-2024-30098 | Microsoft | Unspecified vulnerability in Microsoft products Windows Cryptographic Services Security Feature Bypass Vulnerability | 7.5 |
2024-07-09 | CVE-2024-30105 | Microsoft | Unspecified vulnerability in Microsoft .Net and Visual Studio 2022 .NET and Visual Studio Denial of Service Vulnerability | 7.5 |
2024-07-09 | CVE-2024-32987 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Server Information Disclosure Vulnerability | 7.5 |
2024-07-09 | CVE-2024-38015 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | 7.5 |
2024-07-09 | CVE-2024-38031 | Microsoft | Unspecified vulnerability in Microsoft products Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | 7.5 |
2024-07-09 | CVE-2024-38061 | Microsoft | Unspecified vulnerability in Microsoft products DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability | 7.5 |
2024-07-09 | CVE-2024-38064 | Microsoft | Unspecified vulnerability in Microsoft products Windows TCP/IP Information Disclosure Vulnerability | 7.5 |
2024-07-09 | CVE-2024-38067 | Microsoft | Unspecified vulnerability in Microsoft products Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | 7.5 |
2024-07-09 | CVE-2024-38068 | Microsoft | Unspecified vulnerability in Microsoft products Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | 7.5 |
2024-07-09 | CVE-2024-38071 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Desktop Licensing Service Denial of Service Vulnerability | 7.5 |
2024-07-09 | CVE-2024-38072 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Desktop Licensing Service Denial of Service Vulnerability | 7.5 |
2024-07-09 | CVE-2024-38073 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Desktop Licensing Service Denial of Service Vulnerability | 7.5 |
2024-07-09 | CVE-2024-38078 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 21H2 and Windows 11 23H2 Xbox Wireless Adapter Remote Code Execution Vulnerability | 7.5 |
2024-07-09 | CVE-2024-38091 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft WS-Discovery Denial of Service Vulnerability | 7.5 |
2024-07-09 | CVE-2024-38095 | Microsoft | Unspecified vulnerability in Microsoft .Net and Visual Studio 2022 .NET and Visual Studio Denial of Service Vulnerability | 7.5 |
2024-07-09 | CVE-2024-38112 | Microsoft | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Spoofing Vulnerability | 7.5 |
2024-07-09 | CVE-2024-39873 | Siemens | Improper Restriction of Excessive Authentication Attempts vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 7.5 |
2024-07-09 | CVE-2024-39874 | Siemens | Improper Restriction of Excessive Authentication Attempts vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 7.5 |
2024-07-08 | CVE-2024-6227 | Aimstack | Infinite Loop vulnerability in Aimstack AIM 3.19.3 A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. | 7.5 |
2024-07-08 | CVE-2024-23562 | Hcltech | Unspecified vulnerability in Hcltech Domino 11.0/12.0/14.0 A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. | 7.5 |
2024-07-08 | CVE-2024-31504 | Embedded Solutions | Classic Buffer Overflow vulnerability in Embedded-Solutions Freemodbus 20180912 Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodbus v.2018-09-12 allows a remtoe attacker to cause a denial of service via the LINUXTCP server component. | 7.5 |
2024-07-08 | CVE-2024-25639 | Khoj | Command Injection vulnerability in Khoj Khoj is an application that creates personal AI agents. | 7.5 |
2024-07-08 | CVE-2024-39743 | IBM | Unspecified vulnerability in IBM MQ Operator IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. | 7.5 |
2024-07-08 | CVE-2024-24974 | Openvpn | Unspecified vulnerability in Openvpn The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service. | 7.5 |
2024-07-09 | CVE-2023-50178 | Fortinet | Improper Certificate Validation vulnerability in Fortinet Fortiadc An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud. | 7.4 |
2024-07-11 | CVE-2024-39546 | A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system. This issue affects Junos OS Evolved: * All versions prior to 21.2R3-S8-EVO, * 21.4 versions prior to 21.4R3-S6-EVO, * 22.1 versions prior to 22.1R3-S5-EVO, * 22.2 versions prior to 22.2R3-S3-EVO, * 22.3 versions prior to 22.3R3-S3-EVO, * 22.4 versions prior to 22.4R3-EVO, * 23.2 versions prior to 23.2R2-EVO. | 7.3 | |
2024-07-09 | CVE-2024-30061 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 9.1 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 7.3 |
2024-07-09 | CVE-2024-38033 | Microsoft | Unspecified vulnerability in Microsoft products PowerShell Elevation of Privilege Vulnerability | 7.3 |
2024-07-09 | CVE-2024-38081 | Microsoft | Unspecified vulnerability in Microsoft .Net, .Net Framework and Visual Studio 2022 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | 7.3 |
2024-07-09 | CVE-2024-39867 | Siemens | Forced Browsing vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 7.3 |
2024-07-09 | CVE-2024-39868 | Siemens | Forced Browsing vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 7.3 |
2024-07-12 | CVE-2024-5902 | The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. | 7.2 | |
2024-07-11 | CVE-2024-6447 | The FULL – Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on the related functions. | 7.2 | |
2024-07-09 | CVE-2024-35154 | IBM | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. | 7.2 |
2024-07-09 | CVE-2024-38019 | Microsoft | Integer Overflow or Wraparound vulnerability in Microsoft products Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | 7.2 |
2024-07-09 | CVE-2024-38023 | Microsoft | Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Server Remote Code Execution Vulnerability | 7.2 |
2024-07-09 | CVE-2024-38024 | Microsoft | Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Server Remote Code Execution Vulnerability | 7.2 |
2024-07-09 | CVE-2024-38025 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | 7.2 |
2024-07-09 | CVE-2024-38028 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | 7.2 |
2024-07-09 | CVE-2024-38044 | Microsoft | Incorrect Conversion between Numeric Types vulnerability in Microsoft products DHCP Server Service Remote Code Execution Vulnerability | 7.2 |
2024-07-09 | CVE-2024-38094 | Microsoft | Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Remote Code Execution Vulnerability | 7.2 |
2024-07-09 | CVE-2024-39569 | Siemens | Command Injection vulnerability in Siemens Sinema Remote Connect Client A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). | 7.2 |
2024-07-09 | CVE-2024-37410 | Wpbeaveraddons | Path Traversal vulnerability in Wpbeaveraddons Powerpack Lite for Beaver Builder Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beaver Addons PowerPack Lite for Beaver Builder allows Path Traversal.This issue affects PowerPack Lite for Beaver Builder: from n/a through 1.3.0.3. | 7.2 |
2024-07-09 | CVE-2024-37266 | Themeum | Path Traversal vulnerability in Themeum Tutor LMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1. | 7.2 |
2024-07-09 | CVE-2024-37256 | Themeum | SQL Injection vulnerability in Themeum Tutor LMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1. | 7.2 |
2024-07-09 | CVE-2024-37486 | Strangerstudios | SQL Injection vulnerability in Strangerstudios Paid Memberships PRO Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5. | 7.2 |
2024-07-09 | CVE-2024-5479 | The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.13 due to insufficient input sanitization and output escaping. | 7.2 | |
2024-07-09 | CVE-2024-6123 | The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.13.3. | 7.2 | |
2024-07-09 | CVE-2024-6180 | The EventON plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eventon_import_settings' ajax action in all versions up to, and including, 2.2.15. | 7.2 | |
2024-07-09 | CVE-2024-28748 | A remote attacker with high privileges may use a reading file function to inject OS commands. | 7.2 | |
2024-07-09 | CVE-2024-28749 | A remote attacker with high privileges may use a writing file function to inject OS commands. | 7.2 | |
2024-07-09 | CVE-2024-5974 | Watchguard | Classic Buffer Overflow vulnerability in Watchguard Fireware A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3. | 7.2 |
2024-07-08 | CVE-2023-34435 | Realtek Level1 | Improper Verification of Cryptographic Signature vulnerability in multiple products A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-41251 | Realtek Level1 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-45215 | Realtek Level1 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-45742 | Realtek Level1 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-47856 | Realtek Level1 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-48270 | Realtek Level1 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-49073 | Realtek Level1 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-49593 | Level1 | Unspecified vulnerability in Level1 Wbr-6013 Firmware Rer4Av3411B2T2Rlev09170623 Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. | 7.2 |
