Weekly Vulnerabilities Reports > July 15 to 21, 2024

Overview

408 new vulnerabilities reported during this period, including 58 critical vulnerabilities and 106 high severity vulnerabilities. This weekly summary report vulnerabilities in 204 products from 132 vendors including Linux, Oracle, Apache, Google, and IBM. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Use After Free", "Path Traversal", and "Out-of-bounds Write".

  • 330 reported vulnerabilities are remotely exploitables.
  • 156 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 156 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 64 reported vulnerabilities.
  • Solarwinds has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

58 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-07-18 CVE-2024-5618 Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Apinizer Management Console: before 2024.05.1.
9.9
2024-07-21 CVE-2024-6957 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez University Management System 1.0

A vulnerability classified as critical has been found in itsourcecode University Management System 1.0.

9.8
2024-07-21 CVE-2024-6953 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0

A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical.

9.8
2024-07-21 CVE-2024-6951 Oretnom23 SQL Injection vulnerability in Oretnom23 Simple Online Book Store System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0.

9.8
2024-07-21 CVE-2024-6948 Gargaj Unrestricted Upload of File with Dangerous Type vulnerability in Gargaj Wuhu

A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120.

9.8
2024-07-21 CVE-2024-38437 Dlink Missing Authentication for Critical Function vulnerability in Dlink Dsl-225 Firmware Bz1.00.16

D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel

9.8
2024-07-21 CVE-2024-38438 Dlink Authentication Bypass by Capture-replay vulnerability in Dlink Dsl-225 Firmware Gem1.00.02

D-Link - CWE-294: Authentication Bypass by Capture-replay

9.8
2024-07-21 CVE-2024-6945 Flute CMS Unrestricted Upload of File with Dangerous Type vulnerability in Flute-Cms Flute 0.2.2.4

A vulnerability was found in Flute CMS 0.2.2.4-alpha.

9.8
2024-07-20 CVE-2024-6636 The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3.
9.8
2024-07-19 CVE-2024-6205 Payplus SQL Injection vulnerability in Payplus Payment Gateway

The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.

9.8
2024-07-19 CVE-2024-6899 Jkev SQL Injection vulnerability in Jkev Record Management System 1.0

A vulnerability was found in SourceCodester Record Management System 1.0.

9.8
2024-07-19 CVE-2024-6898 Jkev SQL Injection vulnerability in Jkev Record Management System 1.0

A vulnerability was found in SourceCodester Record Management System 1.0.

9.8
2024-07-18 CVE-2024-0857 UNI YAZ SQL Injection vulnerability in Uni-Yaz Flexwater Corporate Water Management

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc.

9.8
2024-07-18 CVE-2023-40704 Philips Unspecified vulnerability in Philips VUE Pacs 12.2.8.0

Philips Vue PACS uses default credentials for potentially critical functionality.

9.8
2024-07-18 CVE-2024-40629 Fit2Cloud Path Traversal vulnerability in Fit2Cloud Jumpserver

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser.

9.8
2024-07-18 CVE-2024-39907 Fit2Cloud SQL Injection vulnerability in Fit2Cloud 1Panel 1.10.10Lts/1.10.9Lts

1Panel is a web-based linux server management control panel.

9.8
2024-07-18 CVE-2024-39911 Fit2Cloud SQL Injection vulnerability in Fit2Cloud 1Panel 1.10.10Lts

1Panel is a web-based linux server management control panel.

9.8
2024-07-18 CVE-2024-6164 YMC 22 Path Traversal vulnerability in Ymc-22 Filter & Grids

The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter.

9.8
2024-07-17 CVE-2024-23465 Solarwinds Improper Authentication vulnerability in Solarwinds Access Rights Manager

The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability.

9.8
2024-07-17 CVE-2024-23466 Solarwinds Path Traversal vulnerability in Solarwinds Access Rights Manager

SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability.

9.8
2024-07-17 CVE-2024-23467 Solarwinds Path Traversal vulnerability in Solarwinds Access Rights Manager

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability.

9.8
2024-07-17 CVE-2024-23469 Solarwinds Improper Input Validation vulnerability in Solarwinds Access Rights Manager

SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability.

9.8
2024-07-17 CVE-2024-23470 Solarwinds Improper Authentication vulnerability in Solarwinds Access Rights Manager

The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability.

9.8
2024-07-17 CVE-2024-23471 Solarwinds Improper Authentication vulnerability in Solarwinds Access Rights Manager

The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability.

9.8
2024-07-17 CVE-2024-23474 Solarwinds Path Traversal vulnerability in Solarwinds Access Rights Manager

The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability.

9.8
2024-07-17 CVE-2024-23475 Solarwinds Path Traversal vulnerability in Solarwinds Access Rights Manager

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability.

9.8
2024-07-17 CVE-2024-28074 Solarwinds Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager

It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager.

9.8
2024-07-17 CVE-2024-5471 Zohocorp Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine DDI Central

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys.

9.8
2024-07-17 CVE-2024-36491 Centurysys OS Command Injection vulnerability in Centurysys products

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd.

9.8
2024-07-17 CVE-2024-6220 Keydatas Unrestricted Upload of File with Dangerous Type vulnerability in Keydatas

The ????? (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2.

9.8
2024-07-17 CVE-2024-6808 Code Projects SQL Injection vulnerability in Code-Projects Simple Task List 1.0

A vulnerability was found in itsourcecode Simple Task List 1.0.

9.8
2024-07-17 CVE-2024-6803 Document Management System Project SQL Injection vulnerability in Document Management System Project Document Management System 1.0

A vulnerability has been found in itsourcecode Document Management System 1.0 and classified as critical.

9.8
2024-07-17 CVE-2024-6801 Online Student Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Online Student Management System Project Online Student Management System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0.

9.8
2024-07-17 CVE-2024-6802 Computer Laboratory Management System Project SQL Injection vulnerability in Computer Laboratory Management System Project Computer Laboratory Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0.

9.8
2024-07-16 CVE-2024-21181 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

9.8
2024-07-16 CVE-2024-40129 Open5Gs Out-of-bounds Write vulnerability in Open5Gs 2.6.4

Open5GS v2.6.4 is vulnerable to Buffer Overflow.

9.8
2024-07-16 CVE-2024-40130 Open5Gs Out-of-bounds Write vulnerability in Open5Gs 2.6.4

open5gs v2.6.4 is vulnerable to Buffer Overflow.

9.8
2024-07-16 CVE-2024-40393 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez Online Clinic Management System 1.0

Online Clinic Management System In PHP With Free Source code v1.0 was discovered to contain a SQL injection vulnerability via the user parameter at login.php.

9.8
2024-07-16 CVE-2024-22442 HP Unspecified vulnerability in HP 3Par Service Processor Firmware

The vulnerability could be remotely exploited to bypass authentication.

9.8
2024-07-16 CVE-2024-33180 Tendacn Out-of-bounds Write vulnerability in Tendacn Ac18 Firmware 15.03.3.10

Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.

9.8
2024-07-16 CVE-2024-33182 Tendacn Out-of-bounds Write vulnerability in Tendacn Ac18 Firmware 15.03.3.10

Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter.

9.8
2024-07-16 CVE-2024-35338 Tendacn Use of Hard-coded Credentials vulnerability in Tendacn I29 Firmware 1.0.0.5

Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.

9.8
2024-07-16 CVE-2024-6457 The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ‘woof_author’ parameter in all versions up to, and including, 1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
9.8
2024-07-15 CVE-2024-40415 Tenda Out-of-bounds Write vulnerability in Tenda Ax1806 Firmware 1.0.0.1

A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.

9.8
2024-07-15 CVE-2024-40416 Tenda Out-of-bounds Write vulnerability in Tenda Ax1806 Firmware 1.0.0.1

A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.

9.8
2024-07-15 CVE-2024-40414 Tenda Out-of-bounds Write vulnerability in Tenda Ax1806 Firmware 1.0.0.1

A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.

9.8
2024-07-15 CVE-2024-6745 Code Projects SQL Injection vulnerability in Code-Projects Simple Ticket Booking 1.0

A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0.

9.8
2024-07-15 CVE-2024-6743 Space Management System Project SQL Injection vulnerability in Space Management System Project Space Management System 202404093302

AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

9.8
2024-07-15 CVE-2024-6744 Cellopoint Out-of-bounds Write vulnerability in Cellopoint Secure Email Gateway

The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability.

9.8
2024-07-15 CVE-2024-39736 IBM Improper Encoding or Escaping of Output vulnerability in IBM Datacap and Datacap Navigator

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.

9.8
2024-07-18 CVE-2024-5619 Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apinizer Management Console: before 2024.05.1.
9.6
2024-07-16 CVE-2019-25154 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6
2024-07-17 CVE-2024-23468 Solarwinds Path Traversal vulnerability in Solarwinds Access Rights Manager

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability.

9.4
2024-07-17 CVE-2024-28992 Solarwinds Path Traversal vulnerability in Solarwinds Access Rights Manager

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability.

9.4
2024-07-17 CVE-2024-28993 Solarwinds Path Traversal vulnerability in Solarwinds Access Rights Manager

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability.

9.4
2024-07-19 CVE-2024-29736 Apache Server-Side Request Forgery (SSRF) vulnerability in Apache CXF

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices.

9.1
2024-07-18 CVE-2024-40628 Fit2Cloud Path Traversal vulnerability in Fit2Cloud Jumpserver

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser.

9.1
2024-07-17 CVE-2024-31070 Centurysys Insecure Default Initialization of Resource vulnerability in Centurysys products

Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd.

9.1

106 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-07-21 CVE-2024-6958 Angeljudesuarez Unrestricted Upload of File with Dangerous Type vulnerability in Angeljudesuarez University Management System 1.0

A vulnerability classified as critical was found in itsourcecode University Management System 1.0.

8.8
2024-07-21 CVE-2024-6952 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez University Management System 1.0

A vulnerability has been found in itsourcecode University Management System 1.0 and classified as critical.

8.8
2024-07-21 CVE-2024-6946 Flute CMS Code Injection vulnerability in Flute-Cms Flute 0.2.2.4

A vulnerability was found in Flute CMS 0.2.2.4-alpha.

8.8
2024-07-21 CVE-2024-6947 Flute CMS Code Injection vulnerability in Flute-Cms Flute 0.2.2.4

A vulnerability was found in Flute CMS 0.2.2.4-alpha.

8.8
2024-07-21 CVE-2024-6943 Zhongbangkeji Deserialization of Untrusted Data vulnerability in Zhongbangkeji Crmeb

A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical.

8.8
2024-07-20 CVE-2024-6497 The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 12.3.19 due to insufficient input sanitization and output escaping.
8.8
2024-07-19 CVE-2024-41121 Woodpecker CI Unspecified vulnerability in Woodpecker-Ci Woodpecker

Woodpecker is a simple yet powerful CI/CD engine with great extensibility.

8.8
2024-07-19 CVE-2024-41122 Woodpecker CI Unspecified vulnerability in Woodpecker-Ci Woodpecker

Woodpecker is a simple yet powerful CI/CD engine with great extensibility.

8.8
2024-07-19 CVE-2024-37066 Wyze OS Command Injection vulnerability in Wyze CAM V4 Firmware

A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.

8.8
2024-07-19 CVE-2024-6906 Jkev SQL Injection vulnerability in Jkev Record Management System 1.0

A vulnerability was found in SourceCodester Record Management System 1.0 and classified as critical.

8.8
2024-07-19 CVE-2024-6904 Jkev SQL Injection vulnerability in Jkev Record Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Record Management System 1.0.

8.8
2024-07-19 CVE-2024-6905 Jkev SQL Injection vulnerability in Jkev Record Management System 1.0

A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as critical.

8.8
2024-07-19 CVE-2024-6338 Foliovision SQL Injection vulnerability in Foliovision FV Flowplayer Video Player

The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

8.8
2024-07-19 CVE-2024-6902 Jkev SQL Injection vulnerability in Jkev Record Management System 1.0

A vulnerability classified as critical was found in SourceCodester Record Management System 1.0.

8.8
2024-07-19 CVE-2024-6903 Jkev SQL Injection vulnerability in Jkev Record Management System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Record Management System 1.0.

8.8
2024-07-19 CVE-2024-6900 Jkev SQL Injection vulnerability in Jkev Record Management System 1.0

A vulnerability was found in SourceCodester Record Management System 1.0.

8.8
2024-07-19 CVE-2024-6901 Jkev SQL Injection vulnerability in Jkev Record Management System 1.0

A vulnerability classified as critical has been found in SourceCodester Record Management System 1.0.

8.8
2024-07-18 CVE-2023-40223 Philips Unspecified vulnerability in Philips VUE Pacs 12.2.8.0

Philips Vue PACS does not properly assign, modify, track, or check actor privileges, creating an unintended sphere of control for that actor.

8.8
2024-07-18 CVE-2024-29178 Apache Code Injection vulnerability in Apache Streampark

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4

8.8
2024-07-18 CVE-2024-3242 Brizy Unrestricted Upload of File with Dangerous Type vulnerability in Brizy Brizy-Page Builder

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43.

