Weekly Vulnerabilities Reports > August 19 to 25, 2024
Overview
450 new vulnerabilities reported during this period, including 73 critical vulnerabilities and 153 high severity vulnerabilities. This weekly summary report vulnerabilities in 220 products from 135 vendors including Linux, Google, Pligg, Adobe, and Dlink. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "NULL Pointer Dereference", "Cross-Site Request Forgery (CSRF)", and "Use After Free".
- 324 reported vulnerabilities are remotely exploitables.
- 165 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 208 reported vulnerabilities are exploitable by an anonymous user.
- Linux has the most reported vulnerabilities, with 103 reported vulnerabilities.
- Dlink has the most reported critical vulnerabilities, with 11 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
73 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-08-19 | CVE-2024-43242 | Wpindeed | Deserialization of Untrusted Data vulnerability in Wpindeed Ultimate Membership PRO Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6. | 10.0 |
2024-08-25 | CVE-2024-8146 | Pharmacy Management System Project | SQL Injection vulnerability in Pharmacy Management System Project Pharmacy Management System 1.0 A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. | 9.8 |
2024-08-25 | CVE-2024-8138 | Pharmacy Management System Project | SQL Injection vulnerability in Pharmacy Management System Project Pharmacy Management System 1.0 A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. | 9.8 |
2024-08-25 | CVE-2024-8139 | Angeljudesuarez | SQL Injection vulnerability in Angeljudesuarez E-Commerce Website 1.0 A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical. | 9.8 |
2024-08-24 | CVE-2024-45237 | Nicmx | Classic Buffer Overflow vulnerability in Nicmx Fort-Validator An issue was discovered in Fort before 1.6.3. | 9.8 |
2024-08-24 | CVE-2024-8135 | Gotribe | Use of Hard-coded Credentials vulnerability in Gotribe A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. | 9.8 |
2024-08-24 | CVE-2024-8134 | Dlink | OS Command Injection vulnerability in Dlink products A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. | 9.8 |
2024-08-24 | CVE-2024-8133 | Dlink | OS Command Injection vulnerability in Dlink products A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. | 9.8 |
2024-08-24 | CVE-2024-8131 | Dlink | OS Command Injection vulnerability in Dlink products A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. | 9.8 |
2024-08-24 | CVE-2024-8132 | Dlink | OS Command Injection vulnerability in Dlink products A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. | 9.8 |
2024-08-24 | CVE-2024-8130 | Dlink | OS Command Injection vulnerability in Dlink products A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. | 9.8 |
2024-08-24 | CVE-2024-8129 | Dlink | OS Command Injection vulnerability in Dlink products A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. | 9.8 |
2024-08-24 | CVE-2024-8128 | Dlink | OS Command Injection vulnerability in Dlink products A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. | 9.8 |
2024-08-24 | CVE-2024-8127 | Dlink | OS Command Injection vulnerability in Dlink products A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. | 9.8 |
2024-08-23 | CVE-2024-44381 | Dlink | Unspecified vulnerability in Dlink DI 8004W Firmware 16.07.26A1 D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function. | 9.8 |
2024-08-23 | CVE-2024-44382 | Dlink | Unspecified vulnerability in Dlink DI 8004W Firmware 16.07.26A1 D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function. | 9.8 |
2024-08-23 | CVE-2024-43782 | Openedx | Injection vulnerability in Openedx Redwood1/Redwood2 This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. | 9.8 |
2024-08-23 | CVE-2024-40766 | Sonicwall | Unspecified vulnerability in Sonicwall Sonicos An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. | 9.8 |
2024-08-23 | CVE-2024-8089 | Janobe | Unrestricted Upload of File with Dangerous Type vulnerability in Janobe E-Commerce System 1.0 A vulnerability was found in SourceCodester E-Commerce System 1.0. | 9.8 |
2024-08-22 | CVE-2024-8086 | Janobe | SQL Injection vulnerability in Janobe E-Commerce System 1.0 A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as critical. | 9.8 |
2024-08-22 | CVE-2024-8087 | Janobe | SQL Injection vulnerability in Janobe E-Commerce System 1.0 A vulnerability was found in SourceCodester E-Commerce System 1.0 and classified as critical. | 9.8 |
2024-08-22 | CVE-2024-8081 | Kevinwong | SQL Injection vulnerability in Kevinwong Payroll Management System 1.0 A vulnerability classified as critical was found in itsourcecode Payroll Management System 1.0. | 9.8 |
2024-08-22 | CVE-2024-8078 | Totolink | Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.862B20230228 A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. | 9.8 |
2024-08-22 | CVE-2024-8079 | Totolink | Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.862B20230228 A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. | 9.8 |
2024-08-22 | CVE-2024-8080 | Online Health Care System Project | SQL Injection vulnerability in Online Health Care System Project Online Health Care System 1.0 A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0. | 9.8 |
2024-08-22 | CVE-2024-8075 | Totolink | OS Command Injection vulnerability in Totolink T8 Firmware 4.1.5Cu.862B20230228 A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. | 9.8 |
2024-08-22 | CVE-2024-8076 | Totolink | Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.862B20230228 A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. | 9.8 |
2024-08-22 | CVE-2024-8077 | Totolink | OS Command Injection vulnerability in Totolink T8 Firmware 4.1.5Cu.862B20230228 A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. | 9.8 |
2024-08-21 | CVE-2024-42777 | Lopalopa | Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0 An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 |
2024-08-21 | CVE-2024-42781 | Lopalopa | SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter. | 9.8 |
2024-08-21 | CVE-2024-42782 | Lopalopa | SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter. | 9.8 |
2024-08-21 | CVE-2024-42783 | Lopalopa | SQL Injection vulnerability in Lopalopa Music Management System 1.0 Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. | 9.8 |
2024-08-21 | CVE-2024-42784 | Lopalopa | SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. | 9.8 |
2024-08-21 | CVE-2024-40453 | Squirrelly | Code Injection vulnerability in Squirrelly 9.0.0 squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName. | 9.8 |
2024-08-21 | CVE-2024-5335 | The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store_kit_compare_products cookie in versions up to , and including, 1.6.4. | 9.8 | |
2024-08-21 | CVE-2024-7854 | Sjhoo | SQL Injection vulnerability in Sjhoo WOO Inquiry 0.1 The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. | 9.8 |
2024-08-20 | CVE-2024-42361 | Apache | SQL Injection vulnerability in Apache Hertzbeat Hertzbeat is an open source, real-time monitoring system. | 9.8 |
2024-08-20 | CVE-2024-6800 | Github | Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. | 9.8 |
2024-08-20 | CVE-2024-30949 | Newlib Project | Integer Overflow or Wraparound vulnerability in Newlib Project Newlib 4.3.0 An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function. | 9.8 |
2024-08-20 | CVE-2024-43404 | Megacord | Code Injection vulnerability in Megacord Megabot MEGABOT is a fully customized Discord bot for learning and fun. | 9.8 |
2024-08-20 | CVE-2024-8003 | Gotribe | Deserialization of Untrusted Data vulnerability in Gotribe Gotribe-Admin 1.0 A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. | 9.8 |
2024-08-20 | CVE-2024-8005 | Demozx | Use of Hard-coded Credentials vulnerability in Demozx GF CMS A vulnerability was found in demozx gf_cms 1.0/1.0.1. | 9.8 |
2024-08-20 | CVE-2024-42336 | Servision | Improper Authentication vulnerability in Servision IVG Webmax 1.0.57 Servision - CWE-287: Improper Authentication | 9.8 |
2024-08-20 | CVE-2024-42566 | Arajajyothibabu | SQL Injection vulnerability in Arajajyothibabu School Management System School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php | 9.8 |
2024-08-20 | CVE-2024-42567 | Arajajyothibabu | SQL Injection vulnerability in Arajajyothibabu School Management System School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2. | 9.8 |
2024-08-20 | CVE-2024-42568 | Arajajyothibabu | SQL Injection vulnerability in Arajajyothibabu School Management System School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php. | 9.8 |
2024-08-20 | CVE-2024-42570 | Arajajyothibabu | SQL Injection vulnerability in Arajajyothibabu School Management System School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php. | 9.8 |
2024-08-20 | CVE-2024-42572 | Arajajyothibabu | SQL Injection vulnerability in Arajajyothibabu School Management System School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php. | 9.8 |
2024-08-20 | CVE-2024-42573 | Arajajyothibabu | SQL Injection vulnerability in Arajajyothibabu School Management System School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php. | 9.8 |
2024-08-20 | CVE-2024-42574 | Arajajyothibabu | SQL Injection vulnerability in Arajajyothibabu School Management System School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php. | 9.8 |
2024-08-20 | CVE-2024-42575 | Arajajyothibabu | SQL Injection vulnerability in Arajajyothibabu School Management System School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php. | 9.8 |
2024-08-20 | CVE-2024-5932 | Givewp | Deserialization of Untrusted Data vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. | 9.8 |
2024-08-20 | CVE-2024-7946 | Adonesevangelista | SQL Injection vulnerability in Adonesevangelista Online Blood Bank Management System 1.0 A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. | 9.8 |
2024-08-20 | CVE-2024-7947 | Janobe | SQL Injection vulnerability in Janobe Point of Sales and Inventory Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0. | 9.8 |
2024-08-20 | CVE-2024-7937 | Project Expense Monitoring System Project | SQL Injection vulnerability in Project Expense Monitoring System Project Expense Monitoring System 1.0 A vulnerability classified as critical was found in itsourcecode Project Expense Monitoring System 1.0. | 9.8 |
2024-08-20 | CVE-2024-7936 | Project Expense Monitoring System Project | SQL Injection vulnerability in Project Expense Monitoring System Project Expense Monitoring System 1.0 A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. | 9.8 |
2024-08-19 | CVE-2024-7933 | Project Expense Monitoring System Project | SQL Injection vulnerability in Project Expense Monitoring System Project Expense Monitoring System 1.0 A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. | 9.8 |
2024-08-19 | CVE-2024-7934 | Project Expense Monitoring System Project | SQL Injection vulnerability in Project Expense Monitoring System Project Expense Monitoring System 1.0 A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. | 9.8 |
2024-08-19 | CVE-2024-7935 | Project Expense Monitoring System Project | SQL Injection vulnerability in Project Expense Monitoring System Project Expense Monitoring System 1.0 A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. | 9.8 |
2024-08-19 | CVE-2024-42812 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-860L Firmware 2.0.3 In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. | 9.8 |
2024-08-19 | CVE-2024-42658 | Nepstech | Unspecified vulnerability in Nepstech Ntpl-Xpon1Gfevn Firmware 1.0 An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the cookie's parameter | 9.8 |
2024-08-19 | CVE-2024-43240 | Wpindeed | Unspecified vulnerability in Wpindeed Ultimate Membership PRO Improper Privilege Management vulnerability in azzaroco Ultimate Membership Pro allows Privilege Escalation.This issue affects Ultimate Membership Pro: from n/a through 12.6. | 9.8 |
2024-08-19 | CVE-2024-43399 | Opensecurity | Path Traversal vulnerability in Opensecurity Mobile Security Framework Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. | 9.8 |
2024-08-19 | CVE-2024-7922 | Dell | Command Injection vulnerability in Dell products A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. | 9.8 |
2024-08-19 | CVE-2024-44076 | Microcks | Unspecified vulnerability in Microcks In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access. | 9.8 |
2024-08-19 | CVE-2024-7921 | Jielink Jsotc2016 Project | Unspecified vulnerability in Jielink+ Jsotc2016 Project Jielink+ Jsotc2016 A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 and classified as problematic. | 9.8 |
2024-08-19 | CVE-2024-7919 | Jielink Jsotc2016 Project | Unspecified vulnerability in Jielink+ Jsotc2016 Project Jielink+ Jsotc2016 A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. | 9.8 |
2024-08-19 | CVE-2024-7920 | Jielink Jsotc2016 Project | Unspecified vulnerability in Jielink+ Jsotc2016 Project Jielink+ Jsotc2016 A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. | 9.8 |
2024-08-20 | CVE-2024-38175 | An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network. | 9.6 | |
2024-08-21 | CVE-2024-28987 | Solarwinds | Use of Hard-coded Credentials vulnerability in Solarwinds web Help Desk The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. | 9.1 |
2024-08-19 | CVE-2024-43248 | Bitapps | Path Traversal vulnerability in Bitapps BIT Form Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4. | 9.1 |
2024-08-20 | CVE-2024-35540 | Typecho | Cross-site Scripting vulnerability in Typecho A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 9.0 |
2024-08-20 | CVE-2024-7777 | Bitapps | Path Traversal vulnerability in Bitapps Contact Form Builder The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. | 9.0 |
153 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-08-25 | CVE-2024-8147 | Pharmacy Management System Project | SQL Injection vulnerability in Pharmacy Management System Project Pharmacy Management System 1.0 A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. | 8.8 |
2024-08-24 | CVE-2024-7656 | The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function. | 8.8 | |
2024-08-23 | CVE-2024-44390 | Tencacn | Out-of-bounds Write vulnerability in Tencacn Fh1206 Firmware 1.2.0.8(8155)En Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafeset. | 8.8 |
2024-08-23 | CVE-2024-36514 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option. | 8.8 |
2024-08-23 | CVE-2024-36515 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard. | 8.8 |
2024-08-23 | CVE-2024-36516 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard. | 8.8 |
2024-08-23 | CVE-2024-36517 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module. | 8.8 |
2024-08-23 | CVE-2024-5466 | Zoho Zohocorp | Code Injection vulnerability in multiple products Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. | 8.8 |
2024-08-23 | CVE-2024-5467 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report. | 8.8 |
2024-08-23 | CVE-2024-5490 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option. | 8.8 |
2024-08-23 | CVE-2024-5556 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module. | 8.8 |
2024-08-23 | CVE-2024-5586 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. | 8.8 |
2024-08-23 | CVE-2024-7258 | Wpmarketingrobot | Missing Authorization vulnerability in Wpmarketingrobot Woocommerce Google Feed Manager The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and including, 2.8.0. | 8.8 |
2024-08-23 | CVE-2024-7559 | The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. | 8.8 | |