2024-07-08 | CVE-2023-49595 | Realtek Level1 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-49867 | Realtek Level1 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-50239 | Realtek Level1 | Out-of-bounds Write vulnerability in multiple products Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-50240 | Realtek Level1 | Out-of-bounds Write vulnerability in multiple products Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-50243 | Realtek Level1 | Out-of-bounds Write vulnerability in multiple products Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-50244 | Realtek Level1 | Out-of-bounds Write vulnerability in multiple products Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-50330 | Realtek Level1 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-50381 | Realtek Level1 | OS Command Injection vulnerability in multiple products Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-50382 | Realtek Level1 | OS Command Injection vulnerability in multiple products Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2023-50383 | Realtek Level1 | OS Command Injection vulnerability in multiple products Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-08 | CVE-2024-21778 | Realtek Level1 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11. | 7.2 |
2024-07-11 | CVE-2024-5679 | Schneider Electric | Out-of-bounds Write vulnerability in Schneider-Electric Ecostruxure Foxboro DCS Control Core Services CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | 7.1 |
2024-07-09 | CVE-2024-30081 | Microsoft | Unspecified vulnerability in Microsoft products Windows NTLM Spoofing Vulnerability | 7.1 |
2024-07-09 | CVE-2024-38032 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Microsoft Xbox Remote Code Execution Vulnerability | 7.1 |
2024-07-09 | CVE-2024-39487 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() In function bond_option_arp_ip_targets_set(), if newval->string is an empty string, newval->string+1 will point to the byte after the string, causing an out-of-bound read. BUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418 Read of size 1 at addr ffff8881119c4781 by task syz-executor665/8107 CPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0xc1/0x5e0 mm/kasan/report.c:475 kasan_report+0xbe/0xf0 mm/kasan/report.c:588 strlen+0x7d/0xa0 lib/string.c:418 __fortify_strlen include/linux/fortify-string.h:210 [inline] in4_pton+0xa3/0x3f0 net/core/utils.c:130 bond_option_arp_ip_targets_set+0xc2/0x910 drivers/net/bonding/bond_options.c:1201 __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767 __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792 bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817 bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156 dev_attr_store+0x54/0x80 drivers/base/core.c:2366 sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136 kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x96a/0xd80 fs/read_write.c:584 ksys_write+0x122/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b ---[ end trace ]--- Fix it by adding a check of string length before using it. | 7.1 |
2024-07-09 | CVE-2024-34123 | Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. | 7.0 | |
2024-07-09 | CVE-2024-6222 | Docker | Unspecified vulnerability in Docker Desktop In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 additionally changes the default configuration to enable this setting by default. | 7.0 |
2024-07-09 | CVE-2024-38022 | Microsoft | Link Following vulnerability in Microsoft products Windows Image Acquisition Elevation of Privilege Vulnerability | 7.0 |
2024-07-09 | CVE-2024-38069 | Microsoft | Improper Verification of Cryptographic Signature vulnerability in Microsoft products Windows Enroll Engine Security Feature Bypass Vulnerability | 7.0 |
233 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-07-09 | CVE-2024-26184 | Microsoft | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 6.8 |
2024-07-09 | CVE-2024-38058 | Microsoft | Unspecified vulnerability in Microsoft products BitLocker Security Feature Bypass Vulnerability | 6.8 |
2024-07-09 | CVE-2024-38065 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 6.8 |
2024-07-11 | CVE-2024-38433 | Nuvoton | Improper Authentication vulnerability in Nuvoton products Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution. | 6.7 |
2024-07-09 | CVE-2024-38013 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Windows Server Backup Elevation of Privilege Vulnerability | 6.7 |
2024-07-08 | CVE-2024-6563 | Renesas | Classic Buffer Overflow vulnerability in Renesas Arm-Trusted-Firmware Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. | 6.7 |
2024-07-08 | CVE-2024-6564 | Renesas | Classic Buffer Overflow vulnerability in Renesas Arm-Trusted-Firmware Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. | 6.7 |
2024-07-10 | CVE-2024-39512 | An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges. This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO, * from 23.4R1-EVO before 23.4R2-EVO. | 6.6 | |
2024-07-12 | CVE-2024-31947 | Stonefly | Path Traversal vulnerability in Stonefly Storage Concentrator StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. | 6.5 |
2024-07-12 | CVE-2024-40547 | Publiccms | Unspecified vulnerability in Publiccms PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace. | 6.5 |
2024-07-11 | CVE-2024-39537 | An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports. This issue affects Junos OS Evolved on ACX 7000 Series: * All versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO. | 6.5 | |
2024-07-11 | CVE-2024-39538 | A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of the affected FPC until it is manually recovered. This issue affects Junos OS Evolved on ACX7000 Series: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO. | 6.5 | |
2024-07-11 | CVE-2024-39541 | An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart. This issue affects: Junos OS: * 22.4 versions before 22.4R3-S1, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R1-S1, 23.4R2, This issue does not affect Junos OS versions earlier than 22.4R1. Junos OS Evolved: * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO, This issue does not affect Junos OS Evolved versions earlier than before 22.4R1. | 6.5 | |
2024-07-11 | CVE-2024-39543 | A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S2-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R2-EVO. | 6.5 | |
2024-07-11 | CVE-2024-39550 | A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). | 6.5 | |
2024-07-11 | CVE-2024-39553 | An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity. This issue only happens when inline jflow is configured. This does not impact any forwarding traffic. | 6.5 | |
2024-07-11 | CVE-2024-39519 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved 22.2/22.3/22.4 An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). On all ACX 7000 Series platforms running Junos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. | 6.5 |
2024-07-10 | CVE-2024-39514 | An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). An attacker can send specific traffic to the device, which causes the rpd to crash and restart. | 6.5 | |
2024-07-10 | CVE-2024-39517 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS). In an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. | 6.5 | |
2024-07-10 | CVE-2024-39557 | An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS). Certain MAC table updates cause a small amount of memory to leak. Once memory utilization reaches its limit, the issue will result in a system crash and restart. To identify the issue, execute the CLI command: user@device> show platform application-info allocations app l2ald-agent EVL Object Allocation Statistics: Node Application Context Name Live Allocs Fails Guids re0 l2ald-agent net::juniper::rtnh::L2Rtinfo 1069096 1069302 0 1069302 re0 l2ald-agent net::juniper::rtnh::NHOpaqueTlv 114 195 0 195 This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. | 6.5 | |
2024-07-10 | CVE-2024-39560 | An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS). The kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected. System kernel memory can be monitored through the use of the 'show system kernel memory' command as shown below: user@router> show system kernel memory Real memory total/reserved: 4130268/ 133344 Kbytes kmem map free: 18014398509110220 Kbytes This issue affects: Junos OS: * All versions before 20.4R3-S9, * All versions of 21.2, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2; Junos OS Evolved: * All versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. | 6.5 | |
2024-07-10 | CVE-2024-6649 | Oretnom23 | Cross-Site Request Forgery (CSRF) vulnerability in Oretnom23 Employee and Visitor Gate Pass Logging System 1.0 A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. | 6.5 |
2024-07-09 | CVE-2024-21993 | Netapp | Unspecified vulnerability in Netapp Snapcenter SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials. | 6.5 |
2024-07-09 | CVE-2024-38020 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Outlook Spoofing Vulnerability | 6.5 |
2024-07-09 | CVE-2024-38027 | Microsoft | Unspecified vulnerability in Microsoft products Windows Line Printer Daemon Service Denial of Service Vulnerability | 6.5 |
2024-07-09 | CVE-2024-38030 | Microsoft | Unspecified vulnerability in Microsoft products Windows Themes Spoofing Vulnerability | 6.5 |
2024-07-09 | CVE-2024-38048 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability | 6.5 |
2024-07-09 | CVE-2024-38101 | Microsoft | Unspecified vulnerability in Microsoft products Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 6.5 |
2024-07-09 | CVE-2024-38102 | Microsoft | Unspecified vulnerability in Microsoft products Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 6.5 |
2024-07-09 | CVE-2024-38105 | Microsoft | Unspecified vulnerability in Microsoft products Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 6.5 |
2024-07-09 | CVE-2024-6237 | Redhat | Unspecified vulnerability in Redhat products A flaw was found in the 389 Directory Server. | 6.5 |
2024-07-09 | CVE-2023-50181 | Fortinet | Unspecified vulnerability in Fortinet Fortiadc An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests. | 6.5 |