8.8
2024-07-18 CVE-2024-29014 Sonicwall Code Injection vulnerability in Sonicwall Netextender

Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.

8.8
2024-07-18 CVE-2024-5726 The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input 'timelines-data' parameter.
8.8
2024-07-17 CVE-2024-23472 Solarwinds Path Traversal vulnerability in Solarwinds Access Rights Manager

SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability.

8.8
2024-07-17 CVE-2024-27311 Zohocorp Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine DDI Central

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.

8.8
2024-07-17 CVE-2024-31411 Apache Unrestricted Upload of File with Dangerous Type vulnerability in Apache Streampipes

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

8.8
2024-07-17 CVE-2024-36475 Centurysys OS Command Injection vulnerability in Centurysys products

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd.

8.8
2024-07-17 CVE-2024-39877 Apache Code Injection vulnerability in Apache Airflow

Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model.

8.8
2024-07-17 CVE-2024-6467 Reputeinfosystems Unspecified vulnerability in Reputeinfosystems Bookingpress

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function.

8.8
2024-07-17 CVE-2024-6660 Reputeinfosystems Missing Authorization vulnerability in Reputeinfosystems Bookingpress

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5.

8.8
2024-07-16 CVE-2024-3168 Google Use After Free vulnerability in Google Chrome

Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-07-16 CVE-2024-3169 Google Use After Free vulnerability in Google Chrome

Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-07-16 CVE-2024-3170 Google Use After Free vulnerability in Google Chrome

Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-07-16 CVE-2024-3171 Google Use After Free vulnerability in Google Chrome

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures.

8.8
2024-07-16 CVE-2024-3172 Google Unspecified vulnerability in Google Chrome

Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page.

8.8
2024-07-16 CVE-2024-3173 Google Insufficient Verification of Data Authenticity vulnerability in Google Chrome

Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file.

8.8
2024-07-16 CVE-2024-3174 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8
2024-07-16 CVE-2024-3176 Google Out-of-bounds Write vulnerability in Google Chrome

Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

8.8
2024-07-16 CVE-2024-40322 Jfinalcms Project SQL Injection vulnerability in Jfinalcms Project Jfinalcms 5.0.0

An issue was discovered in JFinalCMS v.5.0.0.

8.8
2024-07-15 CVE-2024-6746 Easyspider Path Traversal vulnerability in Easyspider 0.6.2

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows.

8.8
2024-07-15 CVE-2023-46801 Apache Deserialization of Untrusted Data vulnerability in Apache Linkis 1.4.0/1.5.0

In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241.

8.8
2024-07-15 CVE-2023-49566 Apache Deserialization of Untrusted Data vulnerability in Apache Linkis 1.4.0/1.5.0

In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection.

8.8
2024-07-15 CVE-2024-5630 Elearningfreak Unrestricted Upload of File with Dangerous Type vulnerability in Elearningfreak Insert or Embed Articulate Content

The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.

8.8
2024-07-15 CVE-2024-6075 Tipsandtricks HQ Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq WP Estore

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

8.8
2024-07-15 CVE-2024-6737 Electronic Official Document Management System Project Unspecified vulnerability in Electronic Official Document Management System Project Electronic Official Document Management System

The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.

8.8
2024-07-15 CVE-2024-6736 Oretnom23 SQL Injection vulnerability in Oretnom23 Employee and Visitor Gate Pass Logging System 1.0

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0.

8.8
2024-07-15 CVE-2024-6734 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0

A vulnerability was found in itsourcecode Tailoring Management System 1.0.

8.8
2024-07-15 CVE-2024-6735 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0

A vulnerability was found in itsourcecode Tailoring Management System 1.0.

8.8
2024-07-16 CVE-2024-21136 Oracle Unspecified vulnerability in Oracle Retail Xstore Office

Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security).

8.6
2024-07-15 CVE-2024-21513 Langchain Unspecified vulnerability in Langchain Langchain-Experimental

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values.

8.5
2024-07-18 CVE-2023-50304 IBM XXE vulnerability in IBM products

IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

8.2
2024-07-16 CVE-2024-21141 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

8.2
2024-07-19 CVE-2024-41107 Apache Authentication Bypass by Spoofing vulnerability in Apache Cloudstack

The CloudStack SAML authentication (disabled by default) does not enforce signature check.

8.1
2024-07-16 CVE-2024-21146 Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts).
8.1
2024-07-16 CVE-2024-21149 Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Work Definition Issues).
8.1
2024-07-16 CVE-2024-21152 Vulnerability in the Oracle Process Manufacturing Financials product of Oracle E-Business Suite (component: Allocation Rules).
8.1
2024-07-16 CVE-2024-21153 Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management Specs).
8.1
2024-07-16 CVE-2024-21167 Vulnerability in the Oracle Trading Community product of Oracle E-Business Suite (component: Party Search UI).
8.1
2024-07-19 CVE-2024-40724 Assimp Out-of-bounds Write vulnerability in Assimp

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.

7.8
2024-07-18 CVE-2024-41011 Linux Incorrect Calculation vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case.

7.8
2024-07-16 CVE-2024-40637 Getdbt SQL Injection vulnerability in Getdbt DBT Core

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications.

7.8
2024-07-16 CVE-2022-48834 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fix bug in pipe direction for control transfers The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: BOGUS control dir, pipe 80001e80 doesn't match bRequestType 0 WARNING: CPU: 0 PID: 3813 at drivers/usb/core/urb.c:412 usb_submit_urb+0x13a5/0x1970 drivers/usb/core/urb.c:410 Modules linked in: CPU: 0 PID: 3813 Comm: syz-executor122 Not tainted 5.17.0-rc5-syzkaller-00306-g2293be58d6a1 #0 ... Call Trace: <TASK> usb_start_wait_urb+0x113/0x530 drivers/usb/core/message.c:58 usb_internal_control_msg drivers/usb/core/message.c:102 [inline] usb_control_msg+0x2a5/0x4b0 drivers/usb/core/message.c:153 usbtmc_ioctl_request drivers/usb/class/usbtmc.c:1947 [inline] The problem is that usbtmc_ioctl_request() uses usb_rcvctrlpipe() for all of its transfers, whether they are in or out.

7.8
2024-07-16 CVE-2022-48837 Linux Integer Overflow or Wraparound vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: prevent integer overflow in rndis_set_response() If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow.

7.8
2024-07-16 CVE-2022-48847 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: watch_queue: Fix filter limit check In watch_queue_set_filter(), there are a couple of places where we check that the filter type value does not exceed what the type_filter bitmap can hold.

7.8
2024-07-16 CVE-2022-48848 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Do not unregister events twice Nicolas reported that using: # trace-cmd record -e all -M 10 -p osnoise --poll Resulted in the following kernel warning: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1217 at kernel/tracepoint.c:404 tracepoint_probe_unregister+0x280/0x370 [...] CPU: 0 PID: 1217 Comm: trace-cmd Not tainted 5.17.0-rc6-next-20220307-nico+ #19 RIP: 0010:tracepoint_probe_unregister+0x280/0x370 [...] CR2: 00007ff919b29497 CR3: 0000000109da4005 CR4: 0000000000170ef0 Call Trace: <TASK> osnoise_workload_stop+0x36/0x90 tracing_set_tracer+0x108/0x260 tracing_set_trace_write+0x94/0xd0 ? __check_object_size.part.0+0x10a/0x150 ? selinux_file_permission+0x104/0x150 vfs_write+0xb5/0x290 ksys_write+0x5f/0xe0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7ff919a18127 [...] ---[ end trace 0000000000000000 ]--- The warning complains about an attempt to unregister an unregistered tracepoint. This happens on trace-cmd because it first stops tracing, and then switches the tracer to nop.

7.8
2024-07-16 CVE-2022-48851 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: staging: gdm724x: fix use after free in gdm_lte_rx() The netif_rx_ni() function frees the skb so we can't dereference it to save the skb->len.

7.8
2024-07-16 CVE-2022-48854 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: arc_emac: Fix use after free in arc_mdio_probe() If bus->state is equal to MDIOBUS_ALLOCATED, mdiobus_free(bus) will free the "bus".

7.8
2024-07-16 CVE-2022-48778 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: gpmi: don't leak PM reference in error path If gpmi_nfc_apply_timings() fails, the PM runtime usage counter must be dropped.

7.8
2024-07-16 CVE-2022-48779 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix use-after-free in ocelot_vlan_del() ocelot_vlan_member_del() will free the struct ocelot_bridge_vlan, so if this is the same as the port's pvid_vlan which we access afterwards, what we're accessing is freed memory. Fix the bug by determining whether to clear ocelot_port->pvid_vlan prior to calling ocelot_vlan_member_del().

7.8
2024-07-16 CVE-2022-48782 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed trace_mctp_key_acquire(key); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ When mctp_key_add() fails, key is freed but then is later used in trace_mctp_key_acquire().

7.8
2024-07-16 CVE-2022-48783 Linux Use After Free vulnerability in Linux Kernel 5.10.101/5.15.24/5.16.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: fix use after free in gswip_remove() of_node_put(priv->ds->slave_mii_bus->dev.of_node) should be done before mdiobus_free(priv->ds->slave_mii_bus).

7.8
2024-07-16 CVE-2022-48787 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: fix use-after-free If no firmware was present at all (or, presumably, all of the firmware files failed to parse), we end up unbinding by calling device_release_driver(), which calls remove(), which then in iwlwifi calls iwl_drv_stop(), freeing the 'drv' struct.

7.8
2024-07-16 CVE-2022-48788 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nvme_rdma_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in order to fully prevent a race where this check is not reliable the error recovery work must flush async_event_work before continuing to destroy the admin queue after setting the ctrl state to RESETTING such that there is no race .submit_async_event and the error recovery handler itself changing the ctrl state.

7.8
2024-07-16 CVE-2022-48789 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport error_recovery work While nvme_tcp_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in order to fully prevent a race where this check is not reliable the error recovery work must flush async_event_work before continuing to destroy the admin queue after setting the ctrl state to RESETTING such that there is no race .submit_async_event and the error recovery handler itself changing the ctrl state.

7.8
2024-07-16 CVE-2022-48791 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion().

7.8
2024-07-16 CVE-2022-48792 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_sata_completion(). In this case, the following are the two steps in handling those I/O completions: - Call complete() to inform the upper layer handler of completion of the I/O. - Release driver resources associated with the sas_task in pm8001_ccb_task_free() call. When complete() is called, the upper layer may free the sas_task.

7.8
2024-07-16 CVE-2022-48796 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix potential use-after-free during probe Kasan has reported the following use after free on dev->iommu. when a device probe fails and it is in process of freeing dev->iommu in dev_iommu_free function, a deferred_probe_work_func runs in parallel and tries to access dev->iommu->fwspec in of_iommu_configure path thus causing use after free. BUG: KASAN: use-after-free in of_iommu_configure+0xb4/0x4a4 Read of size 8 at addr ffffff87a2f1acb8 by task kworker/u16:2/153 Workqueue: events_unbound deferred_probe_work_func Call trace: dump_backtrace+0x0/0x33c show_stack+0x18/0x24 dump_stack_lvl+0x16c/0x1e0 print_address_description+0x84/0x39c __kasan_report+0x184/0x308 kasan_report+0x50/0x78 __asan_load8+0xc0/0xc4 of_iommu_configure+0xb4/0x4a4 of_dma_configure_id+0x2fc/0x4d4 platform_dma_configure+0x40/0x5c really_probe+0x1b4/0xb74 driver_probe_device+0x11c/0x228 __device_attach_driver+0x14c/0x304 bus_for_each_drv+0x124/0x1b0 __device_attach+0x25c/0x334 device_initial_probe+0x24/0x34 bus_probe_device+0x78/0x134 deferred_probe_work_func+0x130/0x1a8 process_one_work+0x4c8/0x970 worker_thread+0x5c8/0xaec kthread+0x1f8/0x220 ret_from_fork+0x10/0x18 Allocated by task 1: ____kasan_kmalloc+0xd4/0x114 __kasan_kmalloc+0x10/0x1c kmem_cache_alloc_trace+0xe4/0x3d4 __iommu_probe_device+0x90/0x394 probe_iommu_group+0x70/0x9c bus_for_each_dev+0x11c/0x19c bus_iommu_probe+0xb8/0x7d4 bus_set_iommu+0xcc/0x13c arm_smmu_bus_init+0x44/0x130 [arm_smmu] arm_smmu_device_probe+0xb88/0xc54 [arm_smmu] platform_drv_probe+0xe4/0x13c really_probe+0x2c8/0xb74 driver_probe_device+0x11c/0x228 device_driver_attach+0xf0/0x16c __driver_attach+0x80/0x320 bus_for_each_dev+0x11c/0x19c driver_attach+0x38/0x48 bus_add_driver+0x1dc/0x3a4 driver_register+0x18c/0x244 __platform_driver_register+0x88/0x9c init_module+0x64/0xff4 [arm_smmu] do_one_initcall+0x17c/0x2f0 do_init_module+0xe8/0x378 load_module+0x3f80/0x4a40 __se_sys_finit_module+0x1a0/0x1e4 __arm64_sys_finit_module+0x44/0x58 el0_svc_common+0x100/0x264 do_el0_svc+0x38/0xa4 el0_svc+0x20/0x30 el0_sync_handler+0x68/0xac el0_sync+0x160/0x180 Freed by task 1: kasan_set_track+0x4c/0x84 kasan_set_free_info+0x28/0x4c ____kasan_slab_free+0x120/0x15c __kasan_slab_free+0x18/0x28 slab_free_freelist_hook+0x204/0x2fc kfree+0xfc/0x3a4 __iommu_probe_device+0x284/0x394 probe_iommu_group+0x70/0x9c bus_for_each_dev+0x11c/0x19c bus_iommu_probe+0xb8/0x7d4 bus_set_iommu+0xcc/0x13c arm_smmu_bus_init+0x44/0x130 [arm_smmu] arm_smmu_device_probe+0xb88/0xc54 [arm_smmu] platform_drv_probe+0xe4/0x13c really_probe+0x2c8/0xb74 driver_probe_device+0x11c/0x228 device_driver_attach+0xf0/0x16c __driver_attach+0x80/0x320 bus_for_each_dev+0x11c/0x19c driver_attach+0x38/0x48 bus_add_driver+0x1dc/0x3a4 driver_register+0x18c/0x244 __platform_driver_register+0x88/0x9c init_module+0x64/0xff4 [arm_smmu] do_one_initcall+0x17c/0x2f0 do_init_module+0xe8/0x378 load_module+0x3f80/0x4a40 __se_sys_finit_module+0x1a0/0x1e4 __arm64_sys_finit_module+0x44/0x58 el0_svc_common+0x100/0x264 do_el0_svc+0x38/0xa4 el0_svc+0x20/0x30 el0_sync_handler+0x68/0xac el0_sync+0x160/0x180 Fix this by setting dev->iommu to NULL first and then freeing dev_iommu structure in dev_iommu_free function.

