Weekly Vulnerabilities Reports > August 19 to 25, 2024

Overview

450 new vulnerabilities reported during this period, including 73 critical vulnerabilities and 153 high severity vulnerabilities. This weekly summary report vulnerabilities in 220 products from 135 vendors including Linux, Google, Pligg, Adobe, and Dlink. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "NULL Pointer Dereference", "Cross-Site Request Forgery (CSRF)", and "Use After Free".

  • 324 reported vulnerabilities are remotely exploitables.
  • 165 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 208 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 103 reported vulnerabilities.
  • Dlink has the most reported critical vulnerabilities, with 11 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

73 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-08-19 CVE-2024-43242 Wpindeed Deserialization of Untrusted Data vulnerability in Wpindeed Ultimate Membership PRO

Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6.

10.0
2024-08-25 CVE-2024-8146 Pharmacy Management System Project SQL Injection vulnerability in Pharmacy Management System Project Pharmacy Management System 1.0

A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical.

9.8
2024-08-25 CVE-2024-8138 Pharmacy Management System Project SQL Injection vulnerability in Pharmacy Management System Project Pharmacy Management System 1.0

A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0.

9.8
2024-08-25 CVE-2024-8139 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez E-Commerce Website 1.0

A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical.

9.8
2024-08-24 CVE-2024-45237 Nicmx Classic Buffer Overflow vulnerability in Nicmx Fort-Validator

An issue was discovered in Fort before 1.6.3.

9.8
2024-08-24 CVE-2024-8135 Gotribe Use of Hard-coded Credentials vulnerability in Gotribe

A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310.

9.8
2024-08-24 CVE-2024-8134 Dlink OS Command Injection vulnerability in Dlink products

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814.

9.8
2024-08-24 CVE-2024-8133 Dlink OS Command Injection vulnerability in Dlink products

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814.

9.8
2024-08-24 CVE-2024-8131 Dlink OS Command Injection vulnerability in Dlink products

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical.

9.8
2024-08-24 CVE-2024-8132 Dlink OS Command Injection vulnerability in Dlink products

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814.

9.8
2024-08-24 CVE-2024-8130 Dlink OS Command Injection vulnerability in Dlink products

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical.

9.8
2024-08-24 CVE-2024-8129 Dlink OS Command Injection vulnerability in Dlink products

A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814.

9.8
2024-08-24 CVE-2024-8128 Dlink OS Command Injection vulnerability in Dlink products

A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814.

9.8
2024-08-24 CVE-2024-8127 Dlink OS Command Injection vulnerability in Dlink products

A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814.

9.8
2024-08-23 CVE-2024-44381 Dlink Unspecified vulnerability in Dlink DI 8004W Firmware 16.07.26A1

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.

9.8
2024-08-23 CVE-2024-44382 Dlink Unspecified vulnerability in Dlink DI 8004W Firmware 16.07.26A1

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.

9.8
2024-08-23 CVE-2024-43782 Openedx Injection vulnerability in Openedx Redwood1/Redwood2

This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex.

9.8
2024-08-23 CVE-2024-40766 Sonicwall Unspecified vulnerability in Sonicwall Sonicos

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash.

9.8
2024-08-23 CVE-2024-8089 Janobe Unrestricted Upload of File with Dangerous Type vulnerability in Janobe E-Commerce System 1.0

A vulnerability was found in SourceCodester E-Commerce System 1.0.

9.8
2024-08-22 CVE-2024-8086 Janobe SQL Injection vulnerability in Janobe E-Commerce System 1.0

A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as critical.

9.8
2024-08-22 CVE-2024-8087 Janobe SQL Injection vulnerability in Janobe E-Commerce System 1.0

A vulnerability was found in SourceCodester E-Commerce System 1.0 and classified as critical.

9.8
2024-08-22 CVE-2024-8081 Kevinwong SQL Injection vulnerability in Kevinwong Payroll Management System 1.0

A vulnerability classified as critical was found in itsourcecode Payroll Management System 1.0.