2024-08-22 | CVE-2024-8083 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. | 8.8 |
2024-08-22 | CVE-2024-40886 | Mattermost | Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console. | 8.8 |
2024-08-22 | CVE-2024-7384 | Acymailing | Unrestricted Upload of File with Dangerous Type vulnerability in Acymailing The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and including, 9.7.2. | 8.8 |
2024-08-21 | CVE-2024-6386 | Wpml | Code Injection vulnerability in Wpml The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. | 8.8 |
2024-08-21 | CVE-2024-7964 | Use After Free vulnerability in Google Chrome Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2024-08-21 | CVE-2024-7965 | Google Microsoft | Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2024-08-21 | CVE-2024-7966 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. | 8.8 | |
2024-08-21 | CVE-2024-7967 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2024-08-21 | CVE-2024-7968 | Use After Free vulnerability in Google Chrome Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2024-08-21 | CVE-2024-7969 | Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2024-08-21 | CVE-2024-7971 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. | 8.8 | |
2024-08-21 | CVE-2024-7972 | Unspecified vulnerability in Google Chrome Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 8.8 | |
2024-08-21 | CVE-2024-7973 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | 8.8 | |
2024-08-21 | CVE-2024-7974 | Unspecified vulnerability in Google Chrome Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. | 8.8 | |
2024-08-21 | CVE-2024-42778 | Lopalopa | Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0 An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. | 8.8 |
2024-08-21 | CVE-2024-42779 | Lopalopa | Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0 An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. | 8.8 |
2024-08-21 | CVE-2024-42780 | Lopalopa | Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0 An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. | 8.8 |
2024-08-21 | CVE-2024-42785 | Lopalopa | SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. | 8.8 |
2024-08-21 | CVE-2024-42786 | Lopalopa | SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page. | 8.8 |
2024-08-21 | CVE-2024-6813 | Netgear | SQL Injection vulnerability in Netgear Prosafe Network Management System 1.7.0.34 NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability. | 8.8 |
2024-08-21 | CVE-2024-6814 | Netgear | SQL Injection vulnerability in Netgear Prosafe Network Management System 1.7.0.34 NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability. | 8.8 |
2024-08-21 | CVE-2024-7723 | Foxit | Use After Free vulnerability in Foxit PDF Editor and PDF Reader Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. | 8.8 |
2024-08-21 | CVE-2024-7724 | Foxit | Use After Free vulnerability in Foxit PDF Editor and PDF Reader Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. | 8.8 |
2024-08-21 | CVE-2024-7725 | Foxit | Use After Free vulnerability in Foxit PDF Editor and PDF Reader Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. | 8.8 |
2024-08-21 | CVE-2024-7795 | Autel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autel Maxicharger AC Elite Business C50 Firmware Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. | 8.8 |
2024-08-20 | CVE-2024-41657 | Casbin | Incorrect Comparison vulnerability in Casbin Casdoor Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. | 8.8 |
2024-08-20 | CVE-2024-42362 | Apache | Deserialization of Untrusted Data vulnerability in Apache Hertzbeat Hertzbeat is an open source, real-time monitoring system. | 8.8 |
2024-08-20 | CVE-2024-31842 | Italtel | Unspecified vulnerability in Italtel Embrace 1.6.4 An issue was discovered in Italtel Embrace 1.6.4. | 8.8 |
2024-08-20 | CVE-2024-39690 | Projectcapsule | Incorrect Authorization vulnerability in Projectcapsule Capsule Capsule is a multi-tenancy and policy-based framework for Kubernetes. | 8.8 |
2024-08-20 | CVE-2024-42603 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall | 8.8 |
2024-08-20 | CVE-2024-42604 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3 | 8.8 |
2024-08-20 | CVE-2024-42605 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1 | 8.8 |
2024-08-20 | CVE-2024-42606 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1 | 8.8 |
2024-08-20 | CVE-2024-42607 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database | 8.8 |
2024-08-20 | CVE-2024-42609 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars | 8.8 |
2024-08-20 | CVE-2024-42610 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files | 8.8 |
2024-08-20 | CVE-2024-42611 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete | 8.8 |
2024-08-20 | CVE-2024-42613 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet | 8.8 |
2024-08-20 | CVE-2024-42616 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics | 8.8 |
2024-08-20 | CVE-2024-42617 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32 | 8.8 |
2024-08-20 | CVE-2024-42618 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma | 8.8 |
2024-08-20 | CVE-2024-42621 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php | 8.8 |
2024-08-20 | CVE-2024-43406 | Lfedge | SQL Injection vulnerability in Lfedge Ekuiper LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. | 8.8 |
2024-08-20 | CVE-2024-42608 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php. | 8.8 |
2024-08-20 | CVE-2024-42577 | Siamonhasan | Cross-Site Request Forgery (CSRF) vulnerability in Siamonhasan Warehouse Inventory System 2.0 A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | 8.8 |
2024-08-20 | CVE-2024-42579 | Siamonhasan | Cross-Site Request Forgery (CSRF) vulnerability in Siamonhasan Warehouse Inventory System 2.0 A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | 8.8 |
2024-08-20 | CVE-2024-42580 | Siamonhasan | Cross-Site Request Forgery (CSRF) vulnerability in Siamonhasan Warehouse Inventory System 2.0 A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | 8.8 |
2024-08-20 | CVE-2024-42581 | Siamonhasan | Cross-Site Request Forgery (CSRF) vulnerability in Siamonhasan Warehouse Inventory System 2.0 A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | 8.8 |
2024-08-20 | CVE-2024-42582 | Siamonhasan | Cross-Site Request Forgery (CSRF) vulnerability in Siamonhasan Warehouse Inventory System 2.0 A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | 8.8 |
2024-08-20 | CVE-2024-42583 | Siamonhasan | Cross-Site Request Forgery (CSRF) vulnerability in Siamonhasan Warehouse Inventory System 2.0 A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | 8.8 |
2024-08-20 | CVE-2024-42584 | Siamonhasan | Cross-Site Request Forgery (CSRF) vulnerability in Siamonhasan Warehouse Inventory System 2.0 A Cross-Site Request Forgery (CSRF) in the component delete_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | 8.8 |
2024-08-20 | CVE-2024-7827 | The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘model_number’ parameter in all versions up to, and including, 5.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 | |
2024-08-20 | CVE-2024-7944 | Adonesevangelista | Unrestricted Upload of File with Dangerous Type vulnerability in Adonesevangelista Laravel Property Management System 1.0 A vulnerability was found in itsourcecode Laravel Property Management System 1.0. | 8.8 |
2024-08-20 | CVE-2024-7949 | Tamparongj 03 | SQL Injection vulnerability in Tamparongj 03 Online Graduate Tracer System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Online Graduate Tracer System up to 1.0. | 8.8 |
2024-08-20 | CVE-2024-7943 | Adonesevangelista | Unrestricted Upload of File with Dangerous Type vulnerability in Adonesevangelista Laravel Property Management System 1.0 A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical. | 8.8 |
2024-08-19 | CVE-2024-7930 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Clinic Patient Management System 1.0 A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. | 8.8 |
2024-08-19 | CVE-2024-7931 | Tamparongj 03 | SQL Injection vulnerability in Tamparongj 03 Online Graduate Tracer System 1.0 A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. | 8.8 |
2024-08-19 | CVE-2024-43249 | Bitapps | Unrestricted Upload of File with Dangerous Type vulnerability in Bitapps BIT Form Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4. | 8.8 |
2024-08-19 | CVE-2024-42633 | Linksys | OS Command Injection vulnerability in Linksys E1500 Firmware 1.0.06.001 A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. | 8.8 |
2024-08-24 | CVE-2022-43915 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM APP Connect Enterprise Certified Container IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. | 8.1 |
2024-08-24 | CVE-2024-7568 | Pixeljar | Cross-Site Request Forgery (CSRF) vulnerability in Pixeljar Favicon Generator The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. | 8.1 |
2024-08-21 | CVE-2024-5762 | ZEN Cart | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Zen-Cart ZEN Cart 1.5.8A Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. | 8.1 |
2024-08-21 | CVE-2024-7600 | Logsign | Path Traversal vulnerability in Logsign Unified Secops Platform 6.4.20 Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. | 8.1 |
2024-08-21 | CVE-2024-7601 | Logsign | Path Traversal vulnerability in Logsign Unified Secops Platform 6.4.20 Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability. | 8.1 |
2024-08-21 | CVE-2024-7603 | Logsign | Path Traversal vulnerability in Logsign Unified Secops Platform 6.4.20 Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. | 8.1 |
2024-08-21 | CVE-2024-8007 | Redhat | Improper Certificate Validation vulnerability in Redhat Openstack Platform 16.1/16.2/17.1 A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. | 8.1 |
2024-08-21 | CVE-2024-7448 | Magnetforensics | OS Command Injection vulnerability in Magnetforensics Axiom 8.0.0.39753 Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. | 8.0 |
2024-08-19 | CVE-2024-43401 | Xwiki | Missing Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.0 |
2024-08-23 | CVE-2024-43791 | Steveklabnik | Incorrect Default Permissions vulnerability in Steveklabnik Request Store 1.3.2 RequestStore provides per-request global storage for Rack. | 7.8 |
2024-08-22 | CVE-2024-38209 | Microsoft | Type Confusion vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 7.8 |
2024-08-22 | CVE-2024-38210 | Microsoft | Out-of-bounds Read vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 7.8 |
2024-08-22 | CVE-2022-48926 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: add spinlock for rndis response list There's no lock for rndis response list. | 7.8 |
2024-08-22 | CVE-2022-48927 | Linux | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: iio: adc: tsc2046: fix memory corruption by preventing array overflow On one side we have indio_dev->num_channels includes all physical channels + timestamp channel. | 7.8 |
2024-08-22 | CVE-2022-48943 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvm_arch_can_dequeue_async_page_present() to determine whether to deliver a READY event to the Guest. | 7.8 |
2024-08-22 | CVE-2022-48912 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been released, because other threads might have freed our allocated hooks already. BUG: KASAN: use-after-free in nf_hook_entries_get_hook_ops include/linux/netfilter.h:130 [inline] BUG: KASAN: use-after-free in hooks_validate net/netfilter/core.c:171 [inline] BUG: KASAN: use-after-free in __nf_register_net_hook+0x77a/0x820 net/netfilter/core.c:438 Read of size 2 at addr ffff88801c1a8000 by task syz-executor237/4430 CPU: 1 PID: 4430 Comm: syz-executor237 Not tainted 5.17.0-rc5-syzkaller-00306-g2293be58d6a1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x336 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 nf_hook_entries_get_hook_ops include/linux/netfilter.h:130 [inline] hooks_validate net/netfilter/core.c:171 [inline] __nf_register_net_hook+0x77a/0x820 net/netfilter/core.c:438 nf_register_net_hook+0x114/0x170 net/netfilter/core.c:571 nf_register_net_hooks+0x59/0xc0 net/netfilter/core.c:587 nf_synproxy_ipv6_init+0x85/0xe0 net/netfilter/nf_synproxy_core.c:1218 synproxy_tg6_check+0x30d/0x560 net/ipv6/netfilter/ip6t_SYNPROXY.c:81 xt_check_target+0x26c/0x9e0 net/netfilter/x_tables.c:1038 check_target net/ipv6/netfilter/ip6_tables.c:530 [inline] find_check_entry.constprop.0+0x7f1/0x9e0 net/ipv6/netfilter/ip6_tables.c:573 translate_table+0xc8b/0x1750 net/ipv6/netfilter/ip6_tables.c:735 do_replace net/ipv6/netfilter/ip6_tables.c:1153 [inline] do_ip6t_set_ctl+0x56e/0xb90 net/ipv6/netfilter/ip6_tables.c:1639 nf_setsockopt+0x83/0xe0 net/netfilter/nf_sockopt.c:101 ipv6_setsockopt+0x122/0x180 net/ipv6/ipv6_sockglue.c:1024 rawv6_setsockopt+0xd3/0x6a0 net/ipv6/raw.c:1084 __sys_setsockopt+0x2db/0x610 net/socket.c:2180 __do_sys_setsockopt net/socket.c:2191 [inline] __se_sys_setsockopt net/socket.c:2188 [inline] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2188 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f65a1ace7d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f65a1a7f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f65a1ace7d9 RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 RBP: 00007f65a1b574c8 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000020000000 R11: 0000000000000246 R12: 00007f65a1b55130 R13: 00007f65a1b574c0 R14: 00007f65a1b24090 R15: 0000000000022000 </TASK> The buggy address belongs to the page: page:ffffea0000706a00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c1a8 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 ffffea0001c1b108 ffffea000046dd08 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as freed page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 4430, ts 1061781545818, free_ts 1061791488993 prep_new_page mm/page_alloc.c:2434 [inline] get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4165 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5389 __alloc_pages_node include/linux/gfp.h:572 [inline] alloc_pages_node include/linux/gfp.h:595 [inline] kmalloc_large_node+0x62/0x130 mm/slub.c:4438 __kmalloc_node+0x35a/0x4a0 mm/slub. ---truncated--- | 7.8 |
2024-08-22 | CVE-2022-48913 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debugfs_dir' and 'bt->dir' is NULL, thus blk_trace_free() won't remove those files. | 7.8 |