2024-07-09 | CVE-2024-27784 | Fortinet | Information Exposure Through Log Files vulnerability in Fortinet Fortiaiops 2.0.0 Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files. | 6.5 |
2024-07-09 | CVE-2024-27785 | Fortinet | Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortiaiops 2.0.0 An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports. | 6.5 |
2024-07-09 | CVE-2024-39869 | Siemens | Unspecified vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 6.5 |
2024-07-09 | CVE-2023-3286 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. | 6.5 |
2024-07-09 | CVE-2023-3289 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). | 6.5 |
2024-07-09 | CVE-2024-37224 | Smartypantsplugins | Path Traversal vulnerability in Smartypantsplugins SP Project & Document Manager Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71. | 6.5 |
2024-07-09 | CVE-2024-37175 | SAP | Missing Authorization vulnerability in SAP products SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. | 6.5 |
2024-07-09 | CVE-2024-39592 | SAP | Missing Authorization vulnerability in SAP S4Core and S4Coreop Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application. | 6.5 |
2024-07-08 | CVE-2024-39695 | Exiv2 | Out-of-bounds Read vulnerability in Exiv2 0.28.0/0.28.1/0.28.2 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 6.5 |
2024-07-08 | CVE-2024-4341 | Extremepacs | Unspecified vulnerability in Extremepacs Extreme XDS Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. | 6.5 |
2024-07-12 | CVE-2024-39916 | Fogproject | Insecure Default Initialization of Resource vulnerability in Fogproject FOG is a free open-source cloning/imaging/rescue suite/inventory management system. | 6.4 |
2024-07-12 | CVE-2024-6495 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-07-12 | CVE-2024-6588 | The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘media_url’ parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-07-10 | CVE-2024-39556 | A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution. By exploiting the 'set security certificates' command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user's command interpreter, or potentially trigger a stack-based buffer overflow. This issue affects: Junos OS: * All versions before 21.4R3-S7, * from 22.1 before 22.1R3-S6, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2; Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * from 22.1-EVO before 22.1R3-S6-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S2-EVO, * from 23.2-EVO before 23.2R2-EVO, * from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO. | 6.4 | |
2024-07-10 | CVE-2024-4866 | The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-07-09 | CVE-2024-38086 | Microsoft | Unspecified vulnerability in Microsoft Azure Kinect Software Development KIT Azure Kinect SDK Remote Code Execution Vulnerability | 6.4 |
2024-07-09 | CVE-2024-6391 | The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bw_button shortcode in all versions up to, and including, 4.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-07-09 | CVE-2024-4862 | The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-07-09 | CVE-2024-5946 | The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tab’ shortcode in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-07-09 | CVE-2024-4868 | The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's EE Events and EE Flipbox widgets in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-07-09 | CVE-2024-5669 | The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.6.4. | 6.4 | |
2024-07-09 | CVE-2024-5937 | The Simple Alert Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-07-09 | CVE-2024-5881 | The Webico Slider Flatsome Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbc_image shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-07-11 | CVE-2024-39532 | An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information. This issue affects: Junos OS: * All versions before 22.1R2-S2, * 22.1R3 and later versions, * 22.2 versions before 22.2R2-S1, 22.2R3, * 22.3 versions before 22.3R1-S2, 22.3R2; Junos OS Evolved: * All versions before before 22.1R3-EVO, * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO, * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO. | 6.3 | |
2024-07-12 | CVE-2024-5626 | Data443 | Cross-site Scripting vulnerability in Data443 Inline Related Posts The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2024-07-11 | CVE-2024-6035 | Gaizhenbiao | Cross-site Scripting vulnerability in Gaizhenbiao Chuanhuchatgpt 20240410 A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. | 6.1 |
2024-07-11 | CVE-2024-6528 | Schneider Electric | Cross-site Scripting vulnerability in Schneider-Electric products CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. | 6.1 |
2024-07-10 | CVE-2024-38354 | Hackmd | Cross-site Scripting vulnerability in Hackmd Codimd CodiMD allows realtime collaborative markdown notes on all platforms. | 6.1 |
2024-07-10 | CVE-2023-6813 | The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wle’ parameter in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-07-09 | CVE-2024-37830 | Getoutline | Open Redirect vulnerability in Getoutline Outline An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie. | 6.1 |
2024-07-09 | CVE-2024-27183 | DJ Extensions | Cross-site Scripting vulnerability in Dj-Extensions Dj-Helpfularticles XSS vulnerability in DJ-HelpfulArticles component for Joomla. | 6.1 |
2024-07-09 | CVE-2024-38972 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/. | 6.1 |
2024-07-09 | CVE-2024-40726 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/. | 6.1 |
2024-07-09 | CVE-2024-40727 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/. | 6.1 |
2024-07-09 | CVE-2024-40728 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/. | 6.1 |
2024-07-09 | CVE-2024-40729 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/. | 6.1 |
2024-07-09 | CVE-2024-40730 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/{id}/edit/. | 6.1 |
2024-07-09 | CVE-2024-40731 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/{id}/edit/. | 6.1 |
2024-07-09 | CVE-2024-40732 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/. | 6.1 |
2024-07-09 | CVE-2024-40733 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/{id}/edit/. | 6.1 |
2024-07-09 | CVE-2024-40734 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/. | 6.1 |
2024-07-09 | CVE-2024-40735 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/. | 6.1 |
2024-07-09 | CVE-2024-40736 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add. | 6.1 |
2024-07-09 | CVE-2024-40737 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add. | 6.1 |
2024-07-09 | CVE-2024-40738 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/. | 6.1 |
2024-07-09 | CVE-2024-40739 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add. | 6.1 |
2024-07-09 | CVE-2024-40740 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/. | 6.1 |
2024-07-09 | CVE-2024-40741 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/{id}/edit/. | 6.1 |
2024-07-09 | CVE-2024-40742 | Netbox | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add. | 6.1 |
2024-07-09 | CVE-2024-21729 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. | 6.1 |
2024-07-09 | CVE-2024-21731 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. | 6.1 |
2024-07-09 | CVE-2024-26278 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! The Custom Fields component not correctly filter inputs, leading to a XSS vector. | 6.1 |
2024-07-09 | CVE-2024-26279 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! The wrapper extensions do not correctly validate inputs, leading to XSS vectors. | 6.1 |
2024-07-09 | CVE-2024-34685 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Knowledge Management and Collaboration (Kmc-Cm) 7.50 Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2024-07-09 | CVE-2024-37173 | SAP | Cross-site Scripting vulnerability in SAP products Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. | 6.1 |
2024-07-09 | CVE-2024-37174 | SAP | Cross-site Scripting vulnerability in SAP products Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. | 6.1 |
2024-07-08 | CVE-2024-39203 | Zblogcn | Cross-site Scripting vulnerability in Zblogcn Z-Blogphp A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
2024-07-08 | CVE-2024-5711 | Stitionai | Cross-site Scripting vulnerability in Stitionai Devika A stored Cross-Site Scripting (XSS) vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. | 6.1 |
2024-07-10 | CVE-2024-39554 | A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). | 5.9 | |
2024-07-10 | CVE-2024-39559 | An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device (vmcore) by sending a specific TCP packet over an established TCP session with MD5 authentication enabled, destined to an accessible port on the device, resulting in a Denial of Service (DoS). The receipt of this packet must occur within a specific timing window outside the attacker's control (i.e., race condition). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects dual RE systems with Nonstop Active Routing (NSR) enabled. Exploitation can only occur over TCP sessions with MD5 authentication enabled (e.g., BGP with MD5 authentication). This issue affects Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S6-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R2-S2-EVO, 22.4R3-EVO. | 5.9 | |
2024-07-09 | CVE-2024-37865 | S3Browser | Improper Certificate Validation vulnerability in S3Browser S3 Browser An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component. | 5.9 |