9.8
2024-08-22 CVE-2024-8078 Totolink Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.862B20230228

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228.

9.8
2024-08-22 CVE-2024-8079 Totolink Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.862B20230228

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228.

9.8
2024-08-22 CVE-2024-8080 Online Health Care System Project SQL Injection vulnerability in Online Health Care System Project Online Health Care System 1.0

A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0.

9.8
2024-08-22 CVE-2024-8075 Totolink OS Command Injection vulnerability in Totolink T8 Firmware 4.1.5Cu.862B20230228

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical.

9.8
2024-08-22 CVE-2024-8076 Totolink Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.862B20230228

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical.

9.8
2024-08-22 CVE-2024-8077 Totolink OS Command Injection vulnerability in Totolink T8 Firmware 4.1.5Cu.862B20230228

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228.

9.8
2024-08-21 CVE-2024-42777 Lopalopa Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.

9.8
2024-08-21 CVE-2024-42781 Lopalopa SQL Injection vulnerability in Lopalopa Music Management System 1.0

A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter.

9.8
2024-08-21 CVE-2024-42782 Lopalopa SQL Injection vulnerability in Lopalopa Music Management System 1.0

A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter.

9.8
2024-08-21 CVE-2024-42783 Lopalopa SQL Injection vulnerability in Lopalopa Music Management System 1.0

Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php.

9.8
2024-08-21 CVE-2024-42784 Lopalopa SQL Injection vulnerability in Lopalopa Music Management System 1.0

A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.

9.8
2024-08-21 CVE-2024-40453 Squirrelly Code Injection vulnerability in Squirrelly 9.0.0

squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.

9.8
2024-08-21 CVE-2024-5335 The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store_kit_compare_products cookie in versions up to , and including, 1.6.4.
9.8
2024-08-21 CVE-2024-7854 Sjhoo SQL Injection vulnerability in Sjhoo WOO Inquiry 0.1

The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query.

9.8
2024-08-20 CVE-2024-42361 Apache SQL Injection vulnerability in Apache Hertzbeat

Hertzbeat is an open source, real-time monitoring system.

9.8
2024-08-20 CVE-2024-6800 Github Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server

An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML.

9.8
2024-08-20 CVE-2024-30949 Newlib Project Integer Overflow or Wraparound vulnerability in Newlib Project Newlib 4.3.0

An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.

9.8
2024-08-20 CVE-2024-43404 Megacord Code Injection vulnerability in Megacord Megabot

MEGABOT is a fully customized Discord bot for learning and fun.

9.8
2024-08-20 CVE-2024-8003 Gotribe Deserialization of Untrusted Data vulnerability in Gotribe Gotribe-Admin 1.0

A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic.

9.8
2024-08-20 CVE-2024-8005 Demozx Use of Hard-coded Credentials vulnerability in Demozx GF CMS

A vulnerability was found in demozx gf_cms 1.0/1.0.1.

9.8
2024-08-20 CVE-2024-42336 Servision Improper Authentication vulnerability in Servision IVG Webmax 1.0.57

Servision - CWE-287: Improper Authentication

9.8
2024-08-20 CVE-2024-42566 Arajajyothibabu SQL Injection vulnerability in Arajajyothibabu School Management System

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php

9.8
2024-08-20 CVE-2024-42567 Arajajyothibabu SQL Injection vulnerability in Arajajyothibabu School Management System

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.

9.8
2024-08-20 CVE-2024-42568 Arajajyothibabu SQL Injection vulnerability in Arajajyothibabu School Management System

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php.

9.8
2024-08-20 CVE-2024-42570 Arajajyothibabu SQL Injection vulnerability in Arajajyothibabu School Management System

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php.

9.8
2024-08-20 CVE-2024-42572 Arajajyothibabu SQL Injection vulnerability in Arajajyothibabu School Management System

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.

9.8
2024-08-20 CVE-2024-42573 Arajajyothibabu SQL Injection vulnerability in Arajajyothibabu School Management System

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php.