2024-08-22 | CVE-2022-48919 | Linux | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free the context. In this situation we should not proceed to enter the out: section in cifs_smb3_do_mount() and free the same resources a second time. [Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0 [Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 5.17.0-rc3+ #4 [Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019 [Thu Feb 10 12:59:06 2022] Call Trace: [Thu Feb 10 12:59:06 2022] <IRQ> [Thu Feb 10 12:59:06 2022] dump_stack_lvl+0x5d/0x78 [Thu Feb 10 12:59:06 2022] print_address_description.constprop.0+0x24/0x150 [Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] kasan_report.cold+0x7d/0x117 [Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] __asan_load8+0x86/0xa0 [Thu Feb 10 12:59:06 2022] rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] rcu_core+0x547/0xca0 [Thu Feb 10 12:59:06 2022] ? call_rcu+0x3c0/0x3c0 [Thu Feb 10 12:59:06 2022] ? __this_cpu_preempt_check+0x13/0x20 [Thu Feb 10 12:59:06 2022] ? lock_is_held_type+0xea/0x140 [Thu Feb 10 12:59:06 2022] rcu_core_si+0xe/0x10 [Thu Feb 10 12:59:06 2022] __do_softirq+0x1d4/0x67b [Thu Feb 10 12:59:06 2022] __irq_exit_rcu+0x100/0x150 [Thu Feb 10 12:59:06 2022] irq_exit_rcu+0xe/0x30 [Thu Feb 10 12:59:06 2022] sysvec_hyperv_stimer0+0x9d/0xc0 ... [Thu Feb 10 12:59:07 2022] Freed by task 58179: [Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50 [Thu Feb 10 12:59:07 2022] kasan_set_track+0x25/0x30 [Thu Feb 10 12:59:07 2022] kasan_set_free_info+0x24/0x40 [Thu Feb 10 12:59:07 2022] ____kasan_slab_free+0x137/0x170 [Thu Feb 10 12:59:07 2022] __kasan_slab_free+0x12/0x20 [Thu Feb 10 12:59:07 2022] slab_free_freelist_hook+0xb3/0x1d0 [Thu Feb 10 12:59:07 2022] kfree+0xcd/0x520 [Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0x149/0xbe0 [cifs] [Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs] [Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140 [Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0 [Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210 [Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0 [Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae [Thu Feb 10 12:59:07 2022] Last potentially related work creation: [Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50 [Thu Feb 10 12:59:07 2022] __kasan_record_aux_stack+0xb6/0xc0 [Thu Feb 10 12:59:07 2022] kasan_record_aux_stack_noalloc+0xb/0x10 [Thu Feb 10 12:59:07 2022] call_rcu+0x76/0x3c0 [Thu Feb 10 12:59:07 2022] cifs_umount+0xce/0xe0 [cifs] [Thu Feb 10 12:59:07 2022] cifs_kill_sb+0xc8/0xe0 [cifs] [Thu Feb 10 12:59:07 2022] deactivate_locked_super+0x5d/0xd0 [Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0xab9/0xbe0 [cifs] [Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs] [Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140 [Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0 [Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210 [Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0 [Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae | 7.8 |
2024-08-22 | CVE-2022-48925 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.src_addr outside state checks If the state is not idle then resolve_prepare_src() should immediately fail and no change to global state should happen. | 7.8 |
2024-08-21 | CVE-2024-7977 | Unspecified vulnerability in Google Chrome Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. | 7.8 | |
2024-08-21 | CVE-2024-7979 | Insufficient Verification of Data Authenticity vulnerability in Google Chrome Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. | 7.8 | |
2024-08-21 | CVE-2024-7980 | Insufficient Verification of Data Authenticity vulnerability in Google Chrome Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. | 7.8 | |
2024-08-21 | CVE-2024-5928 | Vipre | Link Following vulnerability in Vipre Advanced Security 12.0.1.214 VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability. | 7.8 |
2024-08-21 | CVE-2024-5929 | Vipre | Uncontrolled Search Path Element vulnerability in Vipre Advanced Security 12.0.1.214 VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. | 7.8 |
2024-08-21 | CVE-2024-5930 | Vipre | Incorrect Permission Assignment for Critical Resource vulnerability in Vipre Advanced Security 12.0.1.214 VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. | 7.8 |
2024-08-21 | CVE-2024-6141 | Windscribe | Path Traversal vulnerability in Windscribe 2.9.9 Windscribe Directory Traversal Local Privilege Escalation Vulnerability. | 7.8 |
2024-08-21 | CVE-2024-6811 | Irfanview | Out-of-bounds Write vulnerability in Irfanview and WSQ IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. | 7.8 |
2024-08-21 | CVE-2024-6812 | Irfanview | Out-of-bounds Write vulnerability in Irfanview and WSQ IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. | 7.8 |
2024-08-21 | CVE-2024-7604 | Logsign | Incorrect Authorization vulnerability in Logsign Unified Secops Platform 6.4.20 Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. | 7.8 |
2024-08-21 | CVE-2020-11847 | Microfocus | OS Command Injection vulnerability in Microfocus Netiq Privileged Access Manager 3.7 SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. | 7.8 |
2024-08-21 | CVE-2023-22576 | Dell | Unspecified vulnerability in Dell Repository Manager 1.1.52/1.2.155/1.3.124 Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. | 7.8 |
2024-08-21 | CVE-2024-37008 | Autodesk | Out-of-bounds Write vulnerability in Autodesk Revit A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. | 7.8 |
2024-08-21 | CVE-2022-48867 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Prevent use after free on completion memory On driver unload any pending descriptors are flushed at the time the interrupt is freed: idxd_dmaengine_drv_remove() -> drv_disable_wq() -> idxd_wq_free_irq() -> idxd_flush_pending_descs(). If there are any descriptors present that need to be flushed this flow triggers a "not present" page fault as below: BUG: unable to handle page fault for address: ff391c97c70c9040 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page The address that triggers the fault is the address of the descriptor that was freed moments earlier via: drv_disable_wq()->idxd_wq_free_resources() Fix the use after free by freeing the descriptors after any possible usage. | 7.8 |
2024-08-21 | CVE-2022-48873 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Don't remove map on creater_process and device_release Do not remove the map from the list on error path in fastrpc_init_create_process, instead call fastrpc_map_put, to avoid use-after-free. | 7.8 |
2024-08-21 | CVE-2022-48874 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free and race in fastrpc_map_find Currently, there is a race window between the point when the mutex is unlocked in fastrpc_map_lookup and the reference count increasing (fastrpc_map_get) in fastrpc_map_find, which can also lead to use-after-free. So lets merge fastrpc_map_find into fastrpc_map_lookup which allows us to both protect the maps list by also taking the &fl->lock spinlock and the reference count, since the spinlock will be released only after. Add take_ref argument to make this suitable for all callers. | 7.8 |
2024-08-21 | CVE-2022-48878 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Fix driver shutdown on closed serdev The driver shutdown callback (which sends EDL_SOC_RESET to the device over serdev) should not be invoked when HCI device is not open (e.g. | 7.8 |
2024-08-21 | CVE-2022-48892 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: sched/core: Fix use-after-free bug in dup_user_cpus_ptr() Since commit 07ec77a1d4e8 ("sched: Allow task CPU affinity to be restricted on asymmetric systems"), the setting and clearing of user_cpus_ptr are done under pi_lock for arm64 architecture. | 7.8 |
2024-08-21 | CVE-2023-52906 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mpls: Fix warning during failed attribute validation The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has a validation type of 'NLA_VALIDATE_FUNCTION'. | 7.8 |
2024-08-21 | CVE-2024-43873 | Linux | Missing Initialization of Resource vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. | 7.8 |
2024-08-19 | CVE-2024-32927 | Use After Free vulnerability in Google Android In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. | 7.8 | |
2024-08-24 | CVE-2024-45234 | Nicmx | Unspecified vulnerability in Nicmx Fort-Validator An issue was discovered in Fort before 1.6.3. | 7.5 |
2024-08-24 | CVE-2024-45236 | Nicmx | Unspecified vulnerability in Nicmx Fort-Validator An issue was discovered in Fort before 1.6.3. | 7.5 |
2024-08-24 | CVE-2024-45239 | Nicmx | NULL Pointer Dereference vulnerability in Nicmx Fort-Validator An issue was discovered in Fort before 1.6.3. | 7.5 |
2024-08-23 | CVE-2024-43477 | Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant. | 7.5 | |
2024-08-22 | CVE-2023-7260 | Opentext | Path Traversal vulnerability in Opentext Cx-E Voice Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. | 7.5 |
2024-08-22 | CVE-2024-39776 | Avtecinc | Sensitive Data Under Web Root vulnerability in Avtecinc Outpost 0810 Firmware and Outpost Uploader Utility Avtec Outpost stores sensitive information in an insecure location without proper access controls in place. | 7.5 |
2024-08-22 | CVE-2024-42418 | Avtecinc | Use of Hard-coded Cryptographic Key vulnerability in Avtecinc Outpost 0810 Firmware and Outpost Uploader Utility Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information. | 7.5 |
2024-08-22 | CVE-2024-39745 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling Connect Direct web Services IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2024-08-21 | CVE-2020-11846 | Microfocus | Unspecified vulnerability in Microfocus Netiq Privileged Access Manager 3.7 A vulnerability found in OpenText Privileged Access Manager that issues a token. | 7.5 |
2024-08-21 | CVE-2024-7885 | Redhat | Unspecified vulnerability in Redhat products A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. | 7.5 |
2024-08-21 | CVE-2023-49198 | Apache | Files or Directories Accessible to External Parties vulnerability in Apache Seatunnel 1.0.0 Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue. | 7.5 |
2024-08-21 | CVE-2024-7651 | Appcheap | SQL Injection vulnerability in Appcheap APP Builder The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
2024-08-20 | CVE-2024-42662 | Apolloconfig | Unspecified vulnerability in Apolloconfig Apollo 2.2.0 An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request. | 7.5 |
2024-08-20 | CVE-2024-34458 | Keyfactor | SQL Injection vulnerability in Keyfactor Command 10.5.0/11.5.0 Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure. | 7.5 |
2024-08-20 | CVE-2024-42006 | Keyfactor | Unspecified vulnerability in Keyfactor AWS Orchestrator Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. | 7.5 |
2024-08-20 | CVE-2024-41698 | Priority Software | Information Exposure vulnerability in Priority-Software Priority 19.1.0.68/22.0 Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 7.5 |
2024-08-20 | CVE-2024-41699 | Priority Software | Files or Directories Accessible to External Parties vulnerability in Priority-Software Priority 19.1.0.68/22.0 Priority – CWE-552: Files or Directories Accessible to External Parties | 7.5 |
2024-08-20 | CVE-2024-41700 | Barix | Information Exposure vulnerability in Barix SIP Client Firmware Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | 7.5 |
2024-08-19 | CVE-2024-7928 | Fastadmin | Path Traversal vulnerability in Fastadmin A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. | 7.5 |
2024-08-19 | CVE-2024-7926 | Zzcms | Path Traversal vulnerability in Zzcms 2023 A vulnerability classified as critical has been found in ZZCMS 2023. | 7.5 |
2024-08-19 | CVE-2024-7927 | Zzcms | Path Traversal vulnerability in Zzcms 2023 A vulnerability classified as critical was found in ZZCMS 2023. | 7.5 |
2024-08-19 | CVE-2024-7592 | Python | Unspecified vulnerability in Python There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. | 7.5 |
2024-08-19 | CVE-2024-7924 | Zzcms | Path Traversal vulnerability in Zzcms 2023 A vulnerability was found in ZZCMS 2023. | 7.5 |
2024-08-19 | CVE-2024-7925 | Zzcms | Unspecified vulnerability in Zzcms 2023 A vulnerability was found in ZZCMS 2023. | 7.5 |
2024-08-19 | CVE-2024-42657 | Nepstech | Missing Encryption of Sensitive Data vulnerability in Nepstech Ntpl-Xpon1Gfevn Firmware 1.0 An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process | 7.5 |
2024-08-19 | CVE-2024-6348 | Nissan Global | Use of Insufficiently Random Values vulnerability in Nissan-Global Blind Spot Protection Sensor ECU Firmware Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests. | 7.5 |
2024-08-19 | CVE-2024-43380 | Floraison | Unspecified vulnerability in Floraison Fugit fugit contains time tools for flor and the floraison group. | 7.5 |
2024-08-19 | CVE-2024-44083 | HEX Rays | Allocation of Resources Without Limits or Throttling vulnerability in Hex-Rays IDA PRO ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. | 7.5 |
2024-08-19 | CVE-2024-44073 | Rust Bitcoin | Out-of-bounds Write vulnerability in Rust-Bitcoin Miniscript The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth. | 7.5 |
2024-08-19 | CVE-2024-44070 | Frrouting Redhat | An issue was discovered in FRRouting (FRR) through 10.1. | 7.5 |
2024-08-24 | CVE-2024-7351 | Presstigers | Deserialization of Untrusted Data vulnerability in Presstigers Simple JOB Board The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. | 7.2 |
2024-08-22 | CVE-2024-39717 | Versa Networks | Unrestricted Upload of File with Dangerous Type vulnerability in Versa-Networks Versa Director The Versa Director GUI provides an option to customize the look and feel of the user interface. | 7.2 |
2024-08-22 | CVE-2024-8071 | Mattermost | Unspecified vulnerability in Mattermost Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role (e.g. | 7.2 |
2024-08-21 | CVE-2024-7134 | The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘form_data’ parameter in all versions up to, and including, 3.3.78 due to insufficient input sanitization and output escaping. | 7.2 | |
2024-08-20 | CVE-2024-7702 | Bitapps | SQL Injection vulnerability in Bitapps Contact Form Builder The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
2024-08-20 | CVE-2024-7780 | Bitapps | SQL Injection vulnerability in Bitapps Contact Form Builder The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
2024-08-21 | CVE-2022-48871 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer Driver's probe allocates memory for RX FIFO (port->rx_fifo) based on default RX FIFO depth, e.g. | 7.1 |
2024-08-21 | CVE-2022-48881 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix refcount leak in amd_pmc_probe pci_get_domain_bus_and_slot() takes reference, the caller should release the reference by calling pci_dev_put() after use. | 7.1 |
2024-08-21 | CVE-2022-48872 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() until map->fl->lock is taken in fastrpc_free_map(), another thread can call fastrpc_map_lookup() and get a reference to a map that is about to be deleted. Rewrite fastrpc_map_get() to only increase the reference count of a map if it's non-zero. | 7.0 |
2024-08-21 | CVE-2024-43882 | Linux | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. | 7.0 |
219 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-08-25 | CVE-2024-8158 | 9Front | Authorization Bypass Through User-Controlled Key vulnerability in 9Front Lib9P A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user. This is due to lib9p not properly verifying that the uname given in the Tauth and Tattach 9p messages matches the client UID returned from the factotum authentication handshake. The only filesystem making use of these functions within the base 9front systems is the experimental hjfs disk filesystem, other disk filesystems (cwfs and gefs) are not affected by this bug. This bug was inherited from Plan 9 and is present in all versions of 9front and is remedied fully in commit 9645ae07eb66a59015e3e118d0024790c37400da. | 6.5 |
2024-08-25 | CVE-2024-42337 | Cyberark | Information Exposure vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 6.5 |
2024-08-23 | CVE-2024-45189 | Mage | Path Traversal vulnerability in Mage Mage-Ai Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request | 6.5 |
2024-08-23 | CVE-2024-44387 | Tencacn | Out-of-bounds Write vulnerability in Tencacn Fh1206 Firmware 1.2.0.8(8155)En Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtraGet. | 6.5 |
2024-08-23 | CVE-2024-42364 | Gethomepage | Authentication Bypass by Spoofing vulnerability in Gethomepage Homepage 0.9.1 Homepage is a highly customizable homepage with Docker and service API integrations. | 6.5 |