7.8
2024-07-16 CVE-2022-48822 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: f_fs: Fix use-after-free for epfile Consider a case where ffs_func_eps_disable is called from ffs_func_disable as part of composition switch and at the same time ffs_epfile_release get called from userspace. ffs_epfile_release will free up the read buffer and call ffs_data_closed which in turn destroys ffs->epfiles and mark it as NULL.

7.8
2024-07-15 CVE-2024-5402 ABB Unquoted Search Path or Element vulnerability in ABB Mint Workbench 5866/5868

Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I versions: from 5866 before 5868.

7.8
2024-07-21 CVE-2024-38435 Unitronics Unspecified vulnerability in Unitronics Vision PLC

Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service

7.5
2024-07-21 CVE-2024-6944 Zhongbangkeji Deserialization of Untrusted Data vulnerability in Zhongbangkeji Crmeb

A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical.

7.5
2024-07-19 CVE-2024-41600 Talelin Unspecified vulnerability in Talelin Lin-Cms-Spring-Boot 0.2.0/0.2.1

Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component.

7.5
2024-07-19 CVE-2024-32007 Apache Unspecified vulnerability in Apache CXF

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. 

7.5
2024-07-19 CVE-2024-41172 Apache Memory Leak vulnerability in Apache CXF

In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory

7.5
2024-07-18 CVE-2024-40898 Apache Server-Side Request Forgery (SSRF) vulnerability in Apache Http Server

SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. 

7.5
2024-07-18 CVE-2024-40764 Sonicwall Out-of-bounds Write vulnerability in Sonicwall Sonicos

Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).

7.5
2024-07-17 CVE-2024-6830 Oretnom23 SQL Injection vulnerability in Oretnom23 Simple Inventory Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0.

7.5
2024-07-16 CVE-2024-21175 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

7.5
2024-07-16 CVE-2024-21182 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

7.5
2024-07-16 CVE-2024-21183 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

7.5
2024-07-16 CVE-2019-16638 Ruijie Cleartext Storage of Sensitive Information vulnerability in Ruijie Eg-2000Se Firmware 11.1(1)B1

An issue was found on the Ruijie EG-2000 series gateway.

7.5
2024-07-16 CVE-2024-6089 Rockwellautomation Unspecified vulnerability in Rockwellautomation 5015-Aenftxt Firmware 2.011

An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault.

7.5
2024-07-15 CVE-2024-23794 Otrs Unspecified vulnerability in Otrs

An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation.

7.5
2024-07-15 CVE-2024-39731 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Datacap

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2024-07-16 CVE-2024-21147 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
7.4
2024-07-20 CVE-2024-6635 The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.3.
7.3
2024-07-20 CVE-2024-6637 The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3.
7.3
2024-07-21 CVE-2024-6956 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez University Management System 1.0

A vulnerability was found in itsourcecode University Management System 1.0.

7.2
2024-07-21 CVE-2024-6940 Dedecms Code Injection vulnerability in Dedecms 5.7.112

A vulnerability was found in DedeCMS 5.7.114.

7.2
2024-07-16 CVE-2024-21184 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server.

7.2
2024-07-16 CVE-2022-48855 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak [1] of 4 bytes. After analysis, it turned out r->idiag_expires is not initialized if inet_sctp_diag_fill() calls inet_diag_msg_common_fill() Make sure to clear idiag_timer/idiag_retrans/idiag_expires and let inet_diag_msg_sctpasoc_fill() fill them again if needed. [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:154 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 instrument_copy_to_user include/linux/instrumented.h:121 [inline] copyout lib/iov_iter.c:154 [inline] _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 copy_to_iter include/linux/uio.h:162 [inline] simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519 __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425 skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533 skb_copy_datagram_msg include/linux/skbuff.h:3696 [inline] netlink_recvmsg+0x669/0x1c80 net/netlink/af_netlink.c:1977 sock_recvmsg_nosec net/socket.c:948 [inline] sock_recvmsg net/socket.c:966 [inline] __sys_recvfrom+0x795/0xa10 net/socket.c:2097 __do_sys_recvfrom net/socket.c:2115 [inline] __se_sys_recvfrom net/socket.c:2111 [inline] __x64_sys_recvfrom+0x19d/0x210 net/socket.c:2111 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: slab_post_alloc_hook mm/slab.h:737 [inline] slab_alloc_node mm/slub.c:3247 [inline] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4975 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1158 [inline] netlink_dump+0x3e5/0x16c0 net/netlink/af_netlink.c:2248 __netlink_dump_start+0xcf8/0xe90 net/netlink/af_netlink.c:2373 netlink_dump_start include/linux/netlink.h:254 [inline] inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1341 sock_diag_rcv_msg+0x24a/0x620 netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2494 sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:277 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x1093/0x1360 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x14d9/0x1720 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg net/socket.c:725 [inline] sock_write_iter+0x594/0x690 net/socket.c:1061 do_iter_readv_writev+0xa7f/0xc70 do_iter_write+0x52c/0x1500 fs/read_write.c:851 vfs_writev fs/read_write.c:924 [inline] do_writev+0x645/0xe00 fs/read_write.c:967 __do_sys_writev fs/read_write.c:1040 [inline] __se_sys_writev fs/read_write.c:1037 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Bytes 68-71 of 2508 are uninitialized Memory access of size 2508 starts at ffff888114f9b000 Data copied to user address 00007f7fe09ff2e0 CPU: 1 PID: 3478 Comm: syz-executor306 Not tainted 5.17.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011

7.1
2024-07-16 CVE-2022-48866 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts Syzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug. The root case is in missing validation check of actual number of endpoints. Code should not blindly access usb_host_interface::endpoint array, since it may contain less endpoints than code expects. Fix it by adding missing validaion check and print an error if number of endpoints do not match expected number

7.1
2024-07-16 CVE-2021-47624 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change The refcount leak issues take place in an error handling path.

7.1
2024-07-16 CVE-2022-48820 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() This error path needs to decrement "usbphyc->n_pll_cons.counter" before returning.

7.1
2024-07-16 CVE-2024-1937 The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including, 2.4.44.
7.1
2024-07-16 CVE-2022-48858 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix a race on command flush flow Fix a refcount use after free warning due to a race on command entry. Such race occurs when one of the commands releases its last refcount and frees its index and entry while another process running command flush flow takes refcount to this command entry.

7.0
2024-07-16 CVE-2022-48790 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queue_rq, in .submit_async_event drivers may not check the ctrl readiness for AER submission.

7.0

231 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-07-18 CVE-2023-40159 Philips Unspecified vulnerability in Philips VUE Pacs 12.2.8.0

A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information.

6.5
2024-07-18 CVE-2024-5620 Authentication Bypass Using an Alternate Path or Channel vulnerability in PruvaSoft Informatics Apinizer Management Console allows Authentication Bypass.This issue affects Apinizer Management Console: before 2024.05.1.
6.5
2024-07-17 CVE-2024-40617 Fujitsu Path Traversal vulnerability in Fujitsu Network Edgiot Gw1500 Firmware

Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS).

6.5
2024-07-16 CVE-2020-36765 Google Unspecified vulnerability in Google Chrome

Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5
2024-07-16 CVE-2024-21168 Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).
6.5
2024-07-16 CVE-2024-21171 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

6.5
2024-07-16 CVE-2024-21177 Oracle Unspecified vulnerability in Oracle Mysql Cluster and Mysql Server

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

6.5
2024-07-16 CVE-2024-2884 Google Out-of-bounds Read vulnerability in Google Chrome

Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

6.5
2024-07-16 CVE-2024-5500 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

6.5
2024-07-16 CVE-2024-5566 Github Unspecified vulnerability in Github Enterprise Server

An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token.

6.5
2024-07-16 CVE-2024-5795 Github Resource Exhaustion vulnerability in Github Enterprise Server

A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server.

6.5
2024-07-16 CVE-2024-5815 Github Cross-Site Request Forgery (CSRF) vulnerability in Github Enterprise Server

A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types.

6.5
2024-07-16 CVE-2024-5817 Github Incorrect Authorization vulnerability in Github Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects.

6.5
2024-07-16 CVE-2024-39036 Seacms Path Traversal vulnerability in Seacms 12.9

SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.

6.5
2024-07-16 CVE-2024-6325 Rockwellautomation Incorrect Default Permissions vulnerability in Rockwellautomation Factorytalk Policy Manager 6.40.0

The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  and CVE-2022-1161.

6.5
2024-07-15 CVE-2024-39767 Mattermost Improper Authentication vulnerability in Mattermost Mobile 1.26.0/1.29.0/1.30.0

Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that server’s push notifications.

6.5
2024-07-15 CVE-2023-41916 Apache Files or Directories Accessible to External Parties vulnerability in Apache Linkis 1.4.0/1.5.0

In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading.

6.5
2024-07-20 CVE-2024-2337 The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-07-18 CVE-2024-5554 Bdthemes Cross-site Scripting vulnerability in Bdthemes Element Pack

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onclick_event’ parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and output escaping.

6.4
2024-07-18 CVE-2024-5555 Bdthemes Cross-site Scripting vulnerability in Bdthemes Element Pack

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘social-link-title’ parameter in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping.

6.4
2024-07-18 CVE-2024-5964 The Zenon Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping.
6.4
2024-07-16 CVE-2023-52886 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev->descriptor in hub_port_init() Syzbot reported an out-of-bounds read in sysfs.c:read_descriptors(): BUG: KASAN: slab-out-of-bounds in read_descriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 Read of size 8 at addr ffff88801e78b8c8 by task udevd/5011 CPU: 0 PID: 5011 Comm: udevd Not tainted 6.4.0-rc6-syzkaller-00195-g40f71e7cd3c6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:351 print_report mm/kasan/report.c:462 [inline] kasan_report+0x11c/0x130 mm/kasan/report.c:572 read_descriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 ... Allocated by task 758: ... __do_kmalloc_node mm/slab_common.c:966 [inline] __kmalloc+0x5e/0x190 mm/slab_common.c:979 kmalloc include/linux/slab.h:563 [inline] kzalloc include/linux/slab.h:680 [inline] usb_get_configuration+0x1f7/0x5170 drivers/usb/core/config.c:887 usb_enumerate_device drivers/usb/core/hub.c:2407 [inline] usb_new_device+0x12b0/0x19d0 drivers/usb/core/hub.c:2545 As analyzed by Khazhy Kumykov, the cause of this bug is a race between read_descriptors() and hub_port_init(): The first routine uses a field in udev->descriptor, not expecting it to change, while the second overwrites it. Prior to commit 45bf39f8df7f ("USB: core: Don't hold device lock while reading the "descriptors" sysfs file") this race couldn't occur, because the routines were mutually exclusive thanks to the device locking.

6.4
2024-07-16 CVE-2024-4780 The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eihe_link’ parameter in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping.
6.4
2024-07-16 CVE-2024-21170 Oracle Unspecified vulnerability in Oracle Mysql Connector/Python 8.4.0

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python).

6.3
2024-07-16 CVE-2024-3175 Google Unspecified vulnerability in Google Chrome

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension.