9.8
2024-08-20 CVE-2024-42574 Arajajyothibabu SQL Injection vulnerability in Arajajyothibabu School Management System

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.

9.8
2024-08-20 CVE-2024-42575 Arajajyothibabu SQL Injection vulnerability in Arajajyothibabu School Management System

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.

9.8
2024-08-20 CVE-2024-5932 Givewp Deserialization of Untrusted Data vulnerability in Givewp

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter.

9.8
2024-08-20 CVE-2024-7946 Adonesevangelista SQL Injection vulnerability in Adonesevangelista Online Blood Bank Management System 1.0

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0.

9.8
2024-08-20 CVE-2024-7947 Janobe SQL Injection vulnerability in Janobe Point of Sales and Inventory Management System 1.0

A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0.

9.8
2024-08-20 CVE-2024-7937 Project Expense Monitoring System Project SQL Injection vulnerability in Project Expense Monitoring System Project Expense Monitoring System 1.0

A vulnerability classified as critical was found in itsourcecode Project Expense Monitoring System 1.0.

9.8
2024-08-20 CVE-2024-7936 Project Expense Monitoring System Project SQL Injection vulnerability in Project Expense Monitoring System Project Expense Monitoring System 1.0

A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0.

9.8
2024-08-19 CVE-2024-7933 Project Expense Monitoring System Project SQL Injection vulnerability in Project Expense Monitoring System Project Expense Monitoring System 1.0

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0.

9.8
2024-08-19 CVE-2024-7934 Project Expense Monitoring System Project SQL Injection vulnerability in Project Expense Monitoring System Project Expense Monitoring System 1.0

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0.

9.8
2024-08-19 CVE-2024-7935 Project Expense Monitoring System Project SQL Injection vulnerability in Project Expense Monitoring System Project Expense Monitoring System 1.0

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0.

9.8
2024-08-19 CVE-2024-42812 Dlink Classic Buffer Overflow vulnerability in Dlink Dir-860L Firmware 2.0.3

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi.

9.8
2024-08-19 CVE-2024-42658 Nepstech Unspecified vulnerability in Nepstech Ntpl-Xpon1Gfevn Firmware 1.0

An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the cookie's parameter

9.8
2024-08-19 CVE-2024-43240 Wpindeed Unspecified vulnerability in Wpindeed Ultimate Membership PRO

Improper Privilege Management vulnerability in azzaroco Ultimate Membership Pro allows Privilege Escalation.This issue affects Ultimate Membership Pro: from n/a through 12.6.

9.8
2024-08-19 CVE-2024-43399 Opensecurity Path Traversal vulnerability in Opensecurity Mobile Security Framework

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

9.8
2024-08-19 CVE-2024-7922 Dell Command Injection vulnerability in Dell products

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical.

9.8
2024-08-19 CVE-2024-44076 Microcks Unspecified vulnerability in Microcks

In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access.

9.8
2024-08-19 CVE-2024-7921 Jielink Jsotc2016 Project Unspecified vulnerability in Jielink+ Jsotc2016 Project Jielink+ Jsotc2016

A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 and classified as problematic.

9.8
2024-08-19 CVE-2024-7919 Jielink Jsotc2016 Project Unspecified vulnerability in Jielink+ Jsotc2016 Project Jielink+ Jsotc2016

A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805.

9.8
2024-08-19 CVE-2024-7920 Jielink Jsotc2016 Project Unspecified vulnerability in Jielink+ Jsotc2016 Project Jielink+ Jsotc2016

A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805.

9.8
2024-08-20 CVE-2024-38175 An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.
9.6
2024-08-21 CVE-2024-28987 Solarwinds Use of Hard-coded Credentials vulnerability in Solarwinds web Help Desk

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

9.1
2024-08-19 CVE-2024-43248 Bitapps Path Traversal vulnerability in Bitapps BIT Form

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4.