2024-07-09 | CVE-2024-38099 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Desktop Licensing Service Denial of Service Vulnerability | 5.9 |
2024-07-09 | CVE-2023-50179 | Fortinet | Improper Certificate Validation vulnerability in Fortinet Fortiadc An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors. | 5.9 |
2024-07-11 | CVE-2024-39533 | An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions ip-source-address ip-destination-address arp-type which are not supported for this type of filter, are used in an ethernet switching filter, and then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect. This issue affects Junos OS on QFX5000 Series and EX4600 Series: * All version before 21.2R3-S7, * 21.4 versions before 21.4R3-S6, * 22.1 versions before 22.1R3-S5, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S2, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2. Please note that the implemented fix ensures these unsupported match conditions cannot be committed anymore. | 5.8 | |
2024-07-10 | CVE-2024-39561 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an attacker to send TCP packets with SYN/FIN or SYN/RST flags, bypassing the expected blocking of these packets. A TCP packet with SYN/FIN or SYN/RST should be dropped in flowd. | 5.8 | |
2024-07-11 | CVE-2024-39528 | Juniper | Use After Free vulnerability in Juniper Junos A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart. This issue affects: Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S5, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S2, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S5-EVO, * 22.2-EVO versions before 22.2R3-S3-EVO, * 22.3-EVO versions before 22.3R3-S2-EVO, * 22.4-EVO versions before 22.4R3-EVO, * 23.2-EVO versions before 23.2R2-EVO. | 5.7 |
2024-07-09 | CVE-2024-39593 | SAP | Unspecified vulnerability in SAP Landscape Management 3.0 SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. | 5.7 |
2024-07-14 | CVE-2024-39733 | IBM | Insufficiently Protected Credentials vulnerability in IBM Datacap IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
2024-07-12 | CVE-2024-39498 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 [Why] Commit: - commit 5aa1dfcdf0a4 ("drm/mst: Refactor the flow for payload allocation/removement") accidently overwrite the commit - commit 54d217406afe ("drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2") which cause regression. [How] Recover the original NULL fix and remove the unnecessary input parameter 'state' for drm_dp_add_payload_part2(). (cherry picked from commit 4545614c1d8da603e57b60dd66224d81b6ffc305) | 5.5 |
2024-07-12 | CVE-2024-39504 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: validate mandatory meta and payload Check for mandatory netlink attributes in payload and meta expression when used embedded from the inner expression, otherwise NULL pointer dereference is possible from userspace. | 5.5 |
2024-07-12 | CVE-2024-39506 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet In lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value, but then it is unconditionally passed to skb_add_rx_frag() which looks strange and could lead to null pointer dereference. lio_vf_rep_copy_packet() call trace looks like: octeon_droq_process_packets octeon_droq_fast_process_packets octeon_droq_dispatch_pkt octeon_create_recv_info ...search in the dispatch_list... ->disp_fn(rdisp->rinfo, ...) lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...) In this path there is no code which sets pg_info->page to NULL. So this check looks unneeded and doesn't solve potential problem. But I guess the author had reason to add a check and I have no such card and can't do real test. In addition, the code in the function liquidio_push_packet() in liquidio/lio_core.c does exactly the same. Based on this, I consider the most acceptable compromise solution to adjust this issue by moving skb_add_rx_frag() into conditional scope. Found by Linux Verification Center (linuxtesting.org) with SVACE. | 5.5 |
2024-07-12 | CVE-2024-40904 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages The syzbot fuzzer found that the interrupt-URB completion callback in the cdc-wdm driver was taking too long, and the driver's immediate resubmission of interrupt URBs with -EPROTO status combined with the dummy-hcd emulation to cause a CPU lockup: cdc_wdm 1-1:1.0: nonzero urb status received: -71 cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625] CPU#0 Utilization every 4s during lockup: #1: 98% system, 0% softirq, 3% hardirq, 0% idle #2: 98% system, 0% softirq, 3% hardirq, 0% idle #3: 98% system, 0% softirq, 3% hardirq, 0% idle #4: 98% system, 0% softirq, 3% hardirq, 0% idle #5: 98% system, 1% softirq, 3% hardirq, 0% idle Modules linked in: irq event stamp: 73096 hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline] hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994 hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline] softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582 softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588 CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Testing showed that the problem did not occur if the two error messages -- the first two lines above -- were removed; apparently adding material to the kernel log takes a surprisingly large amount of time. In any case, the best approach for preventing these lockups and to avoid spamming the log with thousands of error messages per second is to ratelimit the two dev_err() calls. | 5.5 |
2024-07-12 | CVE-2024-40907 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic in XDP_TX action In the XDP_TX path, ionic driver sends a packet to the TX path with rx page and corresponding dma address. After tx is done, ionic_tx_clean() frees that page. But RX ring buffer isn't reset to NULL. So, it uses a freed page, which causes kernel panic. BUG: unable to handle page fault for address: ffff8881576c110c PGD 773801067 P4D 773801067 PUD 87f086067 PMD 87efca067 PTE 800ffffea893e060 Oops: Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI CPU: 1 PID: 25 Comm: ksoftirqd/1 Not tainted 6.9.0+ #11 Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021 RIP: 0010:bpf_prog_f0b8caeac1068a55_balancer_ingress+0x3b/0x44f Code: 00 53 41 55 41 56 41 57 b8 01 00 00 00 48 8b 5f 08 4c 8b 77 00 4c 89 f7 48 83 c7 0e 48 39 d8 RSP: 0018:ffff888104e6fa28 EFLAGS: 00010283 RAX: 0000000000000002 RBX: ffff8881576c1140 RCX: 0000000000000002 RDX: ffffffffc0051f64 RSI: ffffc90002d33048 RDI: ffff8881576c110e RBP: ffff888104e6fa88 R08: 0000000000000000 R09: ffffed1027a04a23 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881b03a21a8 R13: ffff8881589f800f R14: ffff8881576c1100 R15: 00000001576c1100 FS: 0000000000000000(0000) GS:ffff88881ae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff8881576c110c CR3: 0000000767a90000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x254/0x790 ? __pfx_page_fault_oops+0x10/0x10 ? __pfx_is_prefetch.constprop.0+0x10/0x10 ? search_bpf_extables+0x165/0x260 ? fixup_exception+0x4a/0x970 ? exc_page_fault+0xcb/0xe0 ? asm_exc_page_fault+0x22/0x30 ? 0xffffffffc0051f64 ? bpf_prog_f0b8caeac1068a55_balancer_ingress+0x3b/0x44f ? do_raw_spin_unlock+0x54/0x220 ionic_rx_service+0x11ab/0x3010 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? ionic_tx_clean+0x29b/0xc60 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? __pfx_ionic_tx_clean+0x10/0x10 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? __pfx_ionic_rx_service+0x10/0x10 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? ionic_tx_cq_service+0x25d/0xa00 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? __pfx_ionic_rx_service+0x10/0x10 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ionic_cq_service+0x69/0x150 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ionic_txrx_napi+0x11a/0x540 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] __napi_poll.constprop.0+0xa0/0x440 net_rx_action+0x7e7/0xc30 ? __pfx_net_rx_action+0x10/0x10 | 5.5 |
2024-07-12 | CVE-2024-40910 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount imbalance on inbound connections When releasing a socket in ax25_release(), we call netdev_put() to decrease the refcount on the associated ax.25 device. | 5.5 |
2024-07-12 | CVE-2024-40911 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Lock wiphy in cfg80211_get_station Wiphy should be locked before calling rdev_get_station() (see lockdep assert in ieee80211_get_station()). This fixes the following kernel NULL dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000003001000 [0000000000000050] pgd=0800000002dca003, p4d=0800000002dca003, pud=08000000028e9003, pmd=0000000000000000 Internal error: Oops: 0000000096000006 [#1] SMP Modules linked in: netconsole dwc3_meson_g12a dwc3_of_simple dwc3 ip_gre gre ath10k_pci ath10k_core ath9k ath9k_common ath9k_hw ath CPU: 0 PID: 1091 Comm: kworker/u8:0 Not tainted 6.4.0-02144-g565f9a3a7911-dirty #705 Hardware name: RPT (r1) (DT) Workqueue: bat_events batadv_v_elp_throughput_metric_update pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ath10k_sta_statistics+0x10/0x2dc [ath10k_core] lr : sta_set_sinfo+0xcc/0xbd4 sp : ffff000007b43ad0 x29: ffff000007b43ad0 x28: ffff0000071fa900 x27: ffff00000294ca98 x26: ffff000006830880 x25: ffff000006830880 x24: ffff00000294c000 x23: 0000000000000001 x22: ffff000007b43c90 x21: ffff800008898acc x20: ffff00000294c6e8 x19: ffff000007b43c90 x18: 0000000000000000 x17: 445946354d552d78 x16: 62661f7200000000 x15: 57464f445946354d x14: 0000000000000000 x13: 00000000000000e3 x12: d5f0acbcebea978e x11: 00000000000000e3 x10: 000000010048fe41 x9 : 0000000000000000 x8 : ffff000007b43d90 x7 : 000000007a1e2125 x6 : 0000000000000000 x5 : ffff0000024e0900 x4 : ffff800000a0250c x3 : ffff000007b43c90 x2 : ffff00000294ca98 x1 : ffff000006831920 x0 : 0000000000000000 Call trace: ath10k_sta_statistics+0x10/0x2dc [ath10k_core] sta_set_sinfo+0xcc/0xbd4 ieee80211_get_station+0x2c/0x44 cfg80211_get_station+0x80/0x154 batadv_v_elp_get_throughput+0x138/0x1fc batadv_v_elp_throughput_metric_update+0x1c/0xa4 process_one_work+0x1ec/0x414 worker_thread+0x70/0x46c kthread+0xdc/0xe0 ret_from_fork+0x10/0x20 Code: a9bb7bfd 910003fd a90153f3 f9411c40 (f9402814) This happens because STA has time to disconnect and reconnect before batadv_v_elp_throughput_metric_update() delayed work gets scheduled. | 5.5 |