2024-08-22 | CVE-2024-6502 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag. | 6.5 |
2024-08-22 | CVE-2024-8041 | Gitlab | Unspecified vulnerability in Gitlab A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. | 6.5 |
2024-08-22 | CVE-2024-35151 | IBM | Missing Authentication for Critical Function vulnerability in IBM Openpages GRC Platform and Openpages With Watson IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. | 6.5 |
2024-08-22 | CVE-2024-7848 | Mediajedi | Authorization Bypass Through User-Controlled Key vulnerability in Mediajedi User Private Files The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc' due to missing validation on the 'docid' user controlled key. | 6.5 |
2024-08-22 | CVE-2024-39836 | Mattermost | Unspecified vulnerability in Mattermost Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset passwords, when they are valid, functional emails. | 6.5 |
2024-08-22 | CVE-2024-42056 | Retool | Information Exposure Through Log Files vulnerability in Retool Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. | 6.5 |
2024-08-21 | CVE-2024-7602 | Logsign | Path Traversal vulnerability in Logsign Unified Secops Platform 6.4.20 Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. | 6.5 |
2024-08-21 | CVE-2024-43371 | Okfn | Server-Side Request Forgery (SSRF) vulnerability in Okfn Ckan CKAN is an open-source data management system for powering data hubs and data portals. | 6.5 |
2024-08-21 | CVE-2024-7032 | Zaytech | Missing Authorization vulnerability in Zaytech Smart Online Order for Clover The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. | 6.5 |
2024-08-20 | CVE-2024-41773 | IBM | Unspecified vulnerability in IBM Global Configuration Management 7.0.2/7.0.3 IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls. | 6.5 |
2024-08-20 | CVE-2024-6337 | Github | Incorrect Authorization vulnerability in Github Enterprise Server An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. | 6.5 |
2024-08-20 | CVE-2024-43409 | Ghost | Improper Authentication vulnerability in Ghost Ghost is a Node.js content management system. | 6.5 |
2024-08-20 | CVE-2024-7782 | Bitapps | Path Traversal vulnerability in Bitapps Contact Form Builder The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. | 6.5 |
2024-08-19 | CVE-2024-43250 | Bitapps | Incorrect Authorization vulnerability in Bitapps BIT Form Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4. | 6.5 |
2024-08-22 | CVE-2024-7110 | Gitlab | Command Injection vulnerability in Gitlab An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection. | 6.4 |
2024-08-20 | CVE-2024-7054 | The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘close_text’ parameter in all versions up to, and including, 1.19.0 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-08-20 | CVE-2024-5576 | The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'course_carousel_skin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-08-23 | CVE-2024-38207 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Edge Chromium Microsoft Edge (HTML-based) Memory Corruption Vulnerability | 6.3 |
2024-08-25 | CVE-2024-8144 | Classcms | Cross-site Scripting vulnerability in Classcms 4.8 A vulnerability classified as problematic was found in ClassCMS 4.8. | 6.1 |
2024-08-24 | CVE-2024-8137 | Jkev | Cross-site Scripting vulnerability in Jkev Record Management System 1.0 A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as problematic. | 6.1 |
2024-08-24 | CVE-2024-8136 | Jkev | Cross-site Scripting vulnerability in Jkev Record Management System 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Record Management System 1.0. | 6.1 |
2024-08-24 | CVE-2023-6987 | Instawp | Cross-site Scripting vulnerability in Instawp String Locator The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. | 6.1 |
2024-08-23 | CVE-2024-37392 | Smseagle | Cross-site Scripting vulnerability in Smseagle A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. | 6.1 |
2024-08-23 | CVE-2024-41150 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp products An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. | 6.1 |
2024-08-23 | CVE-2024-8112 | Jeesite | Cross-site Scripting vulnerability in Jeesite 5.3 A vulnerability was found in thinkgem JeeSite 5.3. | 6.1 |
2024-08-22 | CVE-2024-38208 | Microsoft | Cross-site Scripting vulnerability in Microsoft Edge Microsoft Edge for Android Spoofing Vulnerability | 6.1 |
2024-08-21 | CVE-2024-20488 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 6.1 |
2024-08-21 | CVE-2024-41572 | Lang Learn GUY | Cross-site Scripting vulnerability in Lang-Learn-Guy Learning With Texts 2.0.3 Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
2024-08-21 | CVE-2024-41937 | Apache | Cross-site Scripting vulnerability in Apache Airflow Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. | 6.1 |
2024-08-21 | CVE-2024-41675 | Okfn | Cross-site Scripting vulnerability in Okfn Ckan CKAN is an open-source data management system for powering data hubs and data portals. | 6.1 |
2024-08-21 | CVE-2024-43407 | Ckeditor | Cross-site Scripting vulnerability in Ckeditor 4.0/4.23.0/4.24.0 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 6.1 |
2024-08-21 | CVE-2020-11850 | Microfocus | Cross-site Scripting vulnerability in Microfocus Netiq Self Service Password Reset Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6 | 6.1 |
2024-08-21 | CVE-2024-6339 | Averta | Cross-site Scripting vulnerability in Averta Phlox The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping. | 6.1 |
2024-08-21 | CVE-2024-7090 | The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lh_add_media_from_url-file_url’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-08-21 | CVE-2024-7647 | Otasync | Cross-Site Request Forgery (CSRF) vulnerability in Otasync OTA Sync Booking Engine Widget The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. | 6.1 |
2024-08-20 | CVE-2024-41658 | Casbin | Cross-site Scripting vulnerability in Casbin Casdoor Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. | 6.1 |
2024-08-20 | CVE-2024-6377 | 3DS | Open Redirect vulnerability in 3DS 3Dexperience R2022X/R2023X An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL. | 6.1 |
2024-08-20 | CVE-2024-6379 | 3DS | Cross-site Scripting vulnerability in 3DS 3Dexperience R2022X/R2023X A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | 6.1 |
2024-08-20 | CVE-2024-41697 | Priority Software | Cross-site Scripting vulnerability in Priority-Software Priority 19.1.0.68/22.0 Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 6.1 |
2024-08-20 | CVE-2024-7850 | The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. | 6.1 | |
2024-08-19 | CVE-2024-7929 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Simple Forum Website 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Simple Forum Website 1.0. | 6.1 |
2024-08-19 | CVE-2024-23729 | Heytap | Cross-site Scripting vulnerability in Heytap Internet Browser 45.10.3.4.1 The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component. | 6.1 |
2024-08-22 | CVE-2024-39746 | IBM | Missing Encryption of Sensitive Data vulnerability in IBM Sterling Connect Direct web Services IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
2024-08-19 | CVE-2024-32928 | Google Haxx | The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through. | 5.9 |
2024-08-25 | CVE-2024-8011 | Logitech | Incorrect Authorization vulnerability in Logitech Options+ Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera. | 5.5 |
2024-08-22 | CVE-2022-48928 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is left unbalanced. Update the error handling path and add the missing iounmap() call, as already done in the remove function. | 5.5 |
2024-08-22 | CVE-2022-48929 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added kfunc support, it defined reg2btf_ids as a cheap way to translate the verifier reg type to the appropriate btf_vmlinux BTF ID, however commit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL") moved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after the base register types, and defined other variants using type flag composition. | 5.5 |
2024-08-22 | CVE-2022-48930 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync() | 5.5 |
2024-08-22 | CVE-2022-48932 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte When adding a rule with 32 destinations, we hit the following out-of-band access issue: BUG: KASAN: slab-out-of-bounds in mlx5_cmd_dr_create_fte+0x18ee/0x1e70 This patch fixes the issue by both increasing the allocated buffers to accommodate for the needed actions and by checking the number of actions to prevent this issue when a rule with too many actions is provided. | 5.5 |
2024-08-22 | CVE-2022-48933 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The ->init function was called for this object, so plain kfree() leaks resources. | 5.5 |
2024-08-22 | CVE-2022-48934 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX) inclusive. So NFP_MAX_MAC_INDEX (0xff) is a valid id. In order for the error handling path to work correctly, the 'invalid' value for 'ida_idx' should not be in the 0..NFP_MAX_MAC_INDEX range, inclusive. So set it to -1. | 5.5 |
2024-08-22 | CVE-2022-48935 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unregister flowtable hooks on netns exit Unregister flowtable hooks before they are releases via nf_tables_flowtable_destroy() otherwise hook core reports UAF. BUG: KASAN: use-after-free in nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142 Read of size 4 at addr ffff8880736f7438 by task syz-executor579/3666 CPU: 0 PID: 3666 Comm: syz-executor579 Not tainted 5.16.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] __dump_stack lib/dump_stack.c:88 [inline] lib/dump_stack.c:106 dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106 lib/dump_stack.c:106 print_address_description+0x65/0x380 mm/kasan/report.c:247 mm/kasan/report.c:247 __kasan_report mm/kasan/report.c:433 [inline] __kasan_report mm/kasan/report.c:433 [inline] mm/kasan/report.c:450 kasan_report+0x19a/0x1f0 mm/kasan/report.c:450 mm/kasan/report.c:450 nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142 __nf_register_net_hook+0x27e/0x8d0 net/netfilter/core.c:429 net/netfilter/core.c:429 nf_register_net_hook+0xaa/0x180 net/netfilter/core.c:571 net/netfilter/core.c:571 nft_register_flowtable_net_hooks+0x3c5/0x730 net/netfilter/nf_tables_api.c:7232 net/netfilter/nf_tables_api.c:7232 nf_tables_newflowtable+0x2022/0x2cf0 net/netfilter/nf_tables_api.c:7430 net/netfilter/nf_tables_api.c:7430 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline] net/netfilter/nfnetlink.c:652 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] net/netfilter/nfnetlink.c:652 nfnetlink_rcv+0x10e6/0x2550 net/netfilter/nfnetlink.c:652 net/netfilter/nfnetlink.c:652 __nft_release_hook() calls nft_unregister_flowtable_net_hooks() which only unregisters the hooks, then after RCU grace period, it is guaranteed that no packets add new entries to the flowtable (no flow offload rules and flowtable hooks are reachable from packet path), so it is safe to call nf_flow_table_free() which cleans up the remaining entries from the flowtable (both software and hardware) and it unbinds the flow_block. | 5.5 |
2024-08-22 | CVE-2022-48938 | Linux | Integer Overflow or Wraparound vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. | 5.5 |
2024-08-22 | CVE-2022-48940 | Linux | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to incorrect copy_map_value When both bpf_spin_lock and bpf_timer are present in a BPF map value, copy_map_value needs to skirt both objects when copying a value into and out of the map. | 5.5 |
2024-08-22 | CVE-2022-48942 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: hwmon: Handle failure to register sensor with thermal zone correctly If an attempt is made to a sensor with a thermal zone and it fails, the call to devm_thermal_zone_of_sensor_register() may return -ENODEV. This may result in crashes similar to the following. Unable to handle kernel NULL pointer dereference at virtual address 00000000000003cd ... Internal error: Oops: 96000021 [#1] PREEMPT SMP ... pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : mutex_lock+0x18/0x60 lr : thermal_zone_device_update+0x40/0x2e0 sp : ffff800014c4fc60 x29: ffff800014c4fc60 x28: ffff365ee3f6e000 x27: ffffdde218426790 x26: ffff365ee3f6e000 x25: 0000000000000000 x24: ffff365ee3f6e000 x23: ffffdde218426870 x22: ffff365ee3f6e000 x21: 00000000000003cd x20: ffff365ee8bf3308 x19: ffffffffffffffed x18: 0000000000000000 x17: ffffdde21842689c x16: ffffdde1cb7a0b7c x15: 0000000000000040 x14: ffffdde21a4889a0 x13: 0000000000000228 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000001120000 x7 : 0000000000000001 x6 : 0000000000000000 x5 : 0068000878e20f07 x4 : 0000000000000000 x3 : 00000000000003cd x2 : ffff365ee3f6e000 x1 : 0000000000000000 x0 : 00000000000003cd Call trace: mutex_lock+0x18/0x60 hwmon_notify_event+0xfc/0x110 0xffffdde1cb7a0a90 0xffffdde1cb7a0b7c irq_thread_fn+0x2c/0xa0 irq_thread+0x134/0x240 kthread+0x178/0x190 ret_from_fork+0x10/0x20 Code: d503201f d503201f d2800001 aa0103e4 (c8e47c02) Jon Hunter reports that the exact call sequence is: hwmon_notify_event() --> hwmon_thermal_notify() --> thermal_zone_device_update() --> update_temperature() --> mutex_lock() The hwmon core needs to handle all errors returned from calls to devm_thermal_zone_of_sensor_register(). | 5.5 |
2024-08-22 | CVE-2021-4441 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(), which could lead to a NULL pointer dereference on failure of kzalloc(). Fix this bug by adding a check of tmpbuf. This bug was found by a static analyzer. | 5.5 |
2024-08-22 | CVE-2022-48901 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: btrfs: do not start relocation until in progress drops are done We hit a bug with a recovering relocation on mount for one of our file systems in production. | 5.5 |
2024-08-22 | CVE-2022-48902 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: btrfs: do not WARN_ON() if we have PageError set Whenever we do any extent buffer operations we call assert_eb_page_uptodate() to complain loudly if we're operating on an non-uptodate page. | 5.5 |