6.3
2024-07-21 CVE-2024-37459 Payplus Cross-site Scripting vulnerability in Payplus Payment Gateway

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8.

6.1
2024-07-21 CVE-2024-37461 Northernbeacheswebsites Cross-site Scripting vulnerability in Northernbeacheswebsites Ideapush

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.65.

6.1
2024-07-21 CVE-2024-37485 Usestrict Cross-site Scripting vulnerability in Usestrict Bbpress Notify

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vinny Alves (UseStrict Consulting) bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3.

6.1
2024-07-21 CVE-2024-38781 Artistscope Cross-site Scripting vulnerability in Artistscope Copysafe web Protection

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArtistScope CopySafe Web Protection allows Reflected XSS.This issue affects CopySafe Web Protection: from n/a through 3.15.

6.1
2024-07-21 CVE-2024-6954 Jkev Cross-site Scripting vulnerability in Jkev Record Management System 1.0

A vulnerability was found in SourceCodester Record Management System 1.0.

6.1
2024-07-21 CVE-2024-6955 Jkev Cross-site Scripting vulnerability in Jkev Record Management System 1.0

A vulnerability was found in SourceCodester Record Management System 1.0.

6.1
2024-07-21 CVE-2024-37487 Wpdirectorykit Cross-site Scripting vulnerability in Wpdirectorykit WP Directory KIT

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpdirectorykit.Com WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.3.5.

6.1
2024-07-21 CVE-2024-37509 Makecommerce Cross-site Scripting vulnerability in Makecommerce for Woocommerce

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Maksekeskus AS MakeCommerce for WooCommerce allows Reflected XSS.This issue affects MakeCommerce for WooCommerce: from n/a through 3.5.1.

6.1
2024-07-21 CVE-2024-38436 Commugen Cross-site Scripting vulnerability in Commugen SOX 365

Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1
2024-07-21 CVE-2024-37559 Henleyedition Cross-site Scripting vulnerability in Henleyedition Counterpoint

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Echenley Counterpoint allows Reflected XSS.This issue affects Counterpoint: from n/a through 1.8.1.

6.1
2024-07-21 CVE-2024-6939 Xinhu Cross-site Scripting vulnerability in Xinhu Rockoa 2.6.3

A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic.

6.1
2024-07-20 CVE-2024-37954 Marcelotorres Cross-site Scripting vulnerability in Marcelotorres Simple Responsive Slider

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5.

6.1
2024-07-20 CVE-2024-40347 Hyland Cross-site Scripting vulnerability in Hyland Alfresco Content Services 7.2.0

A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid.

6.1
2024-07-19 CVE-2024-41599 Ruoyi Cross-site Scripting vulnerability in Ruoyi

Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method

6.1
2024-07-19 CVE-2024-38156 Microsoft Unspecified vulnerability in Microsoft Edge

Microsoft Edge (Chromium-based) Spoofing Vulnerability

6.1
2024-07-17 CVE-2023-43971 Lizhipay Cross-site Scripting vulnerability in Lizhipay Acg-Faka 1.1.7

Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote attacker to execute arbitrary code via the encode parameter in Index.php.

6.1
2024-07-16 CVE-2024-21133 Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Servlet).
6.1
2024-07-16 CVE-2024-21150 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC).
6.1
2024-07-16 CVE-2024-21178 Oracle Cross-site Scripting vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.59/8.60/8.61

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).

6.1
2024-07-16 CVE-2024-21188 Oracle Unspecified vulnerability in Oracle Financial Services Revenue Management and Billing 6.0.0.0.0/6.1.0.0.0

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot).

6.1
2024-07-15 CVE-2024-38493 Broadcom Cross-site Scripting vulnerability in Broadcom Symantec Privileged Access Management 4.1.0.0/4.1.0.10

A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface.

6.1
2024-07-15 CVE-2024-6740 Openfind Cross-site Scripting vulnerability in Openfind Mail2000 7.0/8.0

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks.

6.1
2024-07-15 CVE-2024-6072 Tipsandtricks HQ Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

6.1
2024-07-15 CVE-2024-6073 Tipsandtricks HQ Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2024-07-15 CVE-2024-6074 Tipsandtricks HQ Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2024-07-15 CVE-2024-6076 Tipsandtricks HQ Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2024-07-15 CVE-2024-6289 Wpserveur Open Redirect vulnerability in Wpserveur WPS Hide Login

The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.

6.1
2024-07-15 CVE-2024-6739 Openfind Incorrect Permission Assignment for Critical Resource vulnerability in Openfind Mailaudit and Mailgates

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.

6.1
2024-07-18 CVE-2023-40539 Philips Weak Password Requirements vulnerability in Philips VUE Pacs 12.2.8.0

Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts.

5.9
2024-07-16 CVE-2024-21166 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

5.9
2024-07-16 CVE-2024-21126 Vulnerability in the Oracle Database Portable Clusterware component of Oracle Database Server.
5.8
2024-07-19 CVE-2024-6916 Zowe Insecure Storage of Sensitive Information vulnerability in Zowe CLI

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag.

5.5
2024-07-18 CVE-2024-6705 The RegLevel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping.
5.5
2024-07-17 CVE-2024-41009 Linux Allocation of Resources Without Limits or Throttling vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer counter to show which logical position the consumer consumed the data, and producer_pos which is the producer counter denoting the amount of data reserved by all producers. Each time a record is reserved, the producer that "owns" the record will successfully advance producer counter.

5.5
2024-07-17 CVE-2024-41010 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix too early release of tcx_entry Pedro Pinto and later independently also Hyunwoo Kim and Wongi Lee reported an issue that the tcx_entry can be released too early leading to a use after free (UAF) when an active old-style ingress or clsact qdisc with a shared tc block is later replaced by another ingress or clsact instance. Essentially, the sequence to trigger the UAF (one example) can be as follows: 1.

5.5
2024-07-16 CVE-2022-35640 IBM Information Exposure Through an Error Message vulnerability in IBM Sterling Partner Engagement Manager 6.2.2

IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned.

5.5
2024-07-16 CVE-2024-21161 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

5.5
2024-07-16 CVE-2024-21163 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

5.5
2024-07-16 CVE-2024-6326 Rockwellautomation Incorrect Default Permissions vulnerability in Rockwellautomation products

An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service.

5.5
2024-07-16 CVE-2022-48835 Linux Release of Invalid Pointer or Reference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Page fault in reply q processing A page fault was encountered in mpt3sas on a LUN reset error path: [ 145.763216] mpt3sas_cm1: Task abort tm failed: handle(0x0002),timeout(30) tr_method(0x0) smid(3) msix_index(0) [ 145.778932] scsi 1:0:0:0: task abort: FAILED scmd(0x0000000024ba29a2) [ 145.817307] scsi 1:0:0:0: attempting device reset! scmd(0x0000000024ba29a2) [ 145.827253] scsi 1:0:0:0: [sg1] tag#2 CDB: Receive Diagnostic 1c 01 01 ff fc 00 [ 145.837617] scsi target1:0:0: handle(0x0002), sas_address(0x500605b0000272b9), phy(0) [ 145.848598] scsi target1:0:0: enclosure logical id(0x500605b0000272b8), slot(0) [ 149.858378] mpt3sas_cm1: Poll ReplyDescriptor queues for completion of smid(0), task_type(0x05), handle(0x0002) [ 149.875202] BUG: unable to handle page fault for address: 00000007fffc445d [ 149.885617] #PF: supervisor read access in kernel mode [ 149.894346] #PF: error_code(0x0000) - not-present page [ 149.903123] PGD 0 P4D 0 [ 149.909387] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 149.917417] CPU: 24 PID: 3512 Comm: scsi_eh_1 Kdump: loaded Tainted: G S O 5.10.89-altav-1 #1 [ 149.934327] Hardware name: DDN 200NVX2 /200NVX2-MB , BIOS ATHG2.2.02.01 09/10/2021 [ 149.951871] RIP: 0010:_base_process_reply_queue+0x4b/0x900 [mpt3sas] [ 149.961889] Code: 0f 84 22 02 00 00 8d 48 01 49 89 fd 48 8d 57 38 f0 0f b1 4f 38 0f 85 d8 01 00 00 49 8b 45 10 45 31 e4 41 8b 55 0c 48 8d 1c d0 <0f> b6 03 83 e0 0f 3c 0f 0f 85 a2 00 00 00 e9 e6 01 00 00 0f b7 ee [ 149.991952] RSP: 0018:ffffc9000f1ebcb8 EFLAGS: 00010246 [ 150.000937] RAX: 0000000000000055 RBX: 00000007fffc445d RCX: 000000002548f071 [ 150.011841] RDX: 00000000ffff8881 RSI: 0000000000000001 RDI: ffff888125ed50d8 [ 150.022670] RBP: 0000000000000000 R08: 0000000000000000 R09: c0000000ffff7fff [ 150.033445] R10: ffffc9000f1ebb68 R11: ffffc9000f1ebb60 R12: 0000000000000000 [ 150.044204] R13: ffff888125ed50d8 R14: 0000000000000080 R15: 34cdc00034cdea80 [ 150.054963] FS: 0000000000000000(0000) GS:ffff88dfaf200000(0000) knlGS:0000000000000000 [ 150.066715] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.076078] CR2: 00000007fffc445d CR3: 000000012448a006 CR4: 0000000000770ee0 [ 150.086887] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 150.097670] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 150.108323] PKRU: 55555554 [ 150.114690] Call Trace: [ 150.120497] ? printk+0x48/0x4a [ 150.127049] mpt3sas_scsih_issue_tm.cold.114+0x2e/0x2b3 [mpt3sas] [ 150.136453] mpt3sas_scsih_issue_locked_tm+0x86/0xb0 [mpt3sas] [ 150.145759] scsih_dev_reset+0xea/0x300 [mpt3sas] [ 150.153891] scsi_eh_ready_devs+0x541/0x9e0 [scsi_mod] [ 150.162206] ? __scsi_host_match+0x20/0x20 [scsi_mod] [ 150.170406] ? scsi_try_target_reset+0x90/0x90 [scsi_mod] [ 150.178925] ? blk_mq_tagset_busy_iter+0x45/0x60 [ 150.186638] ? scsi_try_target_reset+0x90/0x90 [scsi_mod] [ 150.195087] scsi_error_handler+0x3a5/0x4a0 [scsi_mod] [ 150.203206] ? __schedule+0x1e9/0x610 [ 150.209783] ? scsi_eh_get_sense+0x210/0x210 [scsi_mod] [ 150.217924] kthread+0x12e/0x150 [ 150.224041] ? kthread_worker_fn+0x130/0x130 [ 150.231206] ret_from_fork+0x1f/0x30 This is caused by mpt3sas_base_sync_reply_irqs() using an invalid reply_q pointer outside of the list_for_each_entry() loop.

5.5
2024-07-16 CVE-2022-48836 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type.

5.5
2024-07-16 CVE-2022-48838 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: Fix use-after-free bug by not setting udc->dev.driver The syzbot fuzzer found a use-after-free bug: BUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320 Read of size 8 at addr ffff88802b934098 by task udevd/3689 CPU: 2 PID: 3689 Comm: udevd Not tainted 5.17.0-rc4-syzkaller-00229-g4f12b742eb2b #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 dev_uevent+0x712/0x780 drivers/base/core.c:2320 uevent_show+0x1b8/0x380 drivers/base/core.c:2391 dev_attr_show+0x4b/0x90 drivers/base/core.c:2094 Although the bug manifested in the driver core, the real cause was a race with the gadget core.

5.5
2024-07-16 CVE-2022-48839 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH and mmap operations, tpacket_rcv() is queueing skbs with garbage in skb->cb[], triggering a too big copy [1] Presumably, users of af_packet using mmap() already gets correct metadata from the mapped buffer, we can simply make sure to clear 12 bytes that might be copied to user space later. BUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:225 [inline] BUG: KASAN: stack-out-of-bounds in packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489 Write of size 165 at addr ffffc9000385fb78 by task syz-executor233/3631 CPU: 0 PID: 3631 Comm: syz-executor233 Not tainted 5.17.0-rc7-syzkaller-02396-g0b3660695e80 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0xf/0x336 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189 memcpy+0x39/0x60 mm/kasan/shadow.c:66 memcpy include/linux/fortify-string.h:225 [inline] packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:948 [inline] sock_recvmsg net/socket.c:966 [inline] sock_recvmsg net/socket.c:962 [inline] ____sys_recvmsg+0x2c4/0x600 net/socket.c:2632 ___sys_recvmsg+0x127/0x200 net/socket.c:2674 __sys_recvmsg+0xe2/0x1a0 net/socket.c:2704 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fdfd5954c29 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffcf8e71e48 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfd5954c29 RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005 RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf8e71e60 R13: 00000000000f4240 R14: 000000000000c1ff R15: 00007ffcf8e71e54 </TASK> addr ffffc9000385fb78 is located in stack of task syz-executor233/3631 at offset 32 in frame: ____sys_recvmsg+0x0/0x600 include/linux/uio.h:246 this frame has 1 object: [32, 160) 'addr' Memory state around the buggy address: ffffc9000385fa80: 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 ffffc9000385fb00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 >ffffc9000385fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3 ^ ffffc9000385fc00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 ffffc9000385fc80: f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 ==================================================================

5.5
2024-07-16 CVE-2022-48840 Linux Infinite Loop vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix hang during reboot/shutdown Recent commit 974578017fc1 ("iavf: Add waiting so the port is initialized in remove") adds a wait-loop at the beginning of iavf_remove() to ensure that port initialization is finished prior unregistering net device.