9.1
2024-08-20 CVE-2024-35540 Typecho Cross-site Scripting vulnerability in Typecho

A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

9.0
2024-08-20 CVE-2024-7777 Bitapps Path Traversal vulnerability in Bitapps Contact Form Builder

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9.

9.0

153 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-08-25 CVE-2024-8147 Pharmacy Management System Project SQL Injection vulnerability in Pharmacy Management System Project Pharmacy Management System 1.0

A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical.

8.8
2024-08-24 CVE-2024-7656 The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function.
8.8
2024-08-23 CVE-2024-44390 Tencacn Out-of-bounds Write vulnerability in Tencacn Fh1206 Firmware 1.2.0.8(8155)En

Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafeset.

8.8
2024-08-23 CVE-2024-36514 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.

8.8
2024-08-23 CVE-2024-36515 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.

8.8
2024-08-23 CVE-2024-36516 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.

8.8
2024-08-23 CVE-2024-36517 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.

8.8
2024-08-23 CVE-2024-5466 Zoho
Zohocorp
Code Injection vulnerability in multiple products

Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.

8.8
2024-08-23 CVE-2024-5467 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.

8.8
2024-08-23 CVE-2024-5490 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.

8.8
2024-08-23 CVE-2024-5556 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.

8.8
2024-08-23 CVE-2024-5586 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.

8.8
2024-08-23 CVE-2024-7258 Wpmarketingrobot Missing Authorization vulnerability in Wpmarketingrobot Woocommerce Google Feed Manager

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and including, 2.8.0.

8.8
2024-08-23 CVE-2024-7559 The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7.
8.8
2024-08-22 CVE-2024-8083 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0.

8.8
2024-08-22 CVE-2024-40886 Mattermost Cross-Site Request Forgery (CSRF) vulnerability in Mattermost

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console.

8.8
2024-08-22 CVE-2024-7384 Acymailing Unrestricted Upload of File with Dangerous Type vulnerability in Acymailing

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and including, 9.7.2.

8.8
2024-08-21 CVE-2024-6386 Wpml Code Injection vulnerability in Wpml

The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection.

8.8
2024-08-21 CVE-2024-7964 Google Use After Free vulnerability in Google Chrome

Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-08-21 CVE-2024-7965 Google
Microsoft
Out-of-bounds Write vulnerability in multiple products

Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-08-21 CVE-2024-7966 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome

Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page.

8.8
2024-08-21 CVE-2024-7967 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-08-21 CVE-2024-7968 Google Use After Free vulnerability in Google Chrome

Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-08-21 CVE-2024-7969 Google Type Confusion vulnerability in Google Chrome

Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-08-21 CVE-2024-7971 Google Type Confusion vulnerability in Google Chrome

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page.

8.8
2024-08-21 CVE-2024-7972 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8
2024-08-21 CVE-2024-7973 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

8.8
2024-08-21 CVE-2024-7974 Google Unspecified vulnerability in Google Chrome

Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

8.8
2024-08-21 CVE-2024-42778 Lopalopa Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0.

8.8
2024-08-21 CVE-2024-42779 Lopalopa Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0.

8.8
2024-08-21 CVE-2024-42780 Lopalopa Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0.

8.8
2024-08-21 CVE-2024-42785 Lopalopa SQL Injection vulnerability in Lopalopa Music Management System 1.0

A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.

8.8
2024-08-21 CVE-2024-42786 Lopalopa SQL Injection vulnerability in Lopalopa Music Management System 1.0

A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page.

8.8
2024-08-21 CVE-2024-6813 Netgear SQL Injection vulnerability in Netgear Prosafe Network Management System 1.7.0.34

NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability.

8.8
2024-08-21 CVE-2024-6814 Netgear SQL Injection vulnerability in Netgear Prosafe Network Management System 1.7.0.34

NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability.

8.8
2024-08-21 CVE-2024-7723 Foxit Use After Free vulnerability in Foxit PDF Editor and PDF Reader

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability.

8.8
2024-08-21 CVE-2024-7724 Foxit Use After Free vulnerability in Foxit PDF Editor and PDF Reader

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability.