2024-08-22 | CVE-2022-48903 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() We are seeing crashes similar to the following trace: [38.969182] WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070 btrfs_relocate_block_group+0x2dc/0x340 [btrfs] [38.973556] CPU: 20 PID: 2105 Comm: btrfs Not tainted 5.17.0-rc4 #54 [38.974580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [38.976539] RIP: 0010:btrfs_relocate_block_group+0x2dc/0x340 [btrfs] [38.980336] RSP: 0000:ffffb0dd42e03c20 EFLAGS: 00010206 [38.981218] RAX: ffff96cfc4ede800 RBX: ffff96cfc3ce0000 RCX: 000000000002ca14 [38.982560] RDX: 0000000000000000 RSI: 4cfd109a0bcb5d7f RDI: ffff96cfc3ce0360 [38.983619] RBP: ffff96cfc309c000 R08: 0000000000000000 R09: 0000000000000000 [38.984678] R10: ffff96cec0000001 R11: ffffe84c80000000 R12: ffff96cfc4ede800 [38.985735] R13: 0000000000000000 R14: 0000000000000000 R15: ffff96cfc3ce0360 [38.987146] FS: 00007f11c15218c0(0000) GS:ffff96d6dfb00000(0000) knlGS:0000000000000000 [38.988662] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [38.989398] CR2: 00007ffc922c8e60 CR3: 00000001147a6001 CR4: 0000000000370ee0 [38.990279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [38.991219] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [38.992528] Call Trace: [38.992854] <TASK> [38.993148] btrfs_relocate_chunk+0x27/0xe0 [btrfs] [38.993941] btrfs_balance+0x78e/0xea0 [btrfs] [38.994801] ? vsnprintf+0x33c/0x520 [38.995368] ? __kmalloc_track_caller+0x351/0x440 [38.996198] btrfs_ioctl_balance+0x2b9/0x3a0 [btrfs] [38.997084] btrfs_ioctl+0x11b0/0x2da0 [btrfs] [38.997867] ? mod_objcg_state+0xee/0x340 [38.998552] ? seq_release+0x24/0x30 [38.999184] ? proc_nr_files+0x30/0x30 [38.999654] ? call_rcu+0xc8/0x2f0 [39.000228] ? __x64_sys_ioctl+0x84/0xc0 [39.000872] ? btrfs_ioctl_get_supported_features+0x30/0x30 [btrfs] [39.001973] __x64_sys_ioctl+0x84/0xc0 [39.002566] do_syscall_64+0x3a/0x80 [39.003011] entry_SYSCALL_64_after_hwframe+0x44/0xae [39.003735] RIP: 0033:0x7f11c166959b [39.007324] RSP: 002b:00007fff2543e998 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [39.008521] RAX: ffffffffffffffda RBX: 00007f11c1521698 RCX: 00007f11c166959b [39.009833] RDX: 00007fff2543ea40 RSI: 00000000c4009420 RDI: 0000000000000003 [39.011270] RBP: 0000000000000003 R08: 0000000000000013 R09: 00007f11c16f94e0 [39.012581] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff25440df3 [39.014046] R13: 0000000000000000 R14: 00007fff2543ea40 R15: 0000000000000001 [39.015040] </TASK> [39.015418] ---[ end trace 0000000000000000 ]--- [43.131559] ------------[ cut here ]------------ [43.132234] kernel BUG at fs/btrfs/extent-tree.c:2717! [43.133031] invalid opcode: 0000 [#1] PREEMPT SMP PTI [43.133702] CPU: 1 PID: 1839 Comm: btrfs Tainted: G W 5.17.0-rc4 #54 [43.134863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [43.136426] RIP: 0010:unpin_extent_range+0x37a/0x4f0 [btrfs] [43.139913] RSP: 0000:ffffb0dd4216bc70 EFLAGS: 00010246 [43.140629] RAX: 0000000000000000 RBX: ffff96cfc34490f8 RCX: 0000000000000001 [43.141604] RDX: 0000000080000001 RSI: 0000000051d00000 RDI: 00000000ffffffff [43.142645] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff96cfd07dca50 [43.143669] R10: ffff96cfc46e8a00 R11: fffffffffffec000 R12: 0000000041d00000 [43.144657] R13: ffff96cfc3ce0000 R14: ffffb0dd4216bd08 R15: 0000000000000000 [43.145686] FS: 00007f7657dd68c0(0000) GS:ffff96d6df640000(0000) knlGS:0000000000000000 [43.146808] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [43.147584] CR2: 00007f7fe81bf5b0 CR3: 00000001093ee004 CR4: 0000000000370ee0 [43.148589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [43.149581] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 00000000000 ---truncated--- | 5.5 |
2024-08-22 | CVE-2022-48904 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the logic to free memory used for the page table. This results in IOMMU page table memory leak, and can be observed when launching VM w/ pass-through devices. Fix by freeing the memory used for page table before updating the mode. | 5.5 |
2024-08-22 | CVE-2022-48905 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue. | 5.5 |
2024-08-22 | CVE-2022-48906 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mptcp: Correctly set DATA_FIN timeout when number of retransmits is large Syzkaller with UBSAN uncovered a scenario where a large number of DATA_FIN retransmits caused a shift-out-of-bounds in the DATA_FIN timeout calculation: ================================================================================ UBSAN: shift-out-of-bounds in net/mptcp/protocol.c:470:29 shift exponent 32 is too large for 32-bit type 'unsigned int' CPU: 1 PID: 13059 Comm: kworker/1:0 Not tainted 5.17.0-rc2-00630-g5fbf21c90c60 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: events mptcp_worker Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 ubsan_epilogue+0xb/0x5a lib/ubsan.c:151 __ubsan_handle_shift_out_of_bounds.cold+0xb2/0x20e lib/ubsan.c:330 mptcp_set_datafin_timeout net/mptcp/protocol.c:470 [inline] __mptcp_retrans.cold+0x72/0x77 net/mptcp/protocol.c:2445 mptcp_worker+0x58a/0xa70 net/mptcp/protocol.c:2528 process_one_work+0x9df/0x16d0 kernel/workqueue.c:2307 worker_thread+0x95/0xe10 kernel/workqueue.c:2454 kthread+0x2f4/0x3b0 kernel/kthread.c:377 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> ================================================================================ This change limits the maximum timeout by limiting the size of the shift, which keeps all intermediate values in-bounds. | 5.5 |
2024-08-22 | CVE-2022-48907 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: auxdisplay: lcd2s: Fix memory leak in ->remove() Once allocated the struct lcd2s_data is never freed. Fix the memory leak by switching to devm_kzalloc(). | 5.5 |
2024-08-22 | CVE-2022-48908 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() During driver initialization, the pointer of card info, i.e. | 5.5 |
2024-08-22 | CVE-2022-48909 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/smc: fix connection leak There's a potential leak issue under following execution sequence : smc_release smc_connect_work if (sk->sk_state == SMC_INIT) send_clc_confirim tcp_abort(); ... sk.sk_state = SMC_ACTIVE smc_close_active switch(sk->sk_state) { ... case SMC_ACTIVE: smc_close_final() // then wait peer closed Unfortunately, tcp_abort() may discard CLC CONFIRM messages that are still in the tcp send buffer, in which case our connection token cannot be delivered to the server side, which means that we cannot get a passive close message at all. | 5.5 |
2024-08-22 | CVE-2022-48910 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ensure we call ipv6_mc_down() at most once There are two reasons for addrconf_notify() to be called with NETDEV_DOWN: either the network device is actually going down, or IPv6 was disabled on the interface. If either of them stays down while the other is toggled, we repeatedly call the code for NETDEV_DOWN, including ipv6_mc_down(), while never calling the corresponding ipv6_mc_up() in between. | 5.5 |
2024-08-22 | CVE-2022-48911 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet and need to indicate an error. | 5.5 |
2024-08-22 | CVE-2022-48914 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before real_num_tx_queues is zeroed xennet_destroy_queues() relies on info->netdev->real_num_tx_queues to delete queues. | 5.5 |
2024-08-22 | CVE-2022-48915 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference Do not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if the thermal zone does not define one. | 5.5 |
2024-08-22 | CVE-2022-48916 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix double list_add when enabling VMD in scalable mode When enabling VMD and IOMMU scalable mode, the following kernel panic call trace/kernel log is shown in Eagle Stream platform (Sapphire Rapids CPU) during booting: pci 0000:59:00.5: Adding to iommu group 42 ... vmd 0000:59:00.5: PCI host bridge to bus 10000:80 pci 10000:80:01.0: [8086:352a] type 01 class 0x060400 pci 10000:80:01.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit] pci 10000:80:01.0: enabling Extended Tags pci 10000:80:01.0: PME# supported from D0 D3hot D3cold pci 10000:80:01.0: DMAR: Setup RID2PASID failed pci 10000:80:01.0: Failed to add to iommu group 42: -16 pci 10000:80:03.0: [8086:352b] type 01 class 0x060400 pci 10000:80:03.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit] pci 10000:80:03.0: enabling Extended Tags pci 10000:80:03.0: PME# supported from D0 D3hot D3cold ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:29! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.17.0-rc3+ #7 Hardware name: Lenovo ThinkSystem SR650V3/SB27A86647, BIOS ESE101Y-1.00 01/13/2022 Workqueue: events work_for_cpu_fn RIP: 0010:__list_add_valid.cold+0x26/0x3f Code: 9a 4a ab ff 4c 89 c1 48 c7 c7 40 0c d9 9e e8 b9 b1 fe ff 0f 0b 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 f0 0c d9 9e e8 a2 b1 fe ff <0f> 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 98 0c d9 9e e8 8b b1 fe RSP: 0000:ff5ad434865b3a40 EFLAGS: 00010246 RAX: 0000000000000058 RBX: ff4d61160b74b880 RCX: ff4d61255e1fffa8 RDX: 0000000000000000 RSI: 00000000fffeffff RDI: ffffffff9fd34f20 RBP: ff4d611d8e245c00 R08: 0000000000000000 R09: ff5ad434865b3888 R10: ff5ad434865b3880 R11: ff4d61257fdc6fe8 R12: ff4d61160b74b8a0 R13: ff4d61160b74b8a0 R14: ff4d611d8e245c10 R15: ff4d611d8001ba70 FS: 0000000000000000(0000) GS:ff4d611d5ea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ff4d611fa1401000 CR3: 0000000aa0210001 CR4: 0000000000771ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> intel_pasid_alloc_table+0x9c/0x1d0 dmar_insert_one_dev_info+0x423/0x540 ? device_to_iommu+0x12d/0x2f0 intel_iommu_attach_device+0x116/0x290 __iommu_attach_device+0x1a/0x90 iommu_group_add_device+0x190/0x2c0 __iommu_probe_device+0x13e/0x250 iommu_probe_device+0x24/0x150 iommu_bus_notifier+0x69/0x90 blocking_notifier_call_chain+0x5a/0x80 device_add+0x3db/0x7b0 ? arch_memremap_can_ram_remap+0x19/0x50 ? memremap+0x75/0x140 pci_device_add+0x193/0x1d0 pci_scan_single_device+0xb9/0xf0 pci_scan_slot+0x4c/0x110 pci_scan_child_bus_extend+0x3a/0x290 vmd_enable_domain.constprop.0+0x63e/0x820 vmd_probe+0x163/0x190 local_pci_probe+0x42/0x80 work_for_cpu_fn+0x13/0x20 process_one_work+0x1e2/0x3b0 worker_thread+0x1c4/0x3a0 ? rescuer_thread+0x370/0x370 kthread+0xc7/0xf0 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- ... Kernel panic - not syncing: Fatal exception Kernel Offset: 0x1ca00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) ---[ end Kernel panic - not syncing: Fatal exception ]--- The following 'lspci' output shows devices '10000:80:*' are subdevices of the VMD device 0000:59:00.5: $ lspci ... 0000:59:00.5 RAID bus controller: Intel Corporation Volume Management Device NVMe RAID Controller (rev 20) ... 10000:80:01.0 PCI bridge: Intel Corporation Device 352a (rev 03) 10000:80:03.0 PCI bridge: Intel Corporation Device 352b (rev 03) 10000:80:05.0 PCI bridge: Intel Corporation Device 352c (rev 03) 10000:80:07.0 PCI bridge: Intel Corporation Device 352d (rev 03) 10000:81:00.0 Non-Volatile memory controller: Intel Corporation NVMe Datacenter SSD [3DNAND, Beta Rock Controller] 10000:82:00 ---truncated--- | 5.5 |
2024-08-22 | CVE-2022-48917 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min While the $val/$val2 values passed in from userspace are always >= 0 integers, the limits of the control can be signed integers and the $min can be non-zero and less than zero. | 5.5 |
2024-08-22 | CVE-2022-48918 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: check debugfs_dir ptr before use When "debugfs=off" is used on the kernel command line, iwiwifi's mvm module uses an invalid/unchecked debugfs_dir pointer and causes a BUG: BUG: kernel NULL pointer dereference, address: 000000000000004f #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP CPU: 1 PID: 503 Comm: modprobe Tainted: G W 5.17.0-rc5 #7 Hardware name: Dell Inc. | 5.5 |
2024-08-22 | CVE-2022-48920 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transaction commit we trigger a warning from __writeback_inodes_sb_nr(): $ cat fs/fs-writeback.c: (...) static void __writeback_inodes_sb_nr(struct super_block *sb, ... { (...) WARN_ON(!rwsem_is_locked(&sb->s_umount)); (...) } (...) The trace produced in dmesg looks like the following: [947.473890] WARNING: CPU: 5 PID: 930 at fs/fs-writeback.c:2610 __writeback_inodes_sb_nr+0x7e/0xb3 [947.481623] Modules linked in: nfsd nls_cp437 cifs asn1_decoder cifs_arc4 fscache cifs_md4 ipmi_ssif [947.489571] CPU: 5 PID: 930 Comm: btrfs-transacti Not tainted 95.16.3-srb-asrock-00001-g36437ad63879 #186 [947.497969] RIP: 0010:__writeback_inodes_sb_nr+0x7e/0xb3 [947.502097] Code: 24 10 4c 89 44 24 18 c6 (...) [947.519760] RSP: 0018:ffffc90000777e10 EFLAGS: 00010246 [947.523818] RAX: 0000000000000000 RBX: 0000000000963300 RCX: 0000000000000000 [947.529765] RDX: 0000000000000000 RSI: 000000000000fa51 RDI: ffffc90000777e50 [947.535740] RBP: ffff888101628a90 R08: ffff888100955800 R09: ffff888100956000 [947.541701] R10: 0000000000000002 R11: 0000000000000001 R12: ffff888100963488 [947.547645] R13: ffff888100963000 R14: ffff888112fb7200 R15: ffff888100963460 [947.553621] FS: 0000000000000000(0000) GS:ffff88841fd40000(0000) knlGS:0000000000000000 [947.560537] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [947.565122] CR2: 0000000008be50c4 CR3: 000000000220c000 CR4: 00000000001006e0 [947.571072] Call Trace: [947.572354] <TASK> [947.573266] btrfs_commit_transaction+0x1f1/0x998 [947.576785] ? start_transaction+0x3ab/0x44e [947.579867] ? schedule_timeout+0x8a/0xdd [947.582716] transaction_kthread+0xe9/0x156 [947.585721] ? btrfs_cleanup_transaction.isra.0+0x407/0x407 [947.590104] kthread+0x131/0x139 [947.592168] ? set_kthread_struct+0x32/0x32 [947.595174] ret_from_fork+0x22/0x30 [947.597561] </TASK> [947.598553] ---[ end trace 644721052755541c ]--- This is because we started using writeback_inodes_sb() to flush delalloc when committing a transaction (when using -o flushoncommit), in order to avoid deadlocks with filesystem freeze operations. | 5.5 |
2024-08-22 | CVE-2022-48922 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: riscv: fix oops caused by irqsoff latency tracer The trace_hardirqs_{on,off}() require the caller to setup frame pointer properly. | 5.5 |
2024-08-22 | CVE-2022-48923 | Linux | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: btrfs: prevent copying too big compressed lzo segment Compressed length can be corrupted to be a lot larger than memory we have allocated for buffer. This will cause memcpy in copy_compressed_segment to write outside of allocated memory. This mostly results in stuck read syscall but sometimes when using btrfs send can get #GP kernel: general protection fault, probably for non-canonical address 0x841551d5c1000: 0000 [#1] PREEMPT SMP NOPTI kernel: CPU: 17 PID: 264 Comm: kworker/u256:7 Tainted: P OE 5.17.0-rc2-1 #12 kernel: Workqueue: btrfs-endio btrfs_work_helper [btrfs] kernel: RIP: 0010:lzo_decompress_bio (./include/linux/fortify-string.h:225 fs/btrfs/lzo.c:322 fs/btrfs/lzo.c:394) btrfs Code starting with the faulting instruction =========================================== 0:* 48 8b 06 mov (%rsi),%rax <-- trapping instruction 3: 48 8d 79 08 lea 0x8(%rcx),%rdi 7: 48 83 e7 f8 and $0xfffffffffffffff8,%rdi b: 48 89 01 mov %rax,(%rcx) e: 44 89 f0 mov %r14d,%eax 11: 48 8b 54 06 f8 mov -0x8(%rsi,%rax,1),%rdx kernel: RSP: 0018:ffffb110812efd50 EFLAGS: 00010212 kernel: RAX: 0000000000001000 RBX: 000000009ca264c8 RCX: ffff98996e6d8ff8 kernel: RDX: 0000000000000064 RSI: 000841551d5c1000 RDI: ffffffff9500435d kernel: RBP: ffff989a3be856c0 R08: 0000000000000000 R09: 0000000000000000 kernel: R10: 0000000000000000 R11: 0000000000001000 R12: ffff98996e6d8000 kernel: R13: 0000000000000008 R14: 0000000000001000 R15: 000841551d5c1000 kernel: FS: 0000000000000000(0000) GS:ffff98a09d640000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 00001e9f984d9ea8 CR3: 000000014971a000 CR4: 00000000003506e0 kernel: Call Trace: kernel: <TASK> kernel: end_compressed_bio_read (fs/btrfs/compression.c:104 fs/btrfs/compression.c:1363 fs/btrfs/compression.c:323) btrfs kernel: end_workqueue_fn (fs/btrfs/disk-io.c:1923) btrfs kernel: btrfs_work_helper (fs/btrfs/async-thread.c:326) btrfs kernel: process_one_work (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:212 ./include/trace/events/workqueue.h:108 kernel/workqueue.c:2312) kernel: worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2455) kernel: ? process_one_work (kernel/workqueue.c:2397) kernel: kthread (kernel/kthread.c:377) kernel: ? kthread_complete_and_exit (kernel/kthread.c:332) kernel: ret_from_fork (arch/x86/entry/entry_64.S:301) kernel: </TASK> | 5.5 |