5.5
2024-07-16 CVE-2022-48841 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() It is possible to do NULL pointer dereference in routine that updates Tx ring stats.

5.5
2024-07-16 CVE-2022-48843 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/vrr: Set VRR capable prop only if it is attached to connector VRR capable property is not attached by default to the connector It is attached only if VRR is supported. So if the driver tries to call drm core set prop function without it being attached that causes NULL dereference.

5.5
2024-07-16 CVE-2022-48844 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix leaking sent_cmd skb sent_cmd memory is not freed before freeing hci_dev causing it to leak it contents.

5.5
2024-07-16 CVE-2022-48845 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: MIPS: smp: fill in sibling and core maps earlier After enabling CONFIG_SCHED_CORE (landed during 5.14 cycle), 2-core 2-thread-per-core interAptiv (CPS-driven) started emitting the following: [ 0.025698] CPU1 revision is: 0001a120 (MIPS interAptiv (multi)) [ 0.048183] ------------[ cut here ]------------ [ 0.048187] WARNING: CPU: 1 PID: 0 at kernel/sched/core.c:6025 sched_core_cpu_starting+0x198/0x240 [ 0.048220] Modules linked in: [ 0.048233] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.17.0-rc3+ #35 b7b319f24073fd9a3c2aa7ad15fb7993eec0b26f [ 0.048247] Stack : 817f0000 00000004 327804c8 810eb050 00000000 00000004 00000000 c314fdd1 [ 0.048278] 830cbd64 819c0000 81800000 817f0000 83070bf4 00000001 830cbd08 00000000 [ 0.048307] 00000000 00000000 815fcbc4 00000000 00000000 00000000 00000000 00000000 [ 0.048334] 00000000 00000000 00000000 00000000 817f0000 00000000 00000000 817f6f34 [ 0.048361] 817f0000 818a3c00 817f0000 00000004 00000000 00000000 4dc33260 0018c933 [ 0.048389] ... [ 0.048396] Call Trace: [ 0.048399] [<8105a7bc>] show_stack+0x3c/0x140 [ 0.048424] [<8131c2a0>] dump_stack_lvl+0x60/0x80 [ 0.048440] [<8108b5c0>] __warn+0xc0/0xf4 [ 0.048454] [<8108b658>] warn_slowpath_fmt+0x64/0x10c [ 0.048467] [<810bd418>] sched_core_cpu_starting+0x198/0x240 [ 0.048483] [<810c6514>] sched_cpu_starting+0x14/0x80 [ 0.048497] [<8108c0f8>] cpuhp_invoke_callback_range+0x78/0x140 [ 0.048510] [<8108d914>] notify_cpu_starting+0x94/0x140 [ 0.048523] [<8106593c>] start_secondary+0xbc/0x280 [ 0.048539] [ 0.048543] ---[ end trace 0000000000000000 ]--- [ 0.048636] Synchronize counters for CPU 1: done. ...for each but CPU 0/boot. Basic debug printks right before the mentioned line say: [ 0.048170] CPU: 1, smt_mask: So smt_mask, which is sibling mask obviously, is empty when entering the function. This is critical, as sched_core_cpu_starting() calculates core-scheduling parameters only once per CPU start, and it's crucial to have all the parameters filled in at that moment (at least it uses cpu_smt_mask() which in fact is `&cpu_sibling_map[cpu]` on MIPS). A bit of debugging led me to that set_cpu_sibling_map() performing the actual map calculation, was being invocated after notify_cpu_start(), and exactly the latter function starts CPU HP callback round (sched_core_cpu_starting() is basically a CPU HP callback). While the flow is same on ARM64 (maps after the notifier, although before calling set_cpu_online()), x86 started calculating sibling maps earlier than starting the CPU HP callbacks in Linux 4.14 (see [0] for the reference).

5.5
2024-07-16 CVE-2022-48846 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: block: release rq qos structures for queue without disk blkcg_init_queue() may add rq qos structures to request queue, previously blk_cleanup_queue() calls rq_qos_exit() to release them, but commit 8e141f9eb803 ("block: drain file system I/O on del_gendisk") moves rq_qos_exit() into del_gendisk(), so memory leak is caused because queues may not have disk, such as un-present scsi luns, nvme admin queue, ... Fixes the issue by adding rq_qos_exit() to blk_cleanup_queue() back. BTW, v5.18 won't need this patch any more since we move blkcg_init_queue()/blkcg_exit_queue() into disk allocation/release handler, and patches have been in for-5.18/block.

5.5
2024-07-16 CVE-2022-48849 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: bypass tiling flag check in virtual display case (v2) vkms leverages common amdgpu framebuffer creation, and also as it does not support FB modifier, there is no need to check tiling flags when initing framebuffer when virtual display is enabled. This can fix below calltrace: amdgpu 0000:00:08.0: GFX9+ requires FB check based on format modifier WARNING: CPU: 0 PID: 1023 at drivers/gpu/drm/amd/amdgpu/amdgpu_display.c:1150 amdgpu_display_framebuffer_init+0x8e7/0xb40 [amdgpu] v2: check adev->enable_virtual_display instead as vkms can be enabled in bare metal as well.

5.5
2024-07-16 CVE-2022-48850 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net-sysfs: add check for netdevice being present to speed_show When bringing down the netdevice or system shutdown, a panic can be triggered while accessing the sysfs path because the device is already removed. [ 755.549084] mlx5_core 0000:12:00.1: Shutdown was called [ 756.404455] mlx5_core 0000:12:00.0: Shutdown was called ... [ 757.937260] BUG: unable to handle kernel NULL pointer dereference at (null) [ 758.031397] IP: [<ffffffff8ee11acb>] dma_pool_alloc+0x1ab/0x280 crash> bt ... PID: 12649 TASK: ffff8924108f2100 CPU: 1 COMMAND: "amsd" ... #9 [ffff89240e1a38b0] page_fault at ffffffff8f38c778 [exception RIP: dma_pool_alloc+0x1ab] RIP: ffffffff8ee11acb RSP: ffff89240e1a3968 RFLAGS: 00010046 RAX: 0000000000000246 RBX: ffff89243d874100 RCX: 0000000000001000 RDX: 0000000000000000 RSI: 0000000000000246 RDI: ffff89243d874090 RBP: ffff89240e1a39c0 R8: 000000000001f080 R9: ffff8905ffc03c00 R10: ffffffffc04680d4 R11: ffffffff8edde9fd R12: 00000000000080d0 R13: ffff89243d874090 R14: ffff89243d874080 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #10 [ffff89240e1a39c8] mlx5_alloc_cmd_msg at ffffffffc04680f3 [mlx5_core] #11 [ffff89240e1a3a18] cmd_exec at ffffffffc046ad62 [mlx5_core] #12 [ffff89240e1a3ab8] mlx5_cmd_exec at ffffffffc046b4fb [mlx5_core] #13 [ffff89240e1a3ae8] mlx5_core_access_reg at ffffffffc0475434 [mlx5_core] #14 [ffff89240e1a3b40] mlx5e_get_fec_caps at ffffffffc04a7348 [mlx5_core] #15 [ffff89240e1a3bb0] get_fec_supported_advertised at ffffffffc04992bf [mlx5_core] #16 [ffff89240e1a3c08] mlx5e_get_link_ksettings at ffffffffc049ab36 [mlx5_core] #17 [ffff89240e1a3ce8] __ethtool_get_link_ksettings at ffffffff8f25db46 #18 [ffff89240e1a3d48] speed_show at ffffffff8f277208 #19 [ffff89240e1a3dd8] dev_attr_show at ffffffff8f0b70e3 #20 [ffff89240e1a3df8] sysfs_kf_seq_show at ffffffff8eedbedf #21 [ffff89240e1a3e18] kernfs_seq_show at ffffffff8eeda596 #22 [ffff89240e1a3e28] seq_read at ffffffff8ee76d10 #23 [ffff89240e1a3e98] kernfs_fop_read at ffffffff8eedaef5 #24 [ffff89240e1a3ed8] vfs_read at ffffffff8ee4e3ff #25 [ffff89240e1a3f08] sys_read at ffffffff8ee4f27f #26 [ffff89240e1a3f50] system_call_fastpath at ffffffff8f395f92 crash> net_device.state ffff89443b0c0000 state = 0x5 (__LINK_STATE_START| __LINK_STATE_NOCARRIER) To prevent this scenario, we also make sure that the netdevice is present.

5.5
2024-07-16 CVE-2022-48853 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMA_FROM_DEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1) The test case issues a command code 00 (TEST UNIT READY) via the SG_IO interface with: dxfer_len == 524288, dxdfer_dir == SG_DXFER_FROM_DEV and a corresponding dxferp.

5.5
2024-07-16 CVE-2022-48856 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: gianfar: ethtool: Fix refcount leak in gfar_get_ts_info The of_find_compatible_node() function returns a node pointer with refcount incremented, We should use of_node_put() on it when done Add the missing of_node_put() to release the refcount.

5.5
2024-07-16 CVE-2022-48857 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: NFC: port100: fix use-after-free in port100_send_complete Syzbot reported UAF in port100_send_complete().

5.5
2024-07-16 CVE-2022-48859 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr This node pointer is returned by of_find_compatible_node() with refcount incremented.

5.5
2024-07-16 CVE-2022-48860 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ethernet: Fix error handling in xemaclite_of_probe This node pointer is returned by of_parse_phandle() with refcount incremented in this function.

5.5
2024-07-16 CVE-2022-48861 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: vdpa: fix use-after-free on vp_vdpa_remove When vp_vdpa driver is unbind, vp_vdpa is freed in vdpa_unregister_device and then vp_vdpa->mdev.pci_dev is dereferenced in vp_modern_remove, triggering use-after-free. Call Trace of unbinding driver free vp_vdpa : do_syscall_64 vfs_write kernfs_fop_write_iter device_release_driver_internal pci_device_remove vp_vdpa_remove vdpa_unregister_device kobject_release device_release kfree Call Trace of dereference vp_vdpa->mdev.pci_dev: vp_modern_remove pci_release_selected_regions pci_release_region pci_resource_len pci_resource_end (dev)->resource[(bar)].end

5.5
2024-07-16 CVE-2022-48862 Linux Infinite Loop vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: vhost: fix hung thread due to erroneous iotlb entries In vhost_iotlb_add_range_ctx(), range size can overflow to 0 when start is 0 and last is ULONG_MAX.

5.5
2024-07-16 CVE-2022-48863 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix memory leak in dsp_pipeline_build() dsp_pipeline_build() allocates dup pointer by kstrdup(cfg), but then it updates dup variable by strsep(&dup, "|"). As a result when it calls kfree(dup), the dup variable contains NULL. Found by Linux Driver Verification project (linuxtesting.org) with SVACE.

5.5
2024-07-16 CVE-2022-48864 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command When control vq receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command request from the driver, presently there is no validation against the number of queue pairs to configure, or even if multiqueue had been negotiated or not is unverified.

5.5
2024-07-16 CVE-2022-48865 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel panic when enabling bearer When enabling a bearer on a node, a kernel panic is observed: [ 4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc] ... [ 4.520030] Call Trace: [ 4.520689] <IRQ> [ 4.521236] tipc_link_build_proto_msg+0x375/0x750 [tipc] [ 4.522654] tipc_link_build_state_msg+0x48/0xc0 [tipc] [ 4.524034] __tipc_node_link_up+0xd7/0x290 [tipc] [ 4.525292] tipc_rcv+0x5da/0x730 [tipc] [ 4.526346] ? __netif_receive_skb_core+0xb7/0xfc0 [ 4.527601] tipc_l2_rcv_msg+0x5e/0x90 [tipc] [ 4.528737] __netif_receive_skb_list_core+0x20b/0x260 [ 4.530068] netif_receive_skb_list_internal+0x1bf/0x2e0 [ 4.531450] ? dev_gro_receive+0x4c2/0x680 [ 4.532512] napi_complete_done+0x6f/0x180 [ 4.533570] virtnet_poll+0x29c/0x42e [virtio_net] ... The node in question is receiving activate messages in another thread after changing bearer status to allow message sending/ receiving in current thread: thread 1 | thread 2 -------- | -------- | tipc_enable_bearer() | test_and_set_bit_lock() | tipc_bearer_xmit_skb() | | tipc_l2_rcv_msg() | tipc_rcv() | __tipc_node_link_up() | tipc_link_build_state_msg() | tipc_link_build_proto_msg() | tipc_mon_prep() | { | ... | // null-pointer dereference | u16 gen = mon->dom_gen; | ... | } // Not being executed yet | tipc_mon_create() | { | ...