8.8
2024-08-21 CVE-2024-7725 Foxit Use After Free vulnerability in Foxit PDF Editor and PDF Reader

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability.

8.8
2024-08-21 CVE-2024-7795 Autel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autel Maxicharger AC Elite Business C50 Firmware

Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability.

8.8
2024-08-20 CVE-2024-41657 Casbin Incorrect Comparison vulnerability in Casbin Casdoor

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform.

8.8
2024-08-20 CVE-2024-42362 Apache Deserialization of Untrusted Data vulnerability in Apache Hertzbeat

Hertzbeat is an open source, real-time monitoring system.

8.8
2024-08-20 CVE-2024-31842 Italtel Unspecified vulnerability in Italtel Embrace 1.6.4

An issue was discovered in Italtel Embrace 1.6.4.

8.8
2024-08-20 CVE-2024-39690 Projectcapsule Incorrect Authorization vulnerability in Projectcapsule Capsule

Capsule is a multi-tenancy and policy-based framework for Kubernetes.

8.8
2024-08-20 CVE-2024-42603 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall

8.8
2024-08-20 CVE-2024-42604 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3

8.8
2024-08-20 CVE-2024-42605 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1

8.8
2024-08-20 CVE-2024-42606 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1

8.8
2024-08-20 CVE-2024-42607 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database

8.8
2024-08-20 CVE-2024-42609 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars

8.8
2024-08-20 CVE-2024-42610 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files

8.8
2024-08-20 CVE-2024-42611 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete

8.8
2024-08-20 CVE-2024-42613 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet

8.8
2024-08-20 CVE-2024-42616 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics

8.8
2024-08-20 CVE-2024-42617 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32

8.8
2024-08-20 CVE-2024-42618 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma

8.8
2024-08-20 CVE-2024-42621 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php

8.8
2024-08-20 CVE-2024-43406 Lfedge SQL Injection vulnerability in Lfedge Ekuiper

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices.

8.8
2024-08-20 CVE-2024-42608 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php.

8.8
2024-08-20 CVE-2024-42577 Siamonhasan Cross-Site Request Forgery (CSRF) vulnerability in Siamonhasan Warehouse Inventory System 2.0

A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

8.8
2024-08-20 CVE-2024-42579 Siamonhasan Cross-Site Request Forgery (CSRF) vulnerability in Siamonhasan Warehouse Inventory System 2.0

A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

8.8
2024-08-20 CVE-2024-42580 Siamonhasan Cross-Site Request Forgery (CSRF) vulnerability in Siamonhasan Warehouse Inventory System 2.0

A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

8.8
2024-08-20 CVE-2024-42581 Siamonhasan Cross-Site Request Forgery (CSRF) vulnerability in Siamonhasan Warehouse Inventory System 2.0

A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

8.8
2024-08-20 CVE-2024-42582 Siamonhasan Cross-Site Request Forgery (CSRF) vulnerability in Siamonhasan Warehouse Inventory System 2.0

A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

8.8
2024-08-20 CVE-2024-42583 Siamonhasan Cross-Site Request Forgery (CSRF) vulnerability in Siamonhasan Warehouse Inventory System 2.0

A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

8.8
2024-08-20 CVE-2024-42584 Siamonhasan Cross-Site Request Forgery (CSRF) vulnerability in Siamonhasan Warehouse Inventory System 2.0

A Cross-Site Request Forgery (CSRF) in the component delete_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

8.8
2024-08-20 CVE-2024-7827 The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘model_number’ parameter in all versions up to, and including, 5.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
8.8
2024-08-20 CVE-2024-7944 Adonesevangelista Unrestricted Upload of File with Dangerous Type vulnerability in Adonesevangelista Laravel Property Management System 1.0

A vulnerability was found in itsourcecode Laravel Property Management System 1.0.

8.8
2024-08-20 CVE-2024-7949 Tamparongj 03 SQL Injection vulnerability in Tamparongj 03 Online Graduate Tracer System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Online Graduate Tracer System up to 1.0.