2024-07-12 | CVE-2024-40912 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to synchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from softirq context. | 5.5 |
2024-07-12 | CVE-2024-40932 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/exynos/vidi: fix memory leak in .get_modes() The duplicated EDID is never freed. | 5.5 |
2024-07-12 | CVE-2024-40934 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Fix a memory leak on logi_dj_recv_send_report() error path. | 5.5 |
2024-07-12 | CVE-2024-40951 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() bdev->bd_super has been removed and commit 8887b94d9322 change the usage from bdev->bd_super to b_assoc_map->host->i_sb. | 5.5 |
2024-07-12 | CVE-2024-40952 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() bdev->bd_super has been removed and commit 8887b94d9322 change the usage from bdev->bd_super to b_assoc_map->host->i_sb. | 5.5 |
2024-07-12 | CVE-2024-40955 | Linux | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists() We can trigger a slab-out-of-bounds with the following commands: mkfs.ext4 -F /dev/$disk 10G mount /dev/$disk /tmp/test echo 2147483647 > /sys/fs/ext4/$disk/mb_group_prealloc echo test > /tmp/test/file && sync ================================================================== BUG: KASAN: slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists+0x8a/0x200 [ext4] Read of size 8 at addr ffff888121b9d0f0 by task kworker/u2:0/11 CPU: 0 PID: 11 Comm: kworker/u2:0 Tainted: GL 6.7.0-next-20240118 #521 Call Trace: dump_stack_lvl+0x2c/0x50 kasan_report+0xb6/0xf0 ext4_mb_find_good_group_avg_frag_lists+0x8a/0x200 [ext4] ext4_mb_regular_allocator+0x19e9/0x2370 [ext4] ext4_mb_new_blocks+0x88a/0x1370 [ext4] ext4_ext_map_blocks+0x14f7/0x2390 [ext4] ext4_map_blocks+0x569/0xea0 [ext4] ext4_do_writepages+0x10f6/0x1bc0 [ext4] [...] ================================================================== The flow of issue triggering is as follows: // Set s_mb_group_prealloc to 2147483647 via sysfs ext4_mb_new_blocks ext4_mb_normalize_request ext4_mb_normalize_group_request ac->ac_g_ex.fe_len = EXT4_SB(sb)->s_mb_group_prealloc ext4_mb_regular_allocator ext4_mb_choose_next_group ext4_mb_choose_next_group_best_avail mb_avg_fragment_size_order order = fls(len) - 2 = 29 ext4_mb_find_good_group_avg_frag_lists frag_list = &sbi->s_mb_avg_fragment_size[order] if (list_empty(frag_list)) // Trigger SOOB! At 4k block size, the length of the s_mb_avg_fragment_size list is 14, but an oversized s_mb_group_prealloc is set, causing slab-out-of-bounds to be triggered by an attempt to access an element at index 29. Add a new attr_id attr_clusters_in_group with values in the range [0, sbi->s_clusters_per_group] and declare mb_group_prealloc as that type to fix the issue. | 5.5 |
2024-07-12 | CVE-2024-40957 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors input_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for PREROUTING hook, in PREROUTING hook, we should passing a valid indev, and a NULL outdev to NF_HOOK(), otherwise may trigger a NULL pointer dereference, as below: [74830.647293] BUG: kernel NULL pointer dereference, address: 0000000000000090 [74830.655633] #PF: supervisor read access in kernel mode [74830.657888] #PF: error_code(0x0000) - not-present page [74830.659500] PGD 0 P4D 0 [74830.660450] Oops: 0000 [#1] PREEMPT SMP PTI ... [74830.664953] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [74830.666569] RIP: 0010:rpfilter_mt+0x44/0x15e [ipt_rpfilter] ... [74830.689725] Call Trace: [74830.690402] <IRQ> [74830.690953] ? show_trace_log_lvl+0x1c4/0x2df [74830.692020] ? show_trace_log_lvl+0x1c4/0x2df [74830.693095] ? ipt_do_table+0x286/0x710 [ip_tables] [74830.694275] ? __die_body.cold+0x8/0xd [74830.695205] ? page_fault_oops+0xac/0x140 [74830.696244] ? exc_page_fault+0x62/0x150 [74830.697225] ? asm_exc_page_fault+0x22/0x30 [74830.698344] ? rpfilter_mt+0x44/0x15e [ipt_rpfilter] [74830.699540] ipt_do_table+0x286/0x710 [ip_tables] [74830.700758] ? ip6_route_input+0x19d/0x240 [74830.701752] nf_hook_slow+0x3f/0xb0 [74830.702678] input_action_end_dx4+0x19b/0x1e0 [74830.703735] ? input_action_end_t+0xe0/0xe0 [74830.704734] seg6_local_input_core+0x2d/0x60 [74830.705782] lwtunnel_input+0x5b/0xb0 [74830.706690] __netif_receive_skb_one_core+0x63/0xa0 [74830.707825] process_backlog+0x99/0x140 [74830.709538] __napi_poll+0x2c/0x160 [74830.710673] net_rx_action+0x296/0x350 [74830.711860] __do_softirq+0xcb/0x2ac [74830.713049] do_softirq+0x63/0x90 input_action_end_dx4() passing a NULL indev to NF_HOOK(), and finally trigger a NULL dereference in rpfilter_mt()->rpfilter_is_loopback(): static bool rpfilter_is_loopback(const struct sk_buff *skb, const struct net_device *in) { // in is NULL return skb->pkt_type == PACKET_LOOPBACK || in->flags & IFF_LOOPBACK; } | 5.5 |
2024-07-12 | CVE-2024-40959 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ip6_dst_idev() can return NULL, xfrm6_get_saddr() must act accordingly. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 12 Comm: kworker/u8:1 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker RIP: 0010:xfrm6_get_saddr+0x93/0x130 net/ipv6/xfrm6_policy.c:64 Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 97 00 00 00 4c 8b ab d8 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 86 00 00 00 4d 8b 6d 00 e8 ca 13 47 01 48 b8 00 RSP: 0018:ffffc90000117378 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff88807b079dc0 RCX: ffffffff89a0d6d7 RDX: 0000000000000000 RSI: ffffffff89a0d6e9 RDI: ffff88807b079e98 RBP: ffff88807ad73248 R08: 0000000000000007 R09: fffffffffffff000 R10: ffff88807b079dc0 R11: 0000000000000007 R12: ffffc90000117480 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4586d00440 CR3: 0000000079042000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> xfrm_get_saddr net/xfrm/xfrm_policy.c:2452 [inline] xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2481 [inline] xfrm_tmpl_resolve+0xa26/0xf10 net/xfrm/xfrm_policy.c:2541 xfrm_resolve_and_create_bundle+0x140/0x2570 net/xfrm/xfrm_policy.c:2835 xfrm_bundle_lookup net/xfrm/xfrm_policy.c:3070 [inline] xfrm_lookup_with_ifid+0x4d1/0x1e60 net/xfrm/xfrm_policy.c:3201 xfrm_lookup net/xfrm/xfrm_policy.c:3298 [inline] xfrm_lookup_route+0x3b/0x200 net/xfrm/xfrm_policy.c:3309 ip6_dst_lookup_flow+0x15c/0x1d0 net/ipv6/ip6_output.c:1256 send6+0x611/0xd20 drivers/net/wireguard/socket.c:139 wg_socket_send_skb_to_peer+0xf9/0x220 drivers/net/wireguard/socket.c:178 wg_socket_send_buffer_to_peer+0x12b/0x190 drivers/net/wireguard/socket.c:200 wg_packet_send_handshake_initiation+0x227/0x360 drivers/net/wireguard/send.c:40 wg_packet_handshake_send_worker+0x1c/0x30 drivers/net/wireguard/send.c:51 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 | 5.5 |
2024-07-12 | CVE-2024-40960 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if __in6_dev_get() returns NULL. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f] CPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline] RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758 Code: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19 RSP: 0018:ffffc900034af070 EFLAGS: 00010203 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000 RDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c RBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a R13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000 FS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784 nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496 __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825 find_rr_leaf net/ipv6/route.c:853 [inline] rt6_select net/ipv6/route.c:897 [inline] fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195 ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231 pol_lookup_func include/net/ip6_fib.h:616 [inline] fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121 ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline] ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651 ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147 ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250 rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898 inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_write_iter+0x4b8/0x5c0 net/socket.c:1160 new_sync_write fs/read_write.c:497 [inline] vfs_write+0x6b6/0x1140 fs/read_write.c:590 ksys_write+0x1f8/0x260 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f | 5.5 |