2024-08-22 | CVE-2022-48924 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400_notify() It is easy to hit the below memory leaks in my TigerLake platform: unreferenced object 0xffff927c8b91dbc0 (size 32): comm "kworker/0:2", pid 112, jiffies 4294893323 (age 83.604s) hex dump (first 32 bytes): 4e 41 4d 45 3d 49 4e 54 33 34 30 30 20 54 68 65 NAME=INT3400 The 72 6d 61 6c 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 rmal.kkkkkkkkkk. backtrace: [<ffffffff9c502c3e>] __kmalloc_track_caller+0x2fe/0x4a0 [<ffffffff9c7b7c15>] kvasprintf+0x65/0xd0 [<ffffffff9c7b7d6e>] kasprintf+0x4e/0x70 [<ffffffffc04cb662>] int3400_notify+0x82/0x120 [int3400_thermal] [<ffffffff9c8b7358>] acpi_ev_notify_dispatch+0x54/0x71 [<ffffffff9c88f1a7>] acpi_os_execute_deferred+0x17/0x30 [<ffffffff9c2c2c0a>] process_one_work+0x21a/0x3f0 [<ffffffff9c2c2e2a>] worker_thread+0x4a/0x3b0 [<ffffffff9c2cb4dd>] kthread+0xfd/0x130 [<ffffffff9c201c1f>] ret_from_fork+0x1f/0x30 Fix it by calling kfree() accordingly. | 5.5 |
2024-08-21 | CVE-2022-48868 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Let probe fail when workqueue cannot be enabled The workqueue is enabled when the appropriate driver is loaded and disabled when the driver is removed. | 5.5 |
2024-08-21 | CVE-2022-48870 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: tty: fix possible null-ptr-defer in spk_ttyio_release Run the following tests on the qemu platform: syzkaller:~# modprobe speakup_audptr input: Speakup as /devices/virtual/input/input4 initialized device: /dev/synth, node (MAJOR 10, MINOR 125) speakup 3.1.6: initialized synth name on entry is: (null) synth probe spk_ttyio_initialise_ldisc failed because tty_kopen_exclusive returned failed (errno -16), then remove the module, we will get a null-ptr-defer problem, as follow: syzkaller:~# modprobe -r speakup_audptr releasing synth audptr BUG: kernel NULL pointer dereference, address: 0000000000000080 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP PTI CPU: 2 PID: 204 Comm: modprobe Not tainted 6.1.0-rc6-dirty #1 RIP: 0010:mutex_lock+0x14/0x30 Call Trace: <TASK> spk_ttyio_release+0x19/0x70 [speakup] synth_release.part.6+0xac/0xc0 [speakup] synth_remove+0x56/0x60 [speakup] __x64_sys_delete_module+0x156/0x250 ? fpregs_assert_state_consistent+0x1d/0x50 do_syscall_64+0x37/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd </TASK> Modules linked in: speakup_audptr(-) speakup Dumping ftrace buffer: in_synth->dev was not initialized during modprobe, so we add check for in_synth->dev to fix this bug. | 5.5 |
2024-08-21 | CVE-2022-48875 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthentication is ongoing. Here a trace triggering the race with the hostapd test multi_ap_fronthaul_on_ap: (gdb) list *drv_ampdu_action+0x46 0x8b16 is in drv_ampdu_action (net/mac80211/driver-ops.c:396). 391 int ret = -EOPNOTSUPP; 392 393 might_sleep(); 394 395 sdata = get_bss_sdata(sdata); 396 if (!check_sdata_in_driver(sdata)) 397 return -EIO; 398 399 trace_drv_ampdu_action(local, sdata, params); 400 wlan0: moving STA 02:00:00:00:03:00 to state 3 wlan0: associated wlan0: deauthenticating from 02:00:00:00:03:00 by local choice (Reason: 3=DEAUTH_LEAVING) wlan3.sta1: Open BA session requested for 02:00:00:00:00:00 tid 0 wlan3.sta1: dropped frame to 02:00:00:00:00:00 (unauthorized port) wlan0: moving STA 02:00:00:00:03:00 to state 2 wlan0: moving STA 02:00:00:00:03:00 to state 1 wlan0: Removed STA 02:00:00:00:03:00 wlan0: Destroyed STA 02:00:00:00:03:00 BUG: unable to handle page fault for address: fffffffffffffb48 PGD 11814067 P4D 11814067 PUD 11816067 PMD 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 2 PID: 133397 Comm: kworker/u16:1 Tainted: G W 6.1.0-rc8-wt+ #59 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 Workqueue: phy3 ieee80211_ba_session_work [mac80211] RIP: 0010:drv_ampdu_action+0x46/0x280 [mac80211] Code: 53 48 89 f3 be 89 01 00 00 e8 d6 43 bf ef e8 21 46 81 f0 83 bb a0 1b 00 00 04 75 0e 48 8b 9b 28 0d 00 00 48 81 eb 10 0e 00 00 <8b> 93 58 09 00 00 f6 c2 20 0f 84 3b 01 00 00 8b 05 dd 1c 0f 00 85 RSP: 0018:ffffc900025ebd20 EFLAGS: 00010287 RAX: 0000000000000000 RBX: fffffffffffff1f0 RCX: ffff888102228240 RDX: 0000000080000000 RSI: ffffffff918c5de0 RDI: ffff888102228b40 RBP: ffffc900025ebd40 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff888118c18ec0 R13: 0000000000000000 R14: ffffc900025ebd60 R15: ffff888018b7efb8 FS: 0000000000000000(0000) GS:ffff88817a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffffffffffb48 CR3: 0000000105228006 CR4: 0000000000170ee0 Call Trace: <TASK> ieee80211_tx_ba_session_handle_start+0xd0/0x190 [mac80211] ieee80211_ba_session_work+0xff/0x2e0 [mac80211] process_one_work+0x29f/0x620 worker_thread+0x4d/0x3d0 ? process_one_work+0x620/0x620 kthread+0xfb/0x120 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 </TASK> | 5.5 |
2024-08-21 | CVE-2022-48876 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix initialization of rx->link and rx->link_sta There are some codepaths that do not initialize rx->link_sta properly. | 5.5 |
2024-08-21 | CVE-2022-48877 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extent_tree is not created This patch avoids the below panic. pc : __lookup_extent_tree+0xd8/0x760 lr : f2fs_do_write_data_page+0x104/0x87c sp : ffffffc010cbb3c0 x29: ffffffc010cbb3e0 x28: 0000000000000000 x27: ffffff8803e7f020 x26: ffffff8803e7ed40 x25: ffffff8803e7f020 x24: ffffffc010cbb460 x23: ffffffc010cbb480 x22: 0000000000000000 x21: 0000000000000000 x20: ffffffff22e90900 x19: 0000000000000000 x18: ffffffc010c5d080 x17: 0000000000000000 x16: 0000000000000020 x15: ffffffdb1acdbb88 x14: ffffff888759e2b0 x13: 0000000000000000 x12: ffffff802da49000 x11: 000000000a001200 x10: ffffff8803e7ed40 x9 : ffffff8023195800 x8 : ffffff802da49078 x7 : 0000000000000001 x6 : 0000000000000000 x5 : 0000000000000006 x4 : ffffffc010cbba28 x3 : 0000000000000000 x2 : ffffffc010cbb480 x1 : 0000000000000000 x0 : ffffff8803e7ed40 Call trace: __lookup_extent_tree+0xd8/0x760 f2fs_do_write_data_page+0x104/0x87c f2fs_write_single_data_page+0x420/0xb60 f2fs_write_cache_pages+0x418/0xb1c __f2fs_write_data_pages+0x428/0x58c f2fs_write_data_pages+0x30/0x40 do_writepages+0x88/0x190 __writeback_single_inode+0x48/0x448 writeback_sb_inodes+0x468/0x9e8 __writeback_inodes_wb+0xb8/0x2a4 wb_writeback+0x33c/0x740 wb_do_writeback+0x2b4/0x400 wb_workfn+0xe4/0x34c process_one_work+0x24c/0x5bc worker_thread+0x3e8/0xa50 kthread+0x150/0x1b4 | 5.5 |
2024-08-21 | CVE-2022-48879 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in the unlikely event that EFI initialisation fails to avoid dereferencing a NULL pointer. | 5.5 |
2024-08-21 | CVE-2022-48882 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) Upon updating MAC security entity (SecY) in hw offload path, the macsec security association (SA) initialization routine is called. | 5.5 |
2024-08-21 | CVE-2022-48885 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ice: Fix potential memory leak in ice_gnss_tty_write() The ice_gnss_tty_write() return directly if the write_buf alloc failed, leaking the cmd_buf. Fix by free cmd_buf if write_buf alloc failed. | 5.5 |
2024-08-21 | CVE-2022-48886 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ice: Add check for kzalloc Add the check for the return value of kzalloc in order to avoid NULL pointer dereference. Moreover, use the goto-label to share the clean code. | 5.5 |
2024-08-21 | CVE-2022-48887 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Remove rcu locks from user resources User resource lookups used rcu to avoid two extra atomics. | 5.5 |
2024-08-21 | CVE-2022-48888 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path of_icc_get() alloc resources for path1, we should release it when not need anymore. | 5.5 |
2024-08-21 | CVE-2022-48889 | Linux | Incorrect Calculation of Buffer Size vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof-nau8825: fix module alias overflow The maximum name length for a platform_device_id entry is 20 characters including the trailing NUL byte. | 5.5 |
2024-08-21 | CVE-2022-48890 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM storvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(), which in a confidential VM allocates swiotlb bounce buffers. | 5.5 |
2024-08-21 | CVE-2022-48891 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: regulator: da9211: Use irq handler when ready If the system does not come from reset (like when it is kexec()), the regulator might have an IRQ waiting for us. If we enable the IRQ handler before its structures are ready, we crash. This patch fixes: [ 1.141839] Unable to handle kernel read from unreadable memory at virtual address 0000000000000078 [ 1.316096] Call trace: [ 1.316101] blocking_notifier_call_chain+0x20/0xa8 [ 1.322757] cpu cpu0: dummy supplies not allowed for exclusive requests [ 1.327823] regulator_notifier_call_chain+0x1c/0x2c [ 1.327825] da9211_irq_handler+0x68/0xf8 [ 1.327829] irq_thread+0x11c/0x234 [ 1.327833] kthread+0x13c/0x154 | 5.5 |
2024-08-21 | CVE-2022-48893 | Linux | Incomplete Cleanup vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Cleanup partial engine discovery failures If we abort driver initialisation in the middle of gt/engine discovery, some engines will be fully setup and some not. | 5.5 |
2024-08-21 | CVE-2022-48894 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: Don't unregister on shutdown Similar to SMMUv2, this driver calls iommu_device_unregister() from the shutdown path, which removes the IOMMU groups with no coordination whatsoever with their users - shutdown methods are optional in device drivers. | 5.5 |
2024-08-21 | CVE-2022-48895 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f". | 5.5 |
2024-08-21 | CVE-2022-48896 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix pci device refcount leak As the comment of pci_get_domain_bus_and_slot() says, it returns a PCI device with refcount incremented, when finish using it, the caller must decrement the reference count by calling pci_dev_put(). In ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii(), pci_dev_put() is called to avoid leak. | 5.5 |
2024-08-21 | CVE-2022-48897 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect file_map_count for invalid pmd The page table check trigger BUG_ON() unexpectedly when split hugepage: ------------[ cut here ]------------ kernel BUG at mm/page_table_check.c:119! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 7 PID: 210 Comm: transhuge-stres Not tainted 6.1.0-rc3+ #748 Hardware name: linux,dummy-virt (DT) pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : page_table_check_set.isra.0+0x398/0x468 lr : page_table_check_set.isra.0+0x1c0/0x468 [...] Call trace: page_table_check_set.isra.0+0x398/0x468 __page_table_check_pte_set+0x160/0x1c0 __split_huge_pmd_locked+0x900/0x1648 __split_huge_pmd+0x28c/0x3b8 unmap_page_range+0x428/0x858 unmap_single_vma+0xf4/0x1c8 zap_page_range+0x2b0/0x410 madvise_vma_behavior+0xc44/0xe78 do_madvise+0x280/0x698 __arm64_sys_madvise+0x90/0xe8 invoke_syscall.constprop.0+0xdc/0x1d8 do_el0_svc+0xf4/0x3f8 el0_svc+0x58/0x120 el0t_64_sync_handler+0xb8/0xc0 el0t_64_sync+0x19c/0x1a0 [...] On arm64, pmd_leaf() will return true even if the pmd is invalid due to pmd_present_invalid() check. | 5.5 |
2024-08-21 | CVE-2023-52893 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 ("efi: pstore: Omit efivars caching EFI varstore access layer") added a new get_variable call with attr=NULL, which triggers panic in gsmi. | 5.5 |
2024-08-21 | CVE-2023-52894 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() In Google internal bug 265639009 we've received an (as yet) unreproducible crash report from an aarch64 GKI 5.10.149-android13 running device. AFAICT the source code is at: https://android.googlesource.com/kernel/common/+/refs/tags/ASB-2022-12-05_13-5.10 The call stack is: ncm_close() -> ncm_notify() -> ncm_do_notify() with the crash at: ncm_do_notify+0x98/0x270 Code: 79000d0b b9000a6c f940012a f9400269 (b9405d4b) Which I believe disassembles to (I don't know ARM assembly, but it looks sane enough to me...): // halfword (16-bit) store presumably to event->wLength (at offset 6 of struct usb_cdc_notification) 0B 0D 00 79 strh w11, [x8, #6] // word (32-bit) store presumably to req->Length (at offset 8 of struct usb_request) 6C 0A 00 B9 str w12, [x19, #8] // x10 (NULL) was read here from offset 0 of valid pointer x9 // IMHO we're reading 'cdev->gadget' and getting NULL // gadget is indeed at offset 0 of struct usb_composite_dev 2A 01 40 F9 ldr x10, [x9] // loading req->buf pointer, which is at offset 0 of struct usb_request 69 02 40 F9 ldr x9, [x19] // x10 is null, crash, appears to be attempt to read cdev->gadget->max_speed 4B 5D 40 B9 ldr w11, [x10, #0x5c] which seems to line up with ncm_do_notify() case NCM_NOTIFY_SPEED code fragment: event->wLength = cpu_to_le16(8); req->length = NCM_STATUS_BYTECOUNT; /* SPEED_CHANGE data is up/down speeds in bits/sec */ data = req->buf + sizeof *event; data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget)); My analysis of registers and NULL ptr deref crash offset (Unable to handle kernel NULL pointer dereference at virtual address 000000000000005c) heavily suggests that the crash is due to 'cdev->gadget' being NULL when executing: data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget)); which calls: ncm_bitrate(NULL) which then calls: gadget_is_superspeed(NULL) which reads ((struct usb_gadget *)NULL)->max_speed and hits a panic. AFAICT, if I'm counting right, the offset of max_speed is indeed 0x5C. (remember there's a GKI KABI reservation of 16 bytes in struct work_struct) It's not at all clear to me how this is all supposed to work... but returning 0 seems much better than panic-ing... | 5.5 |
2024-08-21 | CVE-2023-52895 | Linux | Memory Leak vulnerability in Linux Kernel 6.1.7 In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: don't reissue in case of poll race on multishot request A previous commit fixed a poll race that can occur, but it's only applicable for multishot requests. | 5.5 |
2024-08-21 | CVE-2023-52899 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: Add exception protection processing for vd in axi_chan_handle_err function Since there is no protection for vd, a kernel panic will be triggered here in exceptional cases. You can refer to the processing of axi_chan_block_xfer_complete function The triggered kernel panic is as follows: [ 67.848444] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 [ 67.848447] Mem abort info: [ 67.848449] ESR = 0x96000004 [ 67.848451] EC = 0x25: DABT (current EL), IL = 32 bits [ 67.848454] SET = 0, FnV = 0 [ 67.848456] EA = 0, S1PTW = 0 [ 67.848458] Data abort info: [ 67.848460] ISV = 0, ISS = 0x00000004 [ 67.848462] CM = 0, WnR = 0 [ 67.848465] user pgtable: 4k pages, 48-bit VAs, pgdp=00000800c4c0b000 [ 67.848468] [0000000000000060] pgd=0000000000000000, p4d=0000000000000000 [ 67.848472] Internal error: Oops: 96000004 [#1] SMP [ 67.848475] Modules linked in: dmatest [ 67.848479] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.100-emu_x2rc+ #11 [ 67.848483] pstate: 62000085 (nZCv daIf -PAN -UAO +TCO BTYPE=--) [ 67.848487] pc : axi_chan_handle_err+0xc4/0x230 [ 67.848491] lr : axi_chan_handle_err+0x30/0x230 [ 67.848493] sp : ffff0803fe55ae50 [ 67.848495] x29: ffff0803fe55ae50 x28: ffff800011212200 [ 67.848500] x27: ffff0800c42c0080 x26: ffff0800c097c080 [ 67.848504] x25: ffff800010d33880 x24: ffff80001139d850 [ 67.848508] x23: ffff0800c097c168 x22: 0000000000000000 [ 67.848512] x21: 0000000000000080 x20: 0000000000002000 [ 67.848517] x19: ffff0800c097c080 x18: 0000000000000000 [ 67.848521] x17: 0000000000000000 x16: 0000000000000000 [ 67.848525] x15: 0000000000000000 x14: 0000000000000000 [ 67.848529] x13: 0000000000000000 x12: 0000000000000040 [ 67.848533] x11: ffff0800c0400248 x10: ffff0800c040024a [ 67.848538] x9 : ffff800010576cd4 x8 : ffff0800c0400270 [ 67.848542] x7 : 0000000000000000 x6 : ffff0800c04003e0 [ 67.848546] x5 : ffff0800c0400248 x4 : ffff0800c4294480 [ 67.848550] x3 : dead000000000100 x2 : dead000000000122 [ 67.848555] x1 : 0000000000000100 x0 : ffff0800c097c168 [ 67.848559] Call trace: [ 67.848562] axi_chan_handle_err+0xc4/0x230 [ 67.848566] dw_axi_dma_interrupt+0xf4/0x590 [ 67.848569] __handle_irq_event_percpu+0x60/0x220 [ 67.848573] handle_irq_event+0x64/0x120 [ 67.848576] handle_fasteoi_irq+0xc4/0x220 [ 67.848580] __handle_domain_irq+0x80/0xe0 [ 67.848583] gic_handle_irq+0xc0/0x138 [ 67.848585] el1_irq+0xc8/0x180 [ 67.848588] arch_cpu_idle+0x14/0x2c [ 67.848591] default_idle_call+0x40/0x16c [ 67.848594] do_idle+0x1f0/0x250 [ 67.848597] cpu_startup_entry+0x2c/0x60 [ 67.848600] rest_init+0xc0/0xcc [ 67.848603] arch_call_rest_init+0x14/0x1c [ 67.848606] start_kernel+0x4cc/0x500 [ 67.848610] Code: eb0002ff 9a9f12d6 f2fbd5a2 f2fbd5a3 (a94602c1) [ 67.848613] ---[ end trace 585a97036f88203a ]--- | 5.5 |