5.5
2024-07-16 CVE-2021-47622 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: Fix a deadlock in the error handler The following deadlock has been observed on a test setup: - All tags allocated - The SCSI error handler calls ufshcd_eh_host_reset_handler() - ufshcd_eh_host_reset_handler() queues work that calls ufshcd_err_handler() - ufshcd_err_handler() locks up as follows: Workqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt Call trace: __switch_to+0x298/0x5d8 __schedule+0x6cc/0xa94 schedule+0x12c/0x298 blk_mq_get_tag+0x210/0x480 __blk_mq_alloc_request+0x1c8/0x284 blk_get_request+0x74/0x134 ufshcd_exec_dev_cmd+0x68/0x640 ufshcd_verify_dev_init+0x68/0x35c ufshcd_probe_hba+0x12c/0x1cb8 ufshcd_host_reset_and_restore+0x88/0x254 ufshcd_reset_and_restore+0xd0/0x354 ufshcd_err_handler+0x408/0xc58 process_one_work+0x24c/0x66c worker_thread+0x3e8/0xa4c kthread+0x150/0x1b4 ret_from_fork+0x10/0x30 Fix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved request.

5.5
2024-07-16 CVE-2022-48773 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create If there are failures then we must not leave the non-NULL pointers with the error value, otherwise `rpcrdma_ep_destroy` gets confused and tries free them, resulting in an Oops.

5.5
2024-07-16 CVE-2022-48775 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add(): If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Fix memory leak by calling kobject_put().

5.5
2024-07-16 CVE-2022-48777 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix kernel panic on skipped partition In the event of a skipped partition (case when the entry name is empty) the kernel panics in the cleanup function as the name entry is NULL. Rework the parser logic by first checking the real partition number and then allocate the space and set the data for the valid partitions. The logic was also fundamentally wrong as with a skipped partition, the parts number returned was incorrect by not decreasing it for the skipped partitions.

5.5
2024-07-16 CVE-2022-48781 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - get rid of alg_memory_allocated alg_memory_allocated does not seem to be really used. alg_proto does have a .memory_allocated field, but no corresponding .sysctl_mem. This means sk_has_account() returns true, but all sk_prot_mem_limits() users will trigger a NULL dereference [1]. THis was not a problem until SO_RESERVE_MEM addition. general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 3591 Comm: syz-executor153 Not tainted 5.17.0-rc3-syzkaller-00316-gb81b1829e7e3 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:sk_prot_mem_limits include/net/sock.h:1523 [inline] RIP: 0010:sock_reserve_memory+0x1d7/0x330 net/core/sock.c:1000 Code: 08 00 74 08 48 89 ef e8 27 20 bb f9 4c 03 7c 24 10 48 8b 6d 00 48 83 c5 08 48 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 ef e8 fb 1f bb f9 48 8b 6d 00 4c 89 ff 48 RSP: 0018:ffffc90001f1fb68 EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffff88814aabc000 RCX: dffffc0000000000 RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff90e18120 RBP: 0000000000000008 R08: dffffc0000000000 R09: fffffbfff21c3025 R10: fffffbfff21c3025 R11: 0000000000000000 R12: ffffffff8d109840 R13: 0000000000001002 R14: 0000000000000001 R15: 0000000000000001 FS: 0000555556e08300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc74416f130 CR3: 0000000073d9e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> sock_setsockopt+0x14a9/0x3a30 net/core/sock.c:1446 __sys_setsockopt+0x5af/0x980 net/socket.c:2176 __do_sys_setsockopt net/socket.c:2191 [inline] __se_sys_setsockopt net/socket.c:2188 [inline] __x64_sys_setsockopt+0xb1/0xc0 net/socket.c:2188 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fc7440fddc9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe98f07968 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc7440fddc9 RDX: 0000000000000049 RSI: 0000000000000001 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000000000004 R09: 00007ffe98f07990 R10: 0000000020000000 R11: 0000000000000246 R12: 00007ffe98f0798c R13: 00007ffe98f079a0 R14: 00007ffe98f079e0 R15: 0000000000000000 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:sk_prot_mem_limits include/net/sock.h:1523 [inline] RIP: 0010:sock_reserve_memory+0x1d7/0x330 net/core/sock.c:1000 Code: 08 00 74 08 48 89 ef e8 27 20 bb f9 4c 03 7c 24 10 48 8b 6d 00 48 83 c5 08 48 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 ef e8 fb 1f bb f9 48 8b 6d 00 4c 89 ff 48 RSP: 0018:ffffc90001f1fb68 EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffff88814aabc000 RCX: dffffc0000000000 RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff90e18120 RBP: 0000000000000008 R08: dffffc0000000000 R09: fffffbfff21c3025 R10: fffffbfff21c3025 R11: 0000000000000000 R12: ffffffff8d109840 R13: 0000000000001002 R14: 0000000000000001 R15: 0000000000000001 FS: 0000555556e08300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc74416f130 CR3: 0000000073d9e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000

5.5
2024-07-16 CVE-2022-48793 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fix potential NULL derefernce on nested migration Turns out that due to review feedback and/or rebases I accidentally moved the call to nested_svm_load_cr3 to be too early, before the NPT is enabled, which is very wrong to do. KVM can't even access guest memory at that point as nested NPT is needed for that, and of course it won't initialize the walk_mmu, which is main issue the patch was addressing. Fix this for real.

5.5
2024-07-16 CVE-2022-48800 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: remove deadlock due to throttling failing to make progress A soft lockup bug in kcompactd was reported in a private bugzilla with the following visible in dmesg; watchdog: BUG: soft lockup - CPU#33 stuck for 26s! [kcompactd0:479] watchdog: BUG: soft lockup - CPU#33 stuck for 52s! [kcompactd0:479] watchdog: BUG: soft lockup - CPU#33 stuck for 78s! [kcompactd0:479] watchdog: BUG: soft lockup - CPU#33 stuck for 104s! [kcompactd0:479] The machine had 256G of RAM with no swap and an earlier failed allocation indicated that node 0 where kcompactd was run was potentially unreclaimable; Node 0 active_anon:29355112kB inactive_anon:2913528kB active_file:0kB inactive_file:0kB unevictable:64kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:26780kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 23480320kB writeback_tmp:0kB kernel_stack:2272kB pagetables:24500kB all_unreclaimable? yes Vlastimil Babka investigated a crash dump and found that a task migrating pages was trying to drain PCP lists; PID: 52922 TASK: ffff969f820e5000 CPU: 19 COMMAND: "kworker/u128:3" Call Trace: __schedule schedule schedule_timeout wait_for_completion __flush_work __drain_all_pages __alloc_pages_slowpath.constprop.114 __alloc_pages alloc_migration_target migrate_pages migrate_to_node do_migrate_pages cpuset_migrate_mm_workfn process_one_work worker_thread kthread ret_from_fork This failure is specific to CONFIG_PREEMPT=n builds.

5.5
2024-07-16 CVE-2022-48804 Linux Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path.

5.5
2024-07-16 CVE-2022-48808 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix panic when DSA master device unbinds on shutdown Rafael reports that on a system with LX2160A and Marvell DSA switches, if a reboot occurs while the DSA master (dpaa2-eth) is up, the following panic can be seen: systemd-shutdown[1]: Rebooting. Unable to handle kernel paging request at virtual address 00a0000800000041 [00a0000800000041] address between user and kernel address ranges Internal error: Oops: 96000004 [#1] PREEMPT SMP CPU: 6 PID: 1 Comm: systemd-shutdow Not tainted 5.16.5-00042-g8f5585009b24 #32 pc : dsa_slave_netdevice_event+0x130/0x3e4 lr : raw_notifier_call_chain+0x50/0x6c Call trace: dsa_slave_netdevice_event+0x130/0x3e4 raw_notifier_call_chain+0x50/0x6c call_netdevice_notifiers_info+0x54/0xa0 __dev_close_many+0x50/0x130 dev_close_many+0x84/0x120 unregister_netdevice_many+0x130/0x710 unregister_netdevice_queue+0x8c/0xd0 unregister_netdev+0x20/0x30 dpaa2_eth_remove+0x68/0x190 fsl_mc_driver_remove+0x20/0x5c __device_release_driver+0x21c/0x220 device_release_driver_internal+0xac/0xb0 device_links_unbind_consumers+0xd4/0x100 __device_release_driver+0x94/0x220 device_release_driver+0x28/0x40 bus_remove_device+0x118/0x124 device_del+0x174/0x420 fsl_mc_device_remove+0x24/0x40 __fsl_mc_device_remove+0xc/0x20 device_for_each_child+0x58/0xa0 dprc_remove+0x90/0xb0 fsl_mc_driver_remove+0x20/0x5c __device_release_driver+0x21c/0x220 device_release_driver+0x28/0x40 bus_remove_device+0x118/0x124 device_del+0x174/0x420 fsl_mc_bus_remove+0x80/0x100 fsl_mc_bus_shutdown+0xc/0x1c platform_shutdown+0x20/0x30 device_shutdown+0x154/0x330 __do_sys_reboot+0x1cc/0x250 __arm64_sys_reboot+0x20/0x30 invoke_syscall.constprop.0+0x4c/0xe0 do_el0_svc+0x4c/0x150 el0_svc+0x24/0xb0 el0t_64_sync_handler+0xa8/0xb0 el0t_64_sync+0x178/0x17c It can be seen from the stack trace that the problem is that the deregistration of the master causes a dev_close(), which gets notified as NETDEV_GOING_DOWN to dsa_slave_netdevice_event(). But dsa_switch_shutdown() has already run, and this has unregistered the DSA slave interfaces, and yet, the NETDEV_GOING_DOWN handler attempts to call dev_close_many() on those slave interfaces, leading to the problem. The previous attempt to avoid the NETDEV_GOING_DOWN on the master after dsa_switch_shutdown() was called seems improper.

5.5
2024-07-16 CVE-2022-48809 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: fix a memleak when uncloning an skb dst and its metadata When uncloning an skb dst and its associated metadata, a new dst+metadata is allocated and later replaces the old one in the skb. This is helpful to have a non-shared dst+metadata attached to a specific skb. The issue is the uncloned dst+metadata is initialized with a refcount of 1, which is increased to 2 before attaching it to the skb.

5.5
2024-07-16 CVE-2022-48824 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: scsi: myrs: Fix crash in error case In myrs_detect(), cs->disable_intr is NULL when privdata->hw_init() fails with non-zero.

5.5
2024-07-16 CVE-2022-48826 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix deadlock on DSI device attach error DSI device attach to DSI host will be done with host device's lock held. Un-registering host in "device attach" error path (ex: probe retry) will result in deadlock with below call trace and non operational DSI display. Startup Call trace: [ 35.043036] rt_mutex_slowlock.constprop.21+0x184/0x1b8 [ 35.043048] mutex_lock_nested+0x7c/0xc8 [ 35.043060] device_del+0x4c/0x3e8 [ 35.043075] device_unregister+0x20/0x40 [ 35.043082] mipi_dsi_remove_device_fn+0x18/0x28 [ 35.043093] device_for_each_child+0x68/0xb0 [ 35.043105] mipi_dsi_host_unregister+0x40/0x90 [ 35.043115] vc4_dsi_host_attach+0xf0/0x120 [vc4] [ 35.043199] mipi_dsi_attach+0x30/0x48 [ 35.043209] tc358762_probe+0x128/0x164 [tc358762] [ 35.043225] mipi_dsi_drv_probe+0x28/0x38 [ 35.043234] really_probe+0xc0/0x318 [ 35.043244] __driver_probe_device+0x80/0xe8 [ 35.043254] driver_probe_device+0xb8/0x118 [ 35.043263] __device_attach_driver+0x98/0xe8 [ 35.043273] bus_for_each_drv+0x84/0xd8 [ 35.043281] __device_attach+0xf0/0x150 [ 35.043290] device_initial_probe+0x1c/0x28 [ 35.043300] bus_probe_device+0xa4/0xb0 [ 35.043308] deferred_probe_work_func+0xa0/0xe0 [ 35.043318] process_one_work+0x254/0x700 [ 35.043330] worker_thread+0x4c/0x448 [ 35.043339] kthread+0x19c/0x1a8 [ 35.043348] ret_from_fork+0x10/0x20 Shutdown Call trace: [ 365.565417] Call trace: [ 365.565423] __switch_to+0x148/0x200 [ 365.565452] __schedule+0x340/0x9c8 [ 365.565467] schedule+0x48/0x110 [ 365.565479] schedule_timeout+0x3b0/0x448 [ 365.565496] wait_for_completion+0xac/0x138 [ 365.565509] __flush_work+0x218/0x4e0 [ 365.565523] flush_work+0x1c/0x28 [ 365.565536] wait_for_device_probe+0x68/0x158 [ 365.565550] device_shutdown+0x24/0x348 [ 365.565561] kernel_restart_prepare+0x40/0x50 [ 365.565578] kernel_restart+0x20/0x70 [ 365.565591] __do_sys_reboot+0x10c/0x220 [ 365.565605] __arm64_sys_reboot+0x2c/0x38 [ 365.565619] invoke_syscall+0x4c/0x110 [ 365.565634] el0_svc_common.constprop.3+0xfc/0x120 [ 365.565648] do_el0_svc+0x2c/0x90 [ 365.565661] el0_svc+0x4c/0xf0 [ 365.565671] el0t_64_sync_handler+0x90/0xb8 [ 365.565682] el0t_64_sync+0x180/0x184

5.5
2024-07-16 CVE-2024-3779 Eset Incorrect Default Permissions vulnerability in Eset products

Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met.