2024-07-12 | CVE-2024-40961 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL. fib6_nh_init() ip6_validate_gw( &idev ) ip6_route_check_nh( idev ) *idev = in6_dev_get(dev); // can be NULL Oops: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7] CPU: 0 PID: 11237 Comm: syz-executor.3 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b8965297 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 RIP: 0010:fib6_nh_init+0x640/0x2160 net/ipv6/route.c:3606 Code: 00 00 fc ff df 4c 8b 64 24 58 48 8b 44 24 28 4c 8b 74 24 30 48 89 c1 48 89 44 24 28 48 8d 98 e0 05 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 b3 17 00 00 8b 1b 31 ff 89 de e8 b8 8b RSP: 0018:ffffc900032775a0 EFLAGS: 00010202 RAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000000000 RDX: 0000000000000010 RSI: ffffc90003277a54 RDI: ffff88802b3a08d8 RBP: ffffc900032778b0 R08: 00000000000002fc R09: 0000000000000000 R10: 00000000000002fc R11: 0000000000000000 R12: ffff88802b3a08b8 R13: 1ffff9200064eec8 R14: ffffc90003277a00 R15: dffffc0000000000 FS: 00007f940feb06c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000245e8000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ip6_route_info_create+0x99e/0x12b0 net/ipv6/route.c:3809 ip6_route_add+0x28/0x160 net/ipv6/route.c:3853 ipv6_route_ioctl+0x588/0x870 net/ipv6/route.c:4483 inet6_ioctl+0x21a/0x280 net/ipv6/af_inet6.c:579 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f940f07cea9 | 5.5 |
2024-07-12 | CVE-2024-40964 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind() The cs35l41_hda_unbind() function clears the hda_component entry matching it's index and then dereferences the codec pointer held in the first element of the hda_component array, this is an issue when the device index was 0. Instead use the codec pointer stashed in the cs35l41_hda structure as it will still be valid. | 5.5 |
2024-07-12 | CVE-2024-40965 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: i2c: lpi2c: Avoid calling clk_get_rate during transfer Instead of repeatedly calling clk_get_rate for each transfer, lock the clock rate and cache the value. A deadlock has been observed while adding tlv320aic32x4 audio codec to the system. | 5.5 |
2024-07-12 | CVE-2024-40967 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue. | 5.5 |
2024-07-12 | CVE-2024-40969 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: f2fs: don't set RO when shutting down f2fs Shutdown does not check the error of thaw_super due to readonly, which causes a deadlock like below. f2fs_ioc_shutdown(F2FS_GOING_DOWN_FULLSYNC) issue_discard_thread - bdev_freeze - freeze_super - f2fs_stop_checkpoint() - f2fs_handle_critical_error - sb_start_write - set RO - waiting - bdev_thaw - thaw_super_locked - return -EINVAL, if sb_rdonly() - f2fs_stop_discard_thread -> wait for kthread_stop(discard_thread); | 5.5 |
2024-07-12 | CVE-2024-40970 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: Avoid hw_desc array overrun in dw-axi-dmac I have a use case where nr_buffers = 3 and in which each descriptor is composed by 3 segments, resulting in the DMA channel descs_allocated to be 9. | 5.5 |
2024-07-12 | CVE-2024-40973 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: media: mtk-vcodec: potential null pointer deference in SCP The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. | 5.5 |
2024-07-12 | CVE-2024-40977 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery During chip recovery (e.g. | 5.5 |
2024-07-12 | CVE-2024-40980 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drop_monitor: replace spin_lock by raw_spin_lock trace_drop_common() is called with preemption disabled, and it acquires a spin_lock. | 5.5 |
2024-07-12 | CVE-2024-40981 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: batman-adv: bypass empty buckets in batadv_purge_orig_ref() Many syzbot reports are pointing to soft lockups in batadv_purge_orig_ref() [1] Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting reports. [1] watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621] Modules linked in: irq event stamp: 6182794 hardirqs last enabled at (6182793): [<ffff8000801dae10>] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 hardirqs last disabled at (6182794): [<ffff80008ad66a78>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (6182794): [<ffff80008ad66a78>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (6182792): [<ffff80008aab71c4>] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (6182792): [<ffff80008aab71c4>] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 softirqs last disabled at (6182790): [<ffff80008aab61dc>] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (6182790): [<ffff80008aab61dc>] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271 CPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: bat_events batadv_purge_orig pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline] pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388 lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 sp : ffff800099007970 x29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000 x26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001 x23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4 x20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0 x17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001 x14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000 Call trace: __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline] arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline] __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300 process_one_work+0x694/0x1204 kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x938/0xef4 kernel/workqueue.c:2787 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51 lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103 sp : ffff800093a17d30 x29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4 x26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002 x23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000 x20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396 x17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001 ---truncated--- | 5.5 |
2024-07-12 | CVE-2024-40982 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ssb: Fix potential NULL pointer dereference in ssb_device_uevent() The ssb_device_uevent() function first attempts to convert the 'dev' pointer to 'struct ssb_device *'. | 5.5 |
2024-07-12 | CVE-2024-40995 | Linux | Infinite Loop vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() syzbot found hanging tasks waiting on rtnl_lock [1] A reproducer is available in the syzbot bug. When a request to add multiple actions with the same index is sent, the second request will block forever on the first request. | 5.5 |
2024-07-12 | CVE-2024-40997 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on CPU EPP exit The cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is not freed in the analogous exit function, so fix that. [ rjw: Subject and changelog edits ] | 5.5 |
2024-07-12 | CVE-2024-41001 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: work around a potential audit memory leak kmemleak complains that there's a memory leak related to connect handling: unreferenced object 0xffff0001093bdf00 (size 128): comm "iou-sqp-455", pid 457, jiffies 4294894164 hex dump (first 32 bytes): 02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 2e481b1a): [<00000000c0a26af4>] kmemleak_alloc+0x30/0x38 [<000000009c30bb45>] kmalloc_trace+0x228/0x358 [<000000009da9d39f>] __audit_sockaddr+0xd0/0x138 [<0000000089a93e34>] move_addr_to_kernel+0x1a0/0x1f8 [<000000000b4e80e6>] io_connect_prep+0x1ec/0x2d4 [<00000000abfbcd99>] io_submit_sqes+0x588/0x1e48 [<00000000e7c25e07>] io_sq_thread+0x8a4/0x10e4 [<00000000d999b491>] ret_from_fork+0x10/0x20 which can can happen if: 1) The command type does something on the prep side that triggers an audit call. 2) The thread hasn't done any operations before this that triggered an audit call inside ->issue(), where we have audit_uring_entry() and audit_uring_exit(). Work around this by issuing a blanket NOP operation before the SQPOLL does anything. | 5.5 |
2024-07-12 | CVE-2024-41002 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - Fix memory leak for sec resource release The AIV is one of the SEC resources. | 5.5 |
2024-07-12 | CVE-2024-41006 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netrom: Fix a memory leak in nr_heartbeat_expiry() syzbot reported a memory leak in nr_create() [0]. Commit 409db27e3a2e ("netrom: Fix use-after-free of a listening socket.") added sock_hold() to the nr_heartbeat_expiry() function, where a) a socket has a SOCK_DESTROY flag or b) a listening socket has a SOCK_DEAD flag. But in the case "a," when the SOCK_DESTROY flag is set, the file descriptor has already been closed and the nr_release() function has been called. So it makes no sense to hold the reference count because no one will call another nr_destroy_socket() and put it as in the case "b." nr_connect nr_establish_data_link nr_start_heartbeat nr_release switch (nr->state) case NR_STATE_3 nr->state = NR_STATE_2 sock_set_flag(sk, SOCK_DESTROY); nr_rx_frame nr_process_rx_frame switch (nr->state) case NR_STATE_2 nr_state2_machine() nr_disconnect() nr_sk(sk)->state = NR_STATE_0 sock_set_flag(sk, SOCK_DEAD) nr_heartbeat_expiry switch (nr->state) case NR_STATE_0 if (sock_flag(sk, SOCK_DESTROY) || (sk->sk_state == TCP_LISTEN && sock_flag(sk, SOCK_DEAD))) sock_hold() // ( !!! ) nr_destroy_socket() To fix the memory leak, let's call sock_hold() only for a listening socket. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller. [0]: https://syzkaller.appspot.com/bug?extid=d327a1f3b12e1e206c16 | 5.5 |
2024-07-12 | CVE-2024-6625 | The WP Total Branding – Complete branding solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. | 5.5 | |
2024-07-11 | CVE-2024-5680 | Schneider Electric | Improper Validation of Array Index vulnerability in Schneider-Electric Ecostruxure Foxboro DCS Control Core Services CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | 5.5 |