2024-08-21 | CVE-2023-52900 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling __nilfs_btree_get_block() against an invalid virtual block address, it returns -ENOENT because conversion of the virtual block address to a disk block address fails. | 5.5 |
2024-08-21 | CVE-2023-52901 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. | 5.5 |
2024-08-21 | CVE-2023-52902 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nommu: fix memory leak in do_mmap() error path The preallocation of the maple tree nodes may leak if the error path to "error_just_free" is taken. | 5.5 |
2024-08-21 | CVE-2023-52903 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: io_uring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 CPU: 0 PID: 28 Comm: kworker/u4:1 Not tainted 6.2.0-rc3-syzkaller-16369-g358a161a6a9e #0 Workqueue: events_unbound io_ring_exit_work Call trace: io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 io_req_cqe_overflow+0x5c/0x70 io_uring/io_uring.c:773 io_fill_cqe_req io_uring/io_uring.h:168 [inline] io_do_iopoll+0x474/0x62c io_uring/rw.c:1065 io_iopoll_try_reap_events+0x6c/0x108 io_uring/io_uring.c:1513 io_uring_try_cancel_requests+0x13c/0x258 io_uring/io_uring.c:3056 io_ring_exit_work+0xec/0x390 io_uring/io_uring.c:2869 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289 worker_thread+0x340/0x610 kernel/workqueue.c:2436 kthread+0x12c/0x158 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863 There is no real problem for normal IOPOLL as flush is also called with uring_lock taken, but it's getting more complicated for IOPOLL|SQPOLL, for which __io_cqring_overflow_flush() happens from the CQ waiting path. | 5.5 |
2024-08-21 | CVE-2023-52904 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check. | 5.5 |
2024-08-21 | CVE-2023-52905 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and hash tables for the tc feature are not getting freed in driver unbind. | 5.5 |
2024-08-21 | CVE-2023-52907 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_urb. | 5.5 |
2024-08-21 | CVE-2023-52908 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential NULL dereference Fix potential NULL dereference, in the case when "man", the resource manager might be NULL, when/if we print debug information. | 5.5 |
2024-08-21 | CVE-2023-52910 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: iommu/iova: Fix alloc iova overflows issue In __alloc_and_insert_iova_range, there is an issue that retry_pfn overflows. | 5.5 |
2024-08-21 | CVE-2023-52911 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/msm: another fix for the headless Adreno GPU Fix another oops reproducible when rebooting the board with the Adreno GPU working in the headless mode (e.g. | 5.5 |
2024-08-21 | CVE-2023-52912 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed bug on error when unloading amdgpu Fixed bug on error when unloading amdgpu. The error message is as follows: [ 377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278! [ 377.706215] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 377.706222] CPU: 4 PID: 8610 Comm: modprobe Tainted: G IOE 6.0.0-thomas #1 [ 377.706231] Hardware name: ASUS System Product Name/PRIME Z390-A, BIOS 2004 11/02/2021 [ 377.706238] RIP: 0010:drm_buddy_free_block+0x26/0x30 [drm_buddy] [ 377.706264] Code: 00 00 00 90 0f 1f 44 00 00 48 8b 0e 89 c8 25 00 0c 00 00 3d 00 04 00 00 75 10 48 8b 47 18 48 d3 e0 48 01 47 28 e9 fa fe ff ff <0f> 0b 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 54 55 48 89 f5 53 [ 377.706282] RSP: 0018:ffffad2dc4683cb8 EFLAGS: 00010287 [ 377.706289] RAX: 0000000000000000 RBX: ffff8b1743bd5138 RCX: 0000000000000000 [ 377.706297] RDX: ffff8b1743bd5160 RSI: ffff8b1743bd5c78 RDI: ffff8b16d1b25f70 [ 377.706304] RBP: ffff8b1743bd59e0 R08: 0000000000000001 R09: 0000000000000001 [ 377.706311] R10: ffff8b16c8572400 R11: ffffad2dc4683cf0 R12: ffff8b16d1b25f70 [ 377.706318] R13: ffff8b16d1b25fd0 R14: ffff8b1743bd59c0 R15: ffff8b16d1b25f70 [ 377.706325] FS: 00007fec56c72c40(0000) GS:ffff8b1836500000(0000) knlGS:0000000000000000 [ 377.706334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 377.706340] CR2: 00007f9b88c1ba50 CR3: 0000000110450004 CR4: 00000000003706e0 [ 377.706347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 377.706354] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 377.706361] Call Trace: [ 377.706365] <TASK> [ 377.706369] drm_buddy_free_list+0x2a/0x60 [drm_buddy] [ 377.706376] amdgpu_vram_mgr_fini+0xea/0x180 [amdgpu] [ 377.706572] amdgpu_ttm_fini+0x12e/0x1a0 [amdgpu] [ 377.706650] amdgpu_bo_fini+0x22/0x90 [amdgpu] [ 377.706727] gmc_v11_0_sw_fini+0x26/0x30 [amdgpu] [ 377.706821] amdgpu_device_fini_sw+0xa1/0x3c0 [amdgpu] [ 377.706897] amdgpu_driver_release_kms+0x12/0x30 [amdgpu] [ 377.706975] drm_dev_release+0x20/0x40 [drm] [ 377.707006] release_nodes+0x35/0xb0 [ 377.707014] devres_release_all+0x8b/0xc0 [ 377.707020] device_unbind_cleanup+0xe/0x70 [ 377.707027] device_release_driver_internal+0xee/0x160 [ 377.707033] driver_detach+0x44/0x90 [ 377.707039] bus_remove_driver+0x55/0xe0 [ 377.707045] pci_unregister_driver+0x3b/0x90 [ 377.707052] amdgpu_exit+0x11/0x6c [amdgpu] [ 377.707194] __x64_sys_delete_module+0x142/0x2b0 [ 377.707201] ? fpregs_assert_state_consistent+0x22/0x50 [ 377.707208] ? exit_to_user_mode_prepare+0x3e/0x190 [ 377.707215] do_syscall_64+0x38/0x90 [ 377.707221] entry_SYSCALL_64_after_hwframe+0x63/0xcd | 5.5 |
2024-08-21 | CVE-2023-52913 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs gem_context_register() makes the context visible to userspace, and which point a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl. So we need to ensure that nothing uses the ctx ptr after this. | 5.5 |
2024-08-21 | CVE-2023-52914 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: add hash if ready poll request can't complete inline If we don't, then we may lose access to it completely, leading to a request leak. | 5.5 |
2024-08-21 | CVE-2024-6767 | The WordSurvey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sounding_title’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. | 5.5 | |
2024-08-21 | CVE-2024-43871 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu(). | 5.5 |
2024-08-21 | CVE-2024-43872 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup under heavy CEQE load CEQEs are handled in interrupt handler currently. | 5.5 |
2024-08-21 | CVE-2024-43874 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked Fix a null pointer dereference induced by DEBUG_TEST_DRIVER_REMOVE. Return from __sev_snp_shutdown_locked() if the psp_device or the sev_device structs are not initialized. | 5.5 |
2024-08-21 | CVE-2024-43862 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex The carrier_lock spinlock protects the carrier detection. | 5.5 |
2024-08-21 | CVE-2024-43863 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll->fence wait->fence unref deadlocks. vmwgfx overwrites the wait callback to iterate over the list of all fences and update their status, to do that it holds a lock to prevent the list modifcations from other threads. | 5.5 |
2024-08-20 | CVE-2024-43861 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive. | 5.5 |
2024-08-25 | CVE-2024-8152 | Rems | Cross-site Scripting vulnerability in Rems QR Code Bookmark System 1.0 A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. | 5.4 |
2024-08-25 | CVE-2024-8153 | Rems | Cross-site Scripting vulnerability in Rems QR Code Bookmark System 1.0 A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. | 5.4 |
2024-08-25 | CVE-2024-8154 | Rems | Cross-site Scripting vulnerability in Rems QR Code Bookmark System 1.0 A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. | 5.4 |
2024-08-25 | CVE-2024-8151 | Rems | Cross-site Scripting vulnerability in Rems Interactive MAP With Marker 1.0 A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. | 5.4 |
2024-08-25 | CVE-2024-8142 | Rems | Cross-site Scripting vulnerability in Rems Daily Calories Monitoring Tool 1.0 A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. | 5.4 |
2024-08-25 | CVE-2024-8140 | Rems | Cross-site Scripting vulnerability in Rems Task Progress Tracker 1.0 A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. | 5.4 |
2024-08-25 | CVE-2024-8141 | Rems | Cross-site Scripting vulnerability in Rems Daily Calories Monitoring Tool 1.0 A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. | 5.4 |
2024-08-24 | CVE-2024-2254 | Risethemes | Cross-site Scripting vulnerability in Risethemes RT Easy Builder The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-08-24 | CVE-2023-0926 | Samiahmedsiddiqui | Cross-site Scripting vulnerability in Samiahmedsiddiqui Custom Permalinks The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. | 5.4 |
2024-08-23 | CVE-2024-41841 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-08-23 | CVE-2024-41843 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-08-23 | CVE-2024-41844 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-08-23 | CVE-2024-41845 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-08-23 | CVE-2024-41846 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-08-23 | CVE-2024-41847 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-08-23 | CVE-2024-41848 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-08-23 | CVE-2024-41875 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-08-23 | CVE-2024-41876 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-08-23 | CVE-2024-41877 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-08-23 | CVE-2024-41878 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-08-23 | CVE-2024-42918 | Adonesevangelista | Cross-site Scripting vulnerability in Adonesevangelista Online Accreditation Management System 1.0 itsourcecode Online Accreditation Management System contains a Cross Site Scripting vulnerability, which allows an attacker to execute arbitrary code via a crafted payload to the SCHOOLNAME, EMAILADDRES, CONTACTNO, COMPANYNAME and COMPANYCONTACTNO parameters in controller.php. | 5.4 |
2024-08-23 | CVE-2024-38869 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp products Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25. | 5.4 |
2024-08-23 | CVE-2024-42766 | Kjayvik | Unspecified vulnerability in Kjayvik BUS Ticket Reservation System 1.0 Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php. | 5.4 |
2024-08-23 | CVE-2024-8113 | Pretix | Cross-site Scripting vulnerability in Pretix Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. | 5.4 |
2024-08-23 | CVE-2024-5502 | Piotnet | Cross-site Scripting vulnerability in Piotnet Addons The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-08-22 | CVE-2024-6870 | Dfactory | Cross-site Scripting vulnerability in Dfactory Responsive Lightbox The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rl_upload_image AJAX endpoint. | 5.4 |
2024-08-22 | CVE-2024-7778 | Themeisle | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. | 5.4 |
2024-08-22 | CVE-2024-5583 | Posimyth | Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-08-21 | CVE-2024-7629 | Kirstyburgoine | Cross-site Scripting vulnerability in Kirstyburgoine Responsive Video 1.0 The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-08-21 | CVE-2024-42939 | Yzncms | Cross-site Scripting vulnerability in Yzncms 1.4.2 A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field. | 5.4 |
2024-08-20 | CVE-2024-43396 | Khoj | Cross-site Scripting vulnerability in Khoj Khoj is an application that creates personal AI agents. | 5.4 |
2024-08-20 | CVE-2024-39094 | Friendica | Cross-site Scripting vulnerability in Friendica 2024.03 Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters. | 5.4 |
2024-08-20 | CVE-2024-6378 | 3DS | Cross-site Scripting vulnerability in 3DS 3Dexperience R2022X/R2023X A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | 5.4 |
2024-08-20 | CVE-2024-42335 | 7 Twenty | Cross-site Scripting vulnerability in 7-Twenty BOT 7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 |
2024-08-20 | CVE-2024-6864 | Sayandatta | Cross-site Scripting vulnerability in Sayandatta WP Last Modified Info The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘template’ attribute of the lmt-post-modified-info shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. | 5.4 |
2024-08-20 | CVE-2024-5763 | Posimyth | Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_date attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping. | 5.4 |
2024-08-20 | CVE-2024-6575 | Posimyth | Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘res_width_value’ parameter within the plugin's tp_page_scroll widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping. | 5.4 |
2024-08-20 | CVE-2024-5941 | Givewp | Missing Authorization vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.14.1. | 5.4 |
2024-08-20 | CVE-2024-7945 | Adonesevangelista | Cross-site Scripting vulnerability in Adonesevangelista Laravel Property Management System 1.0 A vulnerability was found in itsourcecode Laravel Property Management System 1.0. | 5.4 |
2024-08-20 | CVE-2024-7948 | Rems | Cross-site Scripting vulnerability in Rems Account Manager APP 1.0 A vulnerability classified as problematic was found in SourceCodester Accounts Manager App 1.0. | 5.4 |
2024-08-20 | CVE-2024-7942 | Rems | Cross-site Scripting vulnerability in Rems Leads Manager Tool 1.0 A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. | 5.4 |
2024-08-19 | CVE-2024-43400 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 5.4 |
2024-08-25 | CVE-2023-48957 | Purevpn | Unspecified vulnerability in Purevpn 2.0.2 PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers. | 5.3 |
2024-08-25 | CVE-2024-45244 | Hyperledger | Unspecified vulnerability in Hyperledger Fabric Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window. | 5.3 |
2024-08-24 | CVE-2024-6499 | Maxfoundry | Unspecified vulnerability in Maxfoundry Maxbuttons The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. | 5.3 |
2024-08-22 | CVE-2024-42411 | Mattermost | Improper Check for Unusual or Exceptional Conditions vulnerability in Mattermost Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account is much older. | 5.3 |
2024-08-21 | CVE-2024-41674 | Okfn | Information Exposure Through an Error Message vulnerability in Okfn Ckan CKAN is an open-source data management system for powering data hubs and data portals. | 5.3 |
2024-08-21 | CVE-2024-6568 | The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.0. | 5.3 | |
2024-08-21 | CVE-2024-7390 | Starkdigital | Missing Authorization vulnerability in Starkdigital WP Testimonial Widget The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.0. | 5.3 |