8.8
2024-08-20 CVE-2024-7943 Adonesevangelista Unrestricted Upload of File with Dangerous Type vulnerability in Adonesevangelista Laravel Property Management System 1.0

A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical.

8.8
2024-08-19 CVE-2024-7930 Oretnom23 SQL Injection vulnerability in Oretnom23 Clinic Patient Management System 1.0

A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical.

8.8
2024-08-19 CVE-2024-7931 Tamparongj 03 SQL Injection vulnerability in Tamparongj 03 Online Graduate Tracer System 1.0

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical.

8.8
2024-08-19 CVE-2024-43249 Bitapps Unrestricted Upload of File with Dangerous Type vulnerability in Bitapps BIT Form

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4.

8.8
2024-08-19 CVE-2024-42633 Linksys OS Command Injection vulnerability in Linksys E1500 Firmware 1.0.06.001

A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001.

8.8
2024-08-24 CVE-2022-43915 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM APP Connect Enterprise Certified Container

IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.

8.1
2024-08-24 CVE-2024-7568 Pixeljar Cross-Site Request Forgery (CSRF) vulnerability in Pixeljar Favicon Generator

The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.

8.1
2024-08-21 CVE-2024-5762 ZEN Cart Inclusion of Functionality from Untrusted Control Sphere vulnerability in Zen-Cart ZEN Cart 1.5.8A

Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability.

8.1
2024-08-21 CVE-2024-7600 Logsign Path Traversal vulnerability in Logsign Unified Secops Platform 6.4.20

Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability.

8.1
2024-08-21 CVE-2024-7601 Logsign Path Traversal vulnerability in Logsign Unified Secops Platform 6.4.20

Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability.

8.1
2024-08-21 CVE-2024-7603 Logsign Path Traversal vulnerability in Logsign Unified Secops Platform 6.4.20

Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability.

8.1
2024-08-21 CVE-2024-8007 Redhat Improper Certificate Validation vulnerability in Redhat Openstack Platform 16.1/16.2/17.1

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director.

8.1
2024-08-21 CVE-2024-7448 Magnetforensics OS Command Injection vulnerability in Magnetforensics Axiom 8.0.0.39753

Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability.

8.0
2024-08-19 CVE-2024-43401 Xwiki Missing Authorization vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

8.0
2024-08-23 CVE-2024-43791 Steveklabnik Incorrect Default Permissions vulnerability in Steveklabnik Request Store 1.3.2

RequestStore provides per-request global storage for Rack.

7.8
2024-08-22 CVE-2024-38209 Microsoft Type Confusion vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

7.8
2024-08-22 CVE-2024-38210 Microsoft Out-of-bounds Read vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

7.8
2024-08-22 CVE-2022-48926 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: add spinlock for rndis response list There's no lock for rndis response list.

7.8
2024-08-22 CVE-2022-48927 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iio: adc: tsc2046: fix memory corruption by preventing array overflow On one side we have indio_dev->num_channels includes all physical channels + timestamp channel.

7.8
2024-08-22 CVE-2022-48943 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvm_arch_can_dequeue_async_page_present() to determine whether to deliver a READY event to the Guest.