2024-07-10 | CVE-2024-39511 | An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS). On running a specific operational dot1x command, the dot1x daemon crashes. | 5.5 | |
2024-07-10 | CVE-2024-39513 | An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS). When a specific "clear" command is run, the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts. The crash impacts all traffic going through the FPCs, causing a DoS. | 5.5 | |
2024-07-10 | CVE-2024-39489 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update seg6_hmac_exit to only free the memory when allocated, so we can reuse the code directly. | 5.5 |
2024-07-10 | CVE-2024-39493 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Using completion_done to determine whether the caller has gone away only works after a complete call. | 5.5 |
2024-07-10 | CVE-2024-25023 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. | 5.5 |
2024-07-09 | CVE-2024-34140 | Adobe | Out-of-bounds Read vulnerability in Adobe Bridge Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-07-09 | CVE-2024-38017 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Information Disclosure Vulnerability | 5.5 |
2024-07-09 | CVE-2024-38041 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Information Disclosure Vulnerability | 5.5 |
2024-07-09 | CVE-2024-38055 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Windows Codecs Library Information Disclosure Vulnerability | 5.5 |
2024-07-09 | CVE-2024-38056 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Windows Codecs Library Information Disclosure Vulnerability | 5.5 |
2024-07-09 | CVE-2024-39118 | Mommyheather | Unspecified vulnerability in Mommyheather Advanced Backups Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up. | 5.5 |
2024-07-09 | CVE-2024-5652 | Docker | Unspecified vulnerability in Docker Desktop In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode. | 5.5 |
2024-07-09 | CVE-2024-37442 | AYS PRO | Injection vulnerability in Ays-Pro Photo Gallery Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: from n/a before 5.7.1. | 5.5 |
2024-07-08 | CVE-2024-34602 | Samsung | Unspecified vulnerability in Samsung Android 12.0/13.0/14.0 Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. | 5.5 |
2024-07-08 | CVE-2024-34603 | Samsung | Unspecified vulnerability in Samsung Android 13.0/14.0 Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data. | 5.5 |
2024-07-12 | CVE-2024-40690 | IBM | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. | 5.4 |
2024-07-12 | CVE-2024-2430 | Matteoenna | Cross-site Scripting vulnerability in Matteoenna Website Content in Page or Post The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2024-07-12 | CVE-2024-2640 | Kibokolabs | Cross-site Scripting vulnerability in Kibokolabs Watu Quiz The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 5.4 |
2024-07-12 | CVE-2024-5811 | Quantumcloud | Cross-site Scripting vulnerability in Quantumcloud Simple Video Directory The Simple Video Directory WordPress plugin before 1.4.4 does not sanitise and escape some of its settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 5.4 |
2024-07-11 | CVE-2024-6392 | Sirv | Missing Authorization vulnerability in Sirv The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. | 5.4 |
2024-07-11 | CVE-2024-6256 | Smashballoon | Cross-site Scripting vulnerability in Smashballoon Feeds for Youtube The Feeds for YouTube (YouTube video, channel, and gallery plugin) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-07-11 | CVE-2024-4655 | Dotcamp | Cross-site Scripting vulnerability in Dotcamp Ultimate Blocks The Ultimate Blocks WordPress plugin before 3.1.9 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2024-07-11 | CVE-2024-5444 | Bible Text Project | Cross-site Scripting vulnerability in Bible Text Project Bible Text The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2024-07-11 | CVE-2024-6025 | Expresstech | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master The Quiz and Survey Master (QSM) WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks | 5.4 |
2024-07-11 | CVE-2024-6026 | 10Web | Cross-site Scripting vulnerability in 10Web Slider The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks | 5.4 |
2024-07-10 | CVE-2023-35006 | IBM | Cross-site Scripting vulnerability in IBM Security Qradar EDR 3.12 IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. | 5.4 |
2024-07-10 | CVE-2024-5664 | Sonaar | Cross-site Scripting vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-07-10 | CVE-2024-36450 | Webmin | Cross-site Scripting vulnerability in Webmin Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. | 5.4 |
2024-07-09 | CVE-2024-39900 | Opensearch | Authorization Bypass Through User-Controlled Key vulnerability in Opensearch Observability OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. | 5.4 |
2024-07-09 | CVE-2024-39901 | Opensearch | Authorization Bypass Through User-Controlled Key vulnerability in Opensearch Observability OpenSearch Observability is collection of plugins and applications that visualize data-driven events. | 5.4 |
2024-07-09 | CVE-2024-38971 | Vaethink | Cross-site Scripting vulnerability in Vaethink 1.0.2 vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend. | 5.4 |
2024-07-09 | CVE-2024-21730 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. | 5.4 |
2024-07-09 | CVE-2024-39871 | Siemens | Incorrect Authorization vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 5.4 |
2024-07-09 | CVE-2024-37437 | Elementor | Path Traversal vulnerability in Elementor Website Builder Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting (XSS), Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1. | 5.4 |
2024-07-09 | CVE-2024-3563 | Wpengine | Cross-site Scripting vulnerability in Wpengine Genesis Blocks The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-07-09 | CVE-2024-3603 | Hyumika | Cross-site Scripting vulnerability in Hyumika Openstreetmap The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osm_map' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. | 5.4 |
2024-07-09 | CVE-2024-4102 | The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1. | 5.4 | |
2024-07-09 | CVE-2024-5457 | Pandavideo | Cross-site Scripting vulnerability in Pandavideo Panda Video The Panda Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. | 5.4 |
2024-07-09 | CVE-2024-5600 | The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all versions up to, and including, 1.3.10. | 5.4 | |
2024-07-09 | CVE-2024-5648 | The LearnDash LMS – Reports plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.8.2. | 5.4 | |
2024-07-09 | CVE-2024-5993 | The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_session' function in all versions up to, and including, 3.0.1. | 5.4 | |
2024-07-09 | CVE-2024-37172 | SAP | Missing Authorization vulnerability in SAP S4Core 107/108 SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. | 5.4 |
2024-07-09 | CVE-2024-4667 | Plugin Devs | Cross-site Scripting vulnerability in Plugin-Devs Blog, Posts and Category Filter for Elementor The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post and Category Filter widget in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied 'post_types' attribute. | 5.4 |
2024-07-09 | CVE-2024-6169 | Unlimited Elements | Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates) The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. | 5.4 |
2024-07-09 | CVE-2024-6170 | Unlimited Elements | Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates) The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. | 5.4 |
2024-07-08 | CVE-2024-39308 | Rails Admin Project | Cross-site Scripting vulnerability in Rails Admin Project Rails Admin RailsAdmin is a Rails engine that provides an interface for managing data. | 5.4 |
2024-07-08 | CVE-2024-37389 | Apache | Cross-site Scripting vulnerability in Apache Nifi Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. | 5.4 |
2024-07-08 | CVE-2024-37528 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Business Automation IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. | 5.4 |
2024-07-13 | CVE-2024-6574 | The Laposta plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.12. | 5.3 | |
2024-07-12 | CVE-2024-6555 | The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. | 5.3 | |
2024-07-11 | CVE-2024-39536 | A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). When a BFD session configured with authentication flaps, ppmd memory can leak. | 5.3 | |
2024-07-11 | CVE-2024-39539 | A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart. This issue affects Junos OS on MX Series: * All version before 21.2R3-S6, * 21.4 versions before 21.4R3-S6, * 22.1 versions before 22.1R3-S5, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S2, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2. | 5.3 | |
2024-07-11 | CVE-2024-0619 | Payflex | Missing Authorization vulnerability in Payflex Payment Gateway The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. | 5.3 |
2024-07-11 | CVE-2024-6554 | Wpmudev | Unspecified vulnerability in Wpmudev Branda The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. | 5.3 |
2024-07-11 | CVE-2024-6210 | The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. | 5.3 | |
2024-07-10 | CVE-2023-33859 | IBM | Response Discrepancy Information Exposure vulnerability in IBM Security Qradar EDR 3.12 IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. | 5.3 |
2024-07-10 | CVE-2023-33860 | IBM | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in IBM Security Qradar EDR 3.12 IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. | 5.3 |