2024-08-20 | CVE-2024-42369 | Matrix | Uncontrolled Recursion vulnerability in Matrix Javascript SDK matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. | 5.3 |
2024-08-20 | CVE-2024-43376 | Umbraco | Information Exposure Through an Error Message vulnerability in Umbraco CMS 14.0.0/14.1.0/14.1.1 Umbraco is an ASP.NET CMS. | 5.3 |
2024-08-20 | CVE-2024-5939 | Givewp | Missing Authorization vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 3.13.0. | 5.3 |
2024-08-20 | CVE-2024-5940 | Givewp | Missing Authorization vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.13.0. | 5.3 |
2024-08-25 | CVE-2024-8155 | Continew | SQL Injection vulnerability in Continew Admin 3.2.0 A vulnerability classified as critical was found in ContiNew Admin 3.2.0. | 4.9 |
2024-08-25 | CVE-2024-8150 | Continew | SQL Injection vulnerability in Continew Admin 3.2.0 A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical. | 4.9 |
2024-08-22 | CVE-2024-42497 | Mattermost | Unspecified vulnerability in Mattermost Server Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams. | 4.9 |
2024-08-22 | CVE-2024-39810 | Mattermost | Unspecified vulnerability in Mattermost Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the connection, cause the application to crash. | 4.9 |
2024-08-25 | CVE-2024-8145 | Classcms | Cross-site Scripting vulnerability in Classcms 4.8 A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. | 4.8 |
2024-08-23 | CVE-2024-41842 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 4.8 |
2024-08-22 | CVE-2024-8084 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Online Computer and Laptop Store 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Online Computer and Laptop Store 1.0. | 4.8 |
2024-08-20 | CVE-2024-7775 | Bitapps | Cross-site Scripting vulnerability in Bitapps Contact Form Builder The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. | 4.8 |
2024-08-22 | CVE-2022-48931 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes add or delete list concurrently. Some unfortunate interleavings of them can cause kernel panic. One of cases is: A --> B --> C --> D A <-- B <-- C <-- D delete list_head *B | delete list_head *C --------------------------------|----------------------------------- configfs_unregister_subsystem | configfs_unregister_subsystem unlink_group | unlink_group unlink_obj | unlink_obj list_del_init | list_del_init __list_del_entry | __list_del_entry __list_del | __list_del // next == C | next->prev = prev | | next->prev = prev prev->next = next | | // prev == B | prev->next = next Fix this by adding mutex when calling link_group() or unlink_group(), but parent configfs_subsystem is NULL when config_item is root. So I create a mutex configfs_subsystem_mutex. | 4.7 |
2024-08-22 | CVE-2022-48941 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ice: fix concurrent reset and removal of VFs Commit c503e63200c6 ("ice: Stop processing VF messages during teardown") introduced a driver state flag, ICE_VF_DEINIT_IN_PROGRESS, which is intended to prevent some issues with concurrently handling messages from VFs while tearing down the VFs. This change was motivated by crashes caused while tearing down and bringing up VFs in rapid succession. It turns out that the fix actually introduces issues with the VF driver caused because the PF no longer responds to any messages sent by the VF during its .remove routine. | 4.7 |
2024-08-22 | CVE-2022-48921 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweight_entity Syzbot found a GPF in reweight_entity. | 4.7 |
2024-08-21 | CVE-2022-48869 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: USB: gadgetfs: Fix race between mounting and unmounting The syzbot fuzzer and Gerald Lee have identified a use-after-free bug in the gadgetfs driver, involving processes concurrently mounting and unmounting the gadgetfs filesystem. | 4.7 |
2024-08-21 | CVE-2022-48898 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer There are 3 possible interrupt sources are handled by DP controller, HPDstatus, Controller state changes and Aux read/write transaction. At every irq, DP controller have to check isr status of every interrupt sources and service the interrupt if its isr status bits shows interrupts are pending. | 4.7 |
2024-08-21 | CVE-2022-48899 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the handle's reference. | 4.7 |
2024-08-21 | CVE-2023-52896 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota rescan and disable leading to NULL pointer deref If we have one task trying to start the quota rescan worker while another one is trying to disable quotas, we can end up hitting a race that results in the quota rescan worker doing a NULL pointer dereference. | 4.7 |
2024-08-21 | CVE-2023-52897 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: do not warn on record without old_roots populated [BUG] There are some reports from the mailing list that since v6.1 kernel, the WARN_ON() inside btrfs_qgroup_account_extent() gets triggered during rescan: WARNING: CPU: 3 PID: 6424 at fs/btrfs/qgroup.c:2756 btrfs_qgroup_account_extents+0x1ae/0x260 [btrfs] CPU: 3 PID: 6424 Comm: snapperd Tainted: P OE 6.1.2-1-default #1 openSUSE Tumbleweed 05c7a1b1b61d5627475528f71f50444637b5aad7 RIP: 0010:btrfs_qgroup_account_extents+0x1ae/0x260 [btrfs] Call Trace: <TASK> btrfs_commit_transaction+0x30c/0xb40 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] ? start_transaction+0xc3/0x5b0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] btrfs_qgroup_rescan+0x42/0xc0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] btrfs_ioctl+0x1ab9/0x25c0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] ? __rseq_handle_notify_resume+0xa9/0x4a0 ? mntput_no_expire+0x4a/0x240 ? __seccomp_filter+0x319/0x4d0 __x64_sys_ioctl+0x90/0xd0 do_syscall_64+0x5b/0x80 ? syscall_exit_to_user_mode+0x17/0x40 ? do_syscall_64+0x67/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fd9b790d9bf </TASK> [CAUSE] Since commit e15e9f43c7ca ("btrfs: introduce BTRFS_QGROUP_RUNTIME_FLAG_NO_ACCOUNTING to skip qgroup accounting"), if our qgroup is already in inconsistent state, we will no longer do the time-consuming backref walk. This can leave some qgroup records without a valid old_roots ulist. Normally this is fine, as btrfs_qgroup_account_extents() would also skip those records if we have NO_ACCOUNTING flag set. But there is a small window, if we have NO_ACCOUNTING flag set, and inserted some qgroup_record without a old_roots ulist, but then the user triggered a qgroup rescan. During btrfs_qgroup_rescan(), we firstly clear NO_ACCOUNTING flag, then commit current transaction. And since we have a qgroup_record with old_roots = NULL, we trigger the WARN_ON() during btrfs_qgroup_account_extents(). [FIX] Unfortunately due to the introduction of NO_ACCOUNTING flag, the assumption that every qgroup_record would have its old_roots populated is no longer correct. Fix the false alerts and drop the WARN_ON(). | 4.7 |
2024-08-21 | CVE-2023-52898 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhci_free_dev() which frees the xhci->devs[slot_id] virt device at the same time that xhci_kill_endpoint_urbs() tries to loop through all the device's endpoints, checking if there are any cancelled urbs left to give back. hold the xhci spinlock while freeing the virt device | 4.7 |
2024-08-21 | CVE-2023-52909 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nfsd: fix handling of cached open files in nfsd4_open codepath Commit fb70bf124b05 ("NFSD: Instantiate a struct file when creating a regular NFSv4 file") added the ability to cache an open fd over a compound. | 4.7 |
2024-08-25 | CVE-2024-42340 | Cyberark | Unspecified vulnerability in Cyberark Identity CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | 4.3 |
2024-08-25 | CVE-2024-42338 | Cyberark | Information Exposure vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 4.3 |
2024-08-25 | CVE-2024-42339 | Cyberark | Unspecified vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 4.3 |
2024-08-24 | CVE-2024-6631 | Imagerecycle | Missing Authorization vulnerability in Imagerecycle PDF & Image Compression The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 3.1.14. | 4.3 |
2024-08-24 | CVE-2024-8120 | Imagerecycle | Cross-Site Request Forgery (CSRF) vulnerability in Imagerecycle PDF & Image Compression The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. | 4.3 |
2024-08-22 | CVE-2024-43780 | Mattermost | Unspecified vulnerability in Mattermost Server Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel. | 4.3 |
2024-08-22 | CVE-2024-39744 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Connect Direct web Services IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
2024-08-22 | CVE-2024-43813 | Mattermost | Unspecified vulnerability in Mattermost Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user. | 4.3 |
2024-08-22 | CVE-2024-7836 | Themify | Incorrect Authorization vulnerability in Themify Builder The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. | 4.3 |
2024-08-21 | CVE-2024-7975 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 | |
2024-08-21 | CVE-2024-7976 | Unspecified vulnerability in Google Chrome Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 | |
2024-08-21 | CVE-2024-7978 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. | 4.3 | |
2024-08-21 | CVE-2024-7981 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 | |
2024-08-21 | CVE-2024-8033 | Unspecified vulnerability in Google Chrome Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. | 4.3 | |
2024-08-21 | CVE-2024-8034 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 | |
2024-08-21 | CVE-2024-8035 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 | |
2024-08-21 | CVE-2024-7722 | Foxit | Use After Free vulnerability in Foxit PDF Editor and PDF Reader Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. | 4.3 |
2024-08-21 | CVE-2024-5880 | The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password protection is enabled. | 4.3 | |
2024-08-21 | CVE-2024-6883 | The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to, and including, 5.0.22.decaf. | 4.3 | |
2024-08-21 | CVE-2024-7030 | Zaytech | Missing Authorization vulnerability in Zaytech Smart Online Order for Clover The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. | 4.3 |
2024-08-20 | CVE-2024-7711 | Github | Incorrect Authorization vulnerability in Github Enterprise Server An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. | 4.3 |
2024-08-20 | CVE-2024-43377 | Umbraco | Unspecified vulnerability in Umbraco CMS 14.0.0/14.1.0/14.1.1 Umbraco CMS is an ASP.NET CMS. | 4.3 |
2024-08-20 | CVE-2024-43397 | Apolloconfig | Unspecified vulnerability in Apolloconfig Apollo Apollo is a configuration management system. | 4.3 |
2024-08-23 | CVE-2024-41849 | Adobe | Unspecified vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. | 4.1 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-08-22 | CVE-2024-32939 | Mattermost | Cleartext Storage of Sensitive Information vulnerability in Mattermost Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server." | 3.7 |
2024-08-22 | CVE-2022-48937 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: io_uring: add a schedule point in io_add_buffers() Looping ~65535 times doing kmalloc() calls can trigger soft lockups, especially with DEBUG features (like KASAN). [ 253.536212] watchdog: BUG: soft lockup - CPU#64 stuck for 26s! [b219417889:12575] [ 253.544433] Modules linked in: vfat fat i2c_mux_pca954x i2c_mux spidev cdc_acm xhci_pci xhci_hcd sha3_generic gq(O) [ 253.544451] CPU: 64 PID: 12575 Comm: b219417889 Tainted: G S O 5.17.0-smp-DEV #801 [ 253.544457] RIP: 0010:kernel_text_address (./include/asm-generic/sections.h:192 ./include/linux/kallsyms.h:29 kernel/extable.c:67 kernel/extable.c:98) [ 253.544464] Code: 0f 93 c0 48 c7 c1 e0 63 d7 a4 48 39 cb 0f 92 c1 20 c1 0f b6 c1 5b 5d c3 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 53 48 89 fb <48> c7 c0 00 00 80 a0 41 be 01 00 00 00 48 39 c7 72 0c 48 c7 c0 40 [ 253.544468] RSP: 0018:ffff8882d8baf4c0 EFLAGS: 00000246 [ 253.544471] RAX: 1ffff1105b175e00 RBX: ffffffffa13ef09a RCX: 00000000a13ef001 [ 253.544474] RDX: ffffffffa13ef09a RSI: ffff8882d8baf558 RDI: ffffffffa13ef09a [ 253.544476] RBP: ffff8882d8baf4d8 R08: ffff8882d8baf5e0 R09: 0000000000000004 [ 253.544479] R10: ffff8882d8baf5e8 R11: ffffffffa0d59a50 R12: ffff8882eab20380 [ 253.544481] R13: ffffffffa0d59a50 R14: dffffc0000000000 R15: 1ffff1105b175eb0 [ 253.544483] FS: 00000000016d3380(0000) GS:ffff88af48c00000(0000) knlGS:0000000000000000 [ 253.544486] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 253.544488] CR2: 00000000004af0f0 CR3: 00000002eabfa004 CR4: 00000000003706e0 [ 253.544491] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 253.544492] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 253.544494] Call Trace: [ 253.544496] <TASK> [ 253.544498] ? io_queue_sqe (fs/io_uring.c:7143) [ 253.544505] __kernel_text_address (kernel/extable.c:78) [ 253.544508] unwind_get_return_address (arch/x86/kernel/unwind_frame.c:19) [ 253.544514] arch_stack_walk (arch/x86/kernel/stacktrace.c:27) [ 253.544517] ? io_queue_sqe (fs/io_uring.c:7143) [ 253.544521] stack_trace_save (kernel/stacktrace.c:123) [ 253.544527] ____kasan_kmalloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515) [ 253.544531] ? ____kasan_kmalloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515) [ 253.544533] ? __kasan_kmalloc (mm/kasan/common.c:524) [ 253.544535] ? kmem_cache_alloc_trace (./include/linux/kasan.h:270 mm/slab.c:3567) [ 253.544541] ? io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828) [ 253.544544] ? __io_queue_sqe (fs/io_uring.c:?) [ 253.544551] __kasan_kmalloc (mm/kasan/common.c:524) [ 253.544553] kmem_cache_alloc_trace (./include/linux/kasan.h:270 mm/slab.c:3567) [ 253.544556] ? io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828) [ 253.544560] io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828) [ 253.544564] ? __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469) [ 253.544567] ? __kasan_slab_alloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469) [ 253.544569] ? kmem_cache_alloc_bulk (mm/slab.h:732 mm/slab.c:3546) [ 253.544573] ? __io_alloc_req_refill (fs/io_uring.c:2078) [ 253.544578] ? io_submit_sqes (fs/io_uring.c:7441) [ 253.544581] ? __se_sys_io_uring_enter (fs/io_uring.c:10154 fs/io_uring.c:10096) [ 253.544584] ? __x64_sys_io_uring_enter (fs/io_uring.c:10096) [ 253.544587] ? do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) [ 253.544590] ? entry_SYSCALL_64_after_hwframe (??:?) [ 253.544596] __io_queue_sqe (fs/io_uring.c:?) [ 253.544600] io_queue_sqe (fs/io_uring.c:7143) [ 253.544603] io_submit_sqe (fs/io_uring.c:?) [ 253.544608] io_submit_sqes (fs/io_uring.c:?) [ 253.544612] __se_sys_io_uring_enter (fs/io_uring.c:10154 fs/io_uri ---truncated--- | 3.3 |
2024-08-22 | CVE-2022-48939 | Linux | Excessive Iteration vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcu_barrier Nothing prevents batch ops to process huge amount of data, we need to add schedule points in them. Note that maybe_wait_bpf_programs(map) calls from generic_map_delete_batch() can be factorized by moving the call after the loop. This will be done later in -next tree once we get this fix merged, unless there is strong opinion doing this optimization sooner. | 3.3 |
2024-08-19 | CVE-2024-43379 | Trufflesecurity | Server-Side Request Forgery (SSRF) vulnerability in Trufflesecurity Trufflehog TruffleHog is a secrets scanning tool. | 3.1 |
2024-08-22 | CVE-2024-40884 | Mattermost | Unspecified vulnerability in Mattermost Server Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL. | 2.7 |