5.5
2024-07-21 CVE-2024-37457 Dotcamp Cross-site Scripting vulnerability in Dotcamp Ultimate Blocks

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks – Gutenberg Blocks Plugin allows Stored XSS.This issue affects Ultimate Blocks – Gutenberg Blocks Plugin: from n/a through 3.1.9.

5.4
2024-07-21 CVE-2024-37460 Supersaas Cross-site Scripting vulnerability in Supersaas

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SuperSaaS SuperSaaS – online appointment scheduling allows Stored XSS.This issue affects SuperSaaS – online appointment scheduling: from n/a through 2.1.9.

5.4
2024-07-21 CVE-2024-37465 Aipower Cross-site Scripting vulnerability in Aipower

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Senol Sahin GPT3 AI Content Writer allows Stored XSS.This issue affects GPT3 AI Content Writer: from n/a through 1.8.66.

5.4
2024-07-21 CVE-2024-37466 Kraftplugins Cross-site Scripting vulnerability in Kraftplugins Mega Elements

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements.This issue affects Mega Elements: from n/a through 1.2.2.

5.4
2024-07-21 CVE-2024-37480 Apollo13Themes Cross-site Scripting vulnerability in Apollo13Themes Apollo13 Framework Extensions

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions apollo13-framework-extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.3.

5.4
2024-07-21 CVE-2024-38782 Mapsmarker Cross-site Scripting vulnerability in Mapsmarker Leaflet Maps Marker

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MapsMarker.Com e.U.

5.4
2024-07-21 CVE-2024-38785 Jegstudio Cross-site Scripting vulnerability in Jegstudio Gutenverse

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.2.

5.4
2024-07-21 CVE-2024-38786 Burgersoftwares Cross-site Scripting vulnerability in Burgersoftwares Cozipress

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BurgerThemes CoziPress allows Stored XSS.This issue affects CoziPress: from n/a through 1.0.30.

5.4
2024-07-21 CVE-2024-37488 Helloasso Cross-site Scripting vulnerability in Helloasso

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.9.

5.4
2024-07-21 CVE-2024-37489 Oceanwp Cross-site Scripting vulnerability in Oceanwp Ocean Extra

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.2.9.

5.4
2024-07-21 CVE-2024-37495 Mediavine Cross-site Scripting vulnerability in Mediavine Create

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mediavine Create by Mediavine allows Stored XSS.This issue affects Create by Mediavine: from n/a through 1.9.7.

5.4
2024-07-21 CVE-2024-37514 Artistscope Cross-site Scripting vulnerability in Artistscope Copysafe web Protection

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArtistScope CopySafe Web Protection allows Stored XSS.This issue affects CopySafe Web Protection: from n/a through 3.14.

5.4
2024-07-21 CVE-2024-37519 Leap13 Cross-site Scripting vulnerability in Leap13 Premium Blocks for Gutenburg

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.27.

5.4
2024-07-21 CVE-2024-37521 ZWW Cross-site Scripting vulnerability in ZWW Zbench

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in zwwooooo zBench allows Stored XSS.This issue affects zBench: from n/a through 1.4.2.

5.4
2024-07-21 CVE-2024-37523 Amplifyplugins Cross-site Scripting vulnerability in Amplifyplugins Login Logo Editor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AMP-MODE Login Logo Editor allows Stored XSS.This issue affects Login Logo Editor: from n/a through 1.3.3.

5.4
2024-07-21 CVE-2024-37536 Web357 Cross-site Scripting vulnerability in Web357 Easy Custom Code

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Web357 Easy Custom Code (LESS/CSS/JS) – Live editing allows Stored XSS.This issue affects Easy Custom Code (LESS/CSS/JS) – Live editing: from n/a through 1.0.8.

5.4
2024-07-21 CVE-2024-37537 Uusweb Cross-site Scripting vulnerability in Uusweb WS Contact Form

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UusWeb.Ee WS Contact Form allows Stored XSS.This issue affects WS Contact Form: from n/a through 1.3.7.

5.4
2024-07-21 CVE-2024-37538 Bibleserver Cross-site Scripting vulnerability in Bibleserver Link to Bible

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thomas Kuhlmann Link To Bible allows Stored XSS.This issue affects Link To Bible: from n/a through 2.5.9.

5.4
2024-07-21 CVE-2024-37545 Celloexpressions Cross-site Scripting vulnerability in Celloexpressions Floating Social Media Links

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nick Halsey Floating Social Media Links allows Stored XSS.This issue affects Floating Social Media Links: from n/a through 1.5.2.

5.4
2024-07-21 CVE-2024-37548 Mekshq Cross-site Scripting vulnerability in Mekshq Meks Easy ADS Widget

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Easy Ads Widget allows Stored XSS.This issue affects Meks Easy Ads Widget: from n/a through 2.0.8.

5.4
2024-07-21 CVE-2024-37551 Perials Cross-site Scripting vulnerability in Perials Simple Social Share

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Perials Simple Social Share allows Stored XSS.This issue affects Simple Social Share: from n/a through 3.0.

5.4
2024-07-21 CVE-2024-37552 Inisev Cross-site Scripting vulnerability in Inisev Social Media Share Buttons & Social Sharing Icons

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Inisev Social Media & Share Icons allows Stored XSS.This issue affects Social Media & Share Icons: from n/a through 2.9.1.

5.4
2024-07-21 CVE-2024-6942 Thinksaas Cross-site Scripting vulnerability in Thinksaas 3.7.0

A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0.

5.4
2024-07-21 CVE-2024-6941 Thinksaas Cross-site Scripting vulnerability in Thinksaas 3.7.0

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0.

5.4
2024-07-20 CVE-2024-6932 Classcms Project Cross-site Scripting vulnerability in Classcms Project Classcms 4.5

A vulnerability was found in ClassCMS 4.5.

5.4
2024-07-20 CVE-2024-37955 Makegutenblock Cross-site Scripting vulnerability in Makegutenblock Gutslider

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zakaria Binsaifullah GutSlider – All in One Block Slider allows Stored XSS.This issue affects GutSlider – All in One Block Slider: from n/a through 2.7.3.

5.4
2024-07-20 CVE-2024-37956 Vektor INC Cross-site Scripting vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc.

5.4
2024-07-20 CVE-2024-37957 Bradmax Cross-site Scripting vulnerability in Bradmax Player

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bradmax Bradmax Player allows Stored XSS.This issue affects Bradmax Player: from n/a through 1.1.27.

5.4
2024-07-20 CVE-2024-37958 Mekshq Cross-site Scripting vulnerability in Mekshq Meks Smart Author Widget

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4.

5.4
2024-07-20 CVE-2024-37959 Atlaspolicy Cross-site Scripting vulnerability in Atlaspolicy Power BI Embedded

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atlas Public Policy Power BI Embedded for WordPress allows Stored XSS.This issue affects Power BI Embedded for WordPress: from n/a through 1.1.7.

5.4
2024-07-19 CVE-2024-5977 Givewp Authorization Bypass Through User-Controlled Key vulnerability in Givewp

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key.

5.4
2024-07-19 CVE-2024-6907 Jkev Cross-site Scripting vulnerability in Jkev Record Management System 1.0

A vulnerability was found in SourceCodester Record Management System 1.0.

5.4
2024-07-19 CVE-2024-39457 Cybozu Cross-site Scripting vulnerability in Cybozu Garoon 6.0.0/6.0.1

Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview.

5.4
2024-07-18 CVE-2023-6708 The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping, even when the 'Sanitize SVG while uploading' feature is enabled.
5.4
2024-07-17 CVE-2024-39124 Roundup Tracker Cross-site Scripting vulnerability in Roundup-Tracker Roundup

In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.

5.4
2024-07-17 CVE-2024-39125 Roundup Tracker Cross-site Scripting vulnerability in Roundup-Tracker Roundup

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.

5.4
2024-07-17 CVE-2024-39126 Roundup Tracker Cross-site Scripting vulnerability in Roundup-Tracker Roundup

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.

5.4
2024-07-17 CVE-2024-28796 IBM Cross-site Scripting vulnerability in IBM Rational Clearquest

IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting.

5.4
2024-07-17 CVE-2024-39863 Apache Cross-site Scripting vulnerability in Apache Airflow

Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider.

5.4
2024-07-17 CVE-2024-5582 Magazine3 Cross-site Scripting vulnerability in Magazine3 Schema & Structured Data for WP & AMP

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-07-17 CVE-2024-5251 Brainstormforce Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Wpbakery Page Builder

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_pricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-07-17 CVE-2024-5252 Brainstormforce Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Wpbakery Page Builder

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_table shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-07-17 CVE-2024-5253 Brainstormforce Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Wpbakery Page Builder

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ult_team shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-07-17 CVE-2024-5254 Brainstormforce Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Wpbakery Page Builder

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_banner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-07-17 CVE-2024-5255 Brainstormforce Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Wpbakery Page Builder

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_dual_color shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-07-16 CVE-2024-21122 Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Text Catalog).
5.4
2024-07-16 CVE-2024-21128 Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: APIs).
5.4
2024-07-16 CVE-2024-21132 Oracle Unspecified vulnerability in Oracle Purchasing

Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite (component: Approvals).

5.4
2024-07-16 CVE-2024-21139 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers).
5.4
2024-07-16 CVE-2024-2691 WP Eventmanager Cross-site Scripting vulnerability in Wp-Eventmanager WP Event Manager

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events' shortcode in all versions up to, and including, 3.1.43 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-07-16 CVE-2024-3587 Averta Cross-site Scripting vulnerability in Averta Auxinportfolio

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Portfolios Widget in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-07-15 CVE-2024-6742 Space Management System Project Cross-site Scripting vulnerability in Space Management System Project Space Management System

AguardNet Technology's Space Management System does not properly filter user input, allowing remote attackers with regular privileges to inject JavaScript and perform Reflected Cross-site scripting attacks.

5.4
2024-07-15 CVE-2024-39735 IBM Cross-site Scripting vulnerability in IBM Datacap and Datacap Navigator

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting.

5.4
2024-07-15 CVE-2024-39728 IBM Cross-site Scripting vulnerability in IBM Datacap and Datacap Navigator

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting.

5.4
2024-07-21 CVE-2024-6949 Gargaj Path Traversal vulnerability in Gargaj Wuhu

A vulnerability classified as problematic was found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120.

5.3
2024-07-20 CVE-2024-6489 The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10.
5.3
2024-07-20 CVE-2024-6560 The Addonify – Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16.
5.3
2024-07-18 CVE-2024-6455 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function.
5.3
2024-07-18 CVE-2024-40725 Apache Unspecified vulnerability in Apache Http Server 2.4.60/2.4.61

A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers.

5.3
2024-07-18 CVE-2024-6504 Rapid7 Unspecified vulnerability in Rapid7 Insightvm

Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU.

5.3
2024-07-17 CVE-2024-6535 Redhat Improper Authentication vulnerability in Redhat Service Interconnect 1.0

A flaw was found in Skupper.

5.3
2024-07-17 CVE-2024-6595 Gitlab Unrestricted Upload of File with Dangerous Type vulnerability in Gitlab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.

5.3
2024-07-16 CVE-2024-21143 Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management).
5.3
2024-07-16 CVE-2024-21176 Oracle Unspecified vulnerability in Oracle Mysql Server

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling).

5.3
2024-07-16 CVE-2024-5816 Github Incorrect Authorization vulnerability in Github Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token.

5.3
2024-07-16 CVE-2024-6336 Github Unspecified vulnerability in Github Enterprise Server

A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature.

5.3
2024-07-16 CVE-2024-6395 Github Unspecified vulnerability in Github Enterprise Server

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys.

5.3
2024-07-16 CVE-2024-6565 The AForms — Form Builder for Price Calculator & Cost Estimation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.6.
5.3
2024-07-16 CVE-2024-6570 The Glossary plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.26.
5.3
2024-07-16 CVE-2024-6557 The SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.1.3.
5.3
2024-07-15 CVE-2024-32945 Mattermost Missing Initialization of Resource vulnerability in Mattermost Mobile 1.26.0/1.29.0/1.30.0

Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions.

5.3
2024-07-15 CVE-2024-6398 Skyhighsecurity Unspecified vulnerability in Skyhighsecurity Secure web Gateway

An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios.

5.3
2024-07-15 CVE-2024-6741 Openfind Unspecified vulnerability in Openfind Mail2000 7.0/8.0

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed.