2024-07-10 | CVE-2024-6556 | The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8. | 5.3 | |
2024-07-10 | CVE-2024-6550 | The Gravity Forms: Multiple Form Instances plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.1. | 5.3 | |
2024-07-09 | CVE-2024-22377 | Pingidentity | Path Traversal vulnerability in Pingidentity Pingfederate The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. | 5.3 |
2024-07-09 | CVE-2024-35270 | Microsoft | Unspecified vulnerability in Microsoft products Windows iSCSI Service Denial of Service Vulnerability | 5.3 |
2024-07-09 | CVE-2024-3228 | Wpkube | Unspecified vulnerability in Wpkube Kiwi Social Share The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. | 5.3 |
2024-07-09 | CVE-2024-5810 | The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. | 5.3 | |
2024-07-09 | CVE-2024-6171 | Unlimited Elements | Unspecified vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates) The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. | 5.3 |
2024-07-08 | CVE-2024-6163 | Checkmk | Authentication Bypass by Spoofing vulnerability in Checkmk Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data | 5.3 |
2024-07-09 | CVE-2023-3290 | Easyappointments | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. | 5.0 |
2024-07-09 | CVE-2024-34689 | SAP | Server-Side Request Forgery (SSRF) vulnerability in SAP Business Workflow and SAP Basis WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. | 5.0 |
2024-07-09 | CVE-2024-37171 | SAP | Server-Side Request Forgery (SSRF) vulnerability in SAP Saptmui and Transportation Management SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. | 5.0 |
2024-07-08 | CVE-2024-39699 | Monospace | Server-Side Request Forgery (SSRF) vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 5.0 |
2024-07-11 | CVE-2024-39317 | Wagtail | Unspecified vulnerability in Wagtail Wagtail is an open source content management system built on Django. | 4.9 |
2024-07-09 | CVE-2024-38970 | Vaethink | Unspecified vulnerability in Vaethink 1.0.2 vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function. | 4.9 |
2024-07-12 | CVE-2024-3112 | Bestwebsoft | Unrestricted Upload of File with Dangerous Type vulnerability in Bestwebsoft Quotes and Tips The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | 4.8 |
2024-07-12 | CVE-2024-4753 | Wpexperts | Cross-site Scripting vulnerability in Wpexperts WP Secure Maintenance The WP Secure Maintenance WordPress plugin before 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2024-07-11 | CVE-2024-6138 | AYS PRO | Cross-site Scripting vulnerability in Ays-Pro Secure Copy Content Protection and Content Locking The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2024-07-10 | CVE-2024-6650 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Employee and Visitor Gate Pass Logging System 1.0 A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. | 4.8 |
2024-07-10 | CVE-2024-27095 | Decidim | Cross-site Scripting vulnerability in Decidim Decidim is a participatory democracy framework. | 4.8 |
2024-07-09 | CVE-2024-33509 | Fortinet | Improper Certificate Validation vulnerability in Fortinet Fortiweb An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF). | 4.8 |
2024-07-09 | CVE-2024-5802 | Mythemeshop | Cross-site Scripting vulnerability in Mythemeshop URL Shortener The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
2024-07-12 | CVE-2024-40905 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in __fib6_drop_pcpu_from() syzbot found a race in __fib6_drop_pcpu_from() [1] If compiler reads more than once (*ppcpu_rt), second read could read NULL, if another cpu clears the value in rt6_get_pcpu_route(). Add a READ_ONCE() to prevent this race. Also add rcu_read_lock()/rcu_read_unlock() because we rely on RCU protection while dereferencing pcpu_rt. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097] CPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Workqueue: netns cleanup_net RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984 Code: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48 RSP: 0018:ffffc900040df070 EFLAGS: 00010206 RAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16 RDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091 RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007 R10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8 R13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline] fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline] fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038 fib6_del_route net/ipv6/ip6_fib.c:1998 [inline] fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043 fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205 fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127 fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175 fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255 __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271 rt6_sync_down_dev net/ipv6/route.c:4906 [inline] rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911 addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855 addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778 notifier_call_chain+0xb9/0x410 kernel/notifier.c:93 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992 call_netdevice_notifiers_extack net/core/dev.c:2030 [inline] call_netdevice_notifiers net/core/dev.c:2044 [inline] dev_close_many+0x333/0x6a0 net/core/dev.c:1585 unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193 unregister_netdevice_many net/core/dev.c:11276 [inline] default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759 ops_exit_list+0x128/0x180 net/core/net_namespace.c:178 cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 | 4.7 |
2024-07-09 | CVE-2024-30071 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Connection Manager Information Disclosure Vulnerability | 4.7 |
2024-07-09 | CVE-2024-26015 | Fortinet | Incorrect Type Conversion or Cast vulnerability in Fortinet Fortios and Fortiproxy An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests. | 4.7 |
2024-07-09 | CVE-2024-34692 | SAP | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Enable NOW Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. | 4.6 |
2024-07-08 | CVE-2024-39723 | IBM | Improper Authentication vulnerability in IBM Storage Virtualize 8.6 IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. | 4.6 |
2024-07-14 | CVE-2024-39734 | IBM | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Datacap IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
2024-07-13 | CVE-2024-6465 | The WP Links Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplf_ajax_update_screenshots' function in all versions up to, and including, 4.9.5. | 4.3 | |
2024-07-12 | CVE-2024-1375 | The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing nonce check on the save_bulkdatas function in all versions up to, and including, 5.9.5. | 4.3 | |
2024-07-10 | CVE-2024-6410 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing validation on a user controlled key. | 4.3 | |
2024-07-09 | CVE-2024-22477 | Pingidentity | Cross-site Scripting vulnerability in Pingidentity Pingfederate A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. | 4.3 |
2024-07-09 | CVE-2024-21759 | Fortinet | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortiportal An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. | 4.3 |
2024-07-09 | CVE-2024-6608 | Mozilla | Unspecified vulnerability in Mozilla Firefox It was possible to move the cursor using pointerlock from an iframe. | 4.3 |
2024-07-09 | CVE-2024-6610 | Mozilla | Unspecified vulnerability in Mozilla Firefox Form validation popups could capture escape key presses. | 4.3 |
2024-07-09 | CVE-2024-39875 | Siemens | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 4.3 |
2024-07-09 | CVE-2024-5704 | The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.6.4. | 4.3 | |
2024-07-09 | CVE-2024-5856 | The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cir_delete_image AJAX action in all versions up to, and including, 2.2.1. | 4.3 | |
2024-07-09 | CVE-2024-6167 | The Just Custom Fields plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX functions in all versions up to, and including, 3.3.2. | 4.3 | |
2024-07-09 | CVE-2024-6168 | The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. | 4.3 | |
2024-07-09 | CVE-2024-5855 | The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulk_action_delete and delete_single_image_call AJAX actions in all versions up to, and including, 3.0.1. | 4.3 | |
2024-07-08 | CVE-2024-31897 | IBM | Server-Side Request Forgery (SSRF) vulnerability in IBM Cloud PAK for Business Automation IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). | 4.3 |
2024-07-09 | CVE-2024-39876 | Siemens | Allocation of Resources Without Limits or Throttling vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 4.0 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-07-09 | CVE-2024-28067 | Samsung | Unspecified vulnerability in Samsung Exynos Modem 5300 Firmware A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the victim in plaintext. | 3.7 |
2024-07-12 | CVE-2023-41093 | Silabs | Use After Free vulnerability in Silabs Bluetooth LOW Energy Software Development KIT Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0. | 3.1 |
2024-07-11 | CVE-2024-2880 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members. | 2.7 |
2024-07-11 | CVE-2024-5257 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace. | 2.7 |
2024-07-11 | CVE-2024-5470 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens. | 2.7 |