5.3
2024-07-15 CVE-2024-6540 Otrs Unspecified vulnerability in Otrs

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers.

5.3
2024-07-15 CVE-2024-39740 IBM Unspecified vulnerability in IBM Datacap and Datacap Navigator

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system.

5.3
2024-07-15 CVE-2024-39741 IBM Path Traversal vulnerability in IBM Datacap and Datacap Navigator

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system.

5.3
2024-07-15 CVE-2024-6738 Wisdomgarden Unspecified vulnerability in Wisdomgarden Tronclass

The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing unauthenticated remote attackers to obtain certain specific files by modifying the URL.

5.3
2024-07-15 CVE-2024-39737 IBM Information Exposure Through an Error Message vulnerability in IBM Datacap and Datacap Navigator

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

5.3
2024-07-21 CVE-2024-6936 Formtools Code Injection vulnerability in Formtools Form Tools 3.1.1

A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1.

4.9
2024-07-16 CVE-2024-20996 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

4.9
2024-07-16 CVE-2024-21125 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS).

4.9
2024-07-16 CVE-2024-21127 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).

4.9
2024-07-16 CVE-2024-21129 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).

4.9
2024-07-16 CVE-2024-21130 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.9
2024-07-16 CVE-2024-21135 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.9
2024-07-16 CVE-2024-21137 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.9
2024-07-16 CVE-2024-21142 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).

4.9
2024-07-16 CVE-2024-21157 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

4.9
2024-07-16 CVE-2024-21159 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

4.9
2024-07-16 CVE-2024-21160 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

4.9
2024-07-16 CVE-2024-21162 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.9
2024-07-16 CVE-2024-21165 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth).

4.9
2024-07-16 CVE-2024-21173 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

4.9
2024-07-16 CVE-2024-21179 Oracle Unspecified vulnerability in Oracle Mysql Server

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

4.9
2024-07-16 CVE-2024-21185 Oracle Unspecified vulnerability in Oracle Mysql Server 8.0.38/8.4.1/9.0.0

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

4.9
2024-07-21 CVE-2024-37446 Kibokolabs Cross-site Scripting vulnerability in Kibokolabs Chained Quiz

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Chained Quiz allows Stored XSS.This issue affects Chained Quiz: from n/a through 1.3.2.8.

4.8
2024-07-21 CVE-2024-37447 Pixelyoursite Cross-site Scripting vulnerability in Pixelyoursite

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager allows Stored XSS.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through 9.6.1.1.

4.8
2024-07-21 CVE-2024-37449 Themepunch Cross-site Scripting vulnerability in Themepunch Slider Revolution

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.7.13.

4.8
2024-07-21 CVE-2024-38784 Livemesh Cross-site Scripting vulnerability in Livemesh Beaver Builder Addons

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Beaver Builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through 3.6.1.

4.8
2024-07-21 CVE-2024-37522 Dcurasi Cross-site Scripting vulnerability in Dcurasi CC & BCC for Woocommerce Order Emails

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dario Curasì CC & BCC for Woocommerce Order Emails allows Stored XSS.This issue affects CC & BCC for Woocommerce Order Emails: from n/a through 1.4.1.

4.8
2024-07-21 CVE-2024-37549 Pdfcrowd Cross-site Scripting vulnerability in Pdfcrowd Save AS PDF

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.0.0.

4.8
2024-07-21 CVE-2024-37550 Envato Cross-site Scripting vulnerability in Envato Template KIT - Export

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Envato Template Kit – Export allows Stored XSS.This issue affects Template Kit – Export: from n/a through 1.0.22.

4.8
2024-07-21 CVE-2024-37556 Seedprod Cross-site Scripting vulnerability in Seedprod Wordpress Notification BAR

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SeedProd WordPress Notification Bar allows Stored XSS.This issue affects WordPress Notification Bar: from n/a through 1.3.10.

4.8
2024-07-21 CVE-2024-37557 Sohamsolution Cross-site Scripting vulnerability in Sohamsolution WP Cookie LAW Info

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Soham Web Solution WP Cookie Law Info allows Stored XSS.This issue affects WP Cookie Law Info: from n/a through 1.1.

4.8
2024-07-21 CVE-2024-37558 Nihal Cross-site Scripting vulnerability in Nihal Wpfavicon

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nazmul Hossain Nihal WPFavicon allows Stored XSS.This issue affects WPFavicon: from n/a through 2.1.1.

4.8
2024-07-21 CVE-2024-6935 Formtools Cross-site Scripting vulnerability in Formtools Form Tools 3.1.1

A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1.

4.8
2024-07-21 CVE-2024-6934 Formtools Cross-site Scripting vulnerability in Formtools Form Tools 3.1.1

A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1.

4.8
2024-07-17 CVE-2024-6669 Quantumcloud Cross-site Scripting vulnerability in Quantumcloud AI Chatbot

The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping.

4.8
2024-07-16 CVE-2024-21140 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
4.8
2024-07-16 CVE-2024-21145 Oracle
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D).
4.8
2024-07-16 CVE-2024-21148 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization).

4.8
2024-07-17 CVE-2023-52291 Apache Command Injection vulnerability in Apache Streampark

In streampark, the project module integrates Maven's compilation capabilities.

4.7
2024-07-17 CVE-2024-29737 Apache Command Injection vulnerability in Apache Streampark

In streampark, the project module integrates Maven's compilation capabilities.

4.7
2024-07-16 CVE-2024-21155 Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: User Interface).
4.7
2024-07-16 CVE-2022-48842 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ice: Fix race condition during interface enslave Commit 5dbbbd01cbba83 ("ice: Avoid RTNL lock when re-creating auxiliary device") changes a process of re-creation of aux device so ice_plug_aux_dev() is called from ice_service_task() context. This unfortunately opens a race window that can result in dead-lock when interface has left LAG and immediately enters LAG again. Reproducer: ``` #!/bin/sh ip link add lag0 type bond mode 1 miimon 100 ip link set lag0 for n in {1..10}; do echo Cycle: $n ip link set ens7f0 master lag0 sleep 1 ip link set ens7f0 nomaster done ``` This results in: [20976.208697] Workqueue: ice ice_service_task [ice] [20976.213422] Call Trace: [20976.215871] __schedule+0x2d1/0x830 [20976.219364] schedule+0x35/0xa0 [20976.222510] schedule_preempt_disabled+0xa/0x10 [20976.227043] __mutex_lock.isra.7+0x310/0x420 [20976.235071] enum_all_gids_of_dev_cb+0x1c/0x100 [ib_core] [20976.251215] ib_enum_roce_netdev+0xa4/0xe0 [ib_core] [20976.256192] ib_cache_setup_one+0x33/0xa0 [ib_core] [20976.261079] ib_register_device+0x40d/0x580 [ib_core] [20976.266139] irdma_ib_register_device+0x129/0x250 [irdma] [20976.281409] irdma_probe+0x2c1/0x360 [irdma] [20976.285691] auxiliary_bus_probe+0x45/0x70 [20976.289790] really_probe+0x1f2/0x480 [20976.298509] driver_probe_device+0x49/0xc0 [20976.302609] bus_for_each_drv+0x79/0xc0 [20976.306448] __device_attach+0xdc/0x160 [20976.310286] bus_probe_device+0x9d/0xb0 [20976.314128] device_add+0x43c/0x890 [20976.321287] __auxiliary_device_add+0x43/0x60 [20976.325644] ice_plug_aux_dev+0xb2/0x100 [ice] [20976.330109] ice_service_task+0xd0c/0xed0 [ice] [20976.342591] process_one_work+0x1a7/0x360 [20976.350536] worker_thread+0x30/0x390 [20976.358128] kthread+0x10a/0x120 [20976.365547] ret_from_fork+0x1f/0x40 ... [20976.438030] task:ip state:D stack: 0 pid:213658 ppid:213627 flags:0x00004084 [20976.446469] Call Trace: [20976.448921] __schedule+0x2d1/0x830 [20976.452414] schedule+0x35/0xa0 [20976.455559] schedule_preempt_disabled+0xa/0x10 [20976.460090] __mutex_lock.isra.7+0x310/0x420 [20976.464364] device_del+0x36/0x3c0 [20976.467772] ice_unplug_aux_dev+0x1a/0x40 [ice] [20976.472313] ice_lag_event_handler+0x2a2/0x520 [ice] [20976.477288] notifier_call_chain+0x47/0x70 [20976.481386] __netdev_upper_dev_link+0x18b/0x280 [20976.489845] bond_enslave+0xe05/0x1790 [bonding] [20976.494475] do_setlink+0x336/0xf50 [20976.502517] __rtnl_newlink+0x529/0x8b0 [20976.543441] rtnl_newlink+0x43/0x60 [20976.546934] rtnetlink_rcv_msg+0x2b1/0x360 [20976.559238] netlink_rcv_skb+0x4c/0x120 [20976.563079] netlink_unicast+0x196/0x230 [20976.567005] netlink_sendmsg+0x204/0x3d0 [20976.570930] sock_sendmsg+0x4c/0x50 [20976.574423] ____sys_sendmsg+0x1eb/0x250 [20976.586807] ___sys_sendmsg+0x7c/0xc0 [20976.606353] __sys_sendmsg+0x57/0xa0 [20976.609930] do_syscall_64+0x5b/0x1a0 [20976.613598] entry_SYSCALL_64_after_hwframe+0x65/0xca 1.

4.7
2024-07-20 CVE-2024-6491 The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10.
4.3
2024-07-20 CVE-2024-5804 The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13.
4.3
2024-07-19 CVE-2024-6799 Yithemes Missing Authorization vulnerability in Yithemes Yith Essential KIT for Woocommerce

The YITH Essential Kit for WooCommerce #1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_module', 'deactivate_module', and 'install_module' functions in all versions up to, and including, 2.34.0.

4.3
2024-07-18 CVE-2024-5997 The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_user and duplicate_post functions in all versions up to, and including, 0.6.
4.3
2024-07-18 CVE-2024-6599 The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajax_save_settings function in all versions up to, and including, 1.0.11.
4.3
2024-07-17 CVE-2024-31979 Apache Server-Side Request Forgery (SSRF) vulnerability in Apache Streampipes

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements.

4.3
2024-07-17 CVE-2024-5703 Icegram Missing Authorization vulnerability in Icegram Email Subscribers & Newsletters

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26.

4.3
2024-07-17 CVE-2024-6033 Themewinter Missing Authorization vulnerability in Themewinter Eventin

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file' function in all versions up to, and including, 4.0.4.

4.3
2024-07-16 CVE-2024-21134 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling).

4.3
2024-07-16 CVE-2024-21154 Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Human Resources).
4.3
2024-07-16 CVE-2024-6621 Rebelcode Unspecified vulnerability in Rebelcode RSS Aggregator

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wprss_activate_feed_source' and 'wprss_pause_feed_source' functions in all versions up to, and including, 4.23.11.

4.3
2024-07-16 CVE-2024-6579 The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to unauthorized plugin settings modification due to a missing capability check on several plugin functions in all versions up to, and including, 1.4.5.
4.3
2024-07-16 CVE-2024-5852 Iptanus Path Traversal vulnerability in Iptanus Wordpress File Upload

The WordPress File Upload plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.24.7 via the 'uploadpath' parameter of the wordpress_file_upload shortcode.

4.3
2024-07-15 CVE-2024-39729 IBM Unspecified vulnerability in IBM Datacap and Datacap Navigator

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system.

4.3
2024-07-15 CVE-2024-39739 IBM Server-Side Request Forgery (SSRF) vulnerability in IBM Datacap and Datacap Navigator

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF).

4.3
2024-07-17 CVE-2024-6807 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Student Study Center Desk Management System 1.0

A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic.

4.1
2024-07-16 CVE-2024-21180 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.59/8.60/8.61

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards).

4.1

13 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-07-17 CVE-2023-42010 IBM Unspecified vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques.

3.7
2024-07-17 CVE-2024-30471 Apache Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Streampipes

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

3.7
2024-07-16 CVE-2024-21131 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
3.7
2024-07-16 CVE-2024-21138 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
3.7
2024-07-16 CVE-2024-21144 Oracle
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency).
3.7
2024-07-16 CVE-2024-21151 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem).
3.3
2024-07-16 CVE-2022-48852 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind On bind we will register the HDMI codec device but we don't unregister it on unbind, leading to a device leakage.

3.3
2024-07-15 CVE-2024-41007 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4.

3.3
2024-07-16 CVE-2024-21174 Vulnerability in the Java VM component of Oracle Database Server.
3.1
2024-07-21 CVE-2024-6937 Formtools Unspecified vulnerability in Formtools Form Tools 3.1.1

A vulnerability, which was classified as problematic, was found in formtools.org Form Tools 3.1.1.

2.7
2024-07-20 CVE-2024-6694 The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1.
2.7
2024-07-16 CVE-2024-21164 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.5
2024-07-16 CVE-2024-21123 Vulnerability in the Oracle Database Core component of Oracle Database Server.
2.3