7.8
2024-08-22 CVE-2022-48912 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been released, because other threads might have freed our allocated hooks already. BUG: KASAN: use-after-free in nf_hook_entries_get_hook_ops include/linux/netfilter.h:130 [inline] BUG: KASAN: use-after-free in hooks_validate net/netfilter/core.c:171 [inline] BUG: KASAN: use-after-free in __nf_register_net_hook+0x77a/0x820 net/netfilter/core.c:438 Read of size 2 at addr ffff88801c1a8000 by task syz-executor237/4430 CPU: 1 PID: 4430 Comm: syz-executor237 Not tainted 5.17.0-rc5-syzkaller-00306-g2293be58d6a1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x336 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 nf_hook_entries_get_hook_ops include/linux/netfilter.h:130 [inline] hooks_validate net/netfilter/core.c:171 [inline] __nf_register_net_hook+0x77a/0x820 net/netfilter/core.c:438 nf_register_net_hook+0x114/0x170 net/netfilter/core.c:571 nf_register_net_hooks+0x59/0xc0 net/netfilter/core.c:587 nf_synproxy_ipv6_init+0x85/0xe0 net/netfilter/nf_synproxy_core.c:1218 synproxy_tg6_check+0x30d/0x560 net/ipv6/netfilter/ip6t_SYNPROXY.c:81 xt_check_target+0x26c/0x9e0 net/netfilter/x_tables.c:1038 check_target net/ipv6/netfilter/ip6_tables.c:530 [inline] find_check_entry.constprop.0+0x7f1/0x9e0 net/ipv6/netfilter/ip6_tables.c:573 translate_table+0xc8b/0x1750 net/ipv6/netfilter/ip6_tables.c:735 do_replace net/ipv6/netfilter/ip6_tables.c:1153 [inline] do_ip6t_set_ctl+0x56e/0xb90 net/ipv6/netfilter/ip6_tables.c:1639 nf_setsockopt+0x83/0xe0 net/netfilter/nf_sockopt.c:101 ipv6_setsockopt+0x122/0x180 net/ipv6/ipv6_sockglue.c:1024 rawv6_setsockopt+0xd3/0x6a0 net/ipv6/raw.c:1084 __sys_setsockopt+0x2db/0x610 net/socket.c:2180 __do_sys_setsockopt net/socket.c:2191 [inline] __se_sys_setsockopt net/socket.c:2188 [inline] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2188 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f65a1ace7d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f65a1a7f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f65a1ace7d9 RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 RBP: 00007f65a1b574c8 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000020000000 R11: 0000000000000246 R12: 00007f65a1b55130 R13: 00007f65a1b574c0 R14: 00007f65a1b24090 R15: 0000000000022000 </TASK> The buggy address belongs to the page: page:ffffea0000706a00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c1a8 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 ffffea0001c1b108 ffffea000046dd08 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as freed page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 4430, ts 1061781545818, free_ts 1061791488993 prep_new_page mm/page_alloc.c:2434 [inline] get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4165 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5389 __alloc_pages_node include/linux/gfp.h:572 [inline] alloc_pages_node include/linux/gfp.h:595 [inline] kmalloc_large_node+0x62/0x130 mm/slub.c:4438 __kmalloc_node+0x35a/0x4a0 mm/slub. ---truncated---

7.8
2024-08-22 CVE-2022-48913 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debugfs_dir' and 'bt->dir' is NULL, thus blk_trace_free() won't remove those files.

7.8
2024-08-22 CVE-2022-48919 Linux Double Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free the context. In this situation we should not proceed to enter the out: section in cifs_smb3_do_mount() and free the same resources a second time. [Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0 [Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 5.17.0-rc3+ #4 [Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019 [Thu Feb 10 12:59:06 2022] Call Trace: [Thu Feb 10 12:59:06 2022] <IRQ> [Thu Feb 10 12:59:06 2022] dump_stack_lvl+0x5d/0x78 [Thu Feb 10 12:59:06 2022] print_address_description.constprop.0+0x24/0x150 [Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] kasan_report.cold+0x7d/0x117 [Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] __asan_load8+0x86/0xa0 [Thu Feb 10 12:59:06 2022] rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] rcu_core+0x547/0xca0 [Thu Feb 10 12:59:06 2022] ? call_rcu+0x3c0/0x3c0 [Thu Feb 10 12:59:06 2022] ? __this_cpu_preempt_check+0x13/0x20 [Thu Feb 10 12:59:06 2022] ? lock_is_held_type+0xea/0x140 [Thu Feb 10 12:59:06 2022] rcu_core_si+0xe/0x10 [Thu Feb 10 12:59:06 2022] __do_softirq+0x1d4/0x67b [Thu Feb 10 12:59:06 2022] __irq_exit_rcu+0x100/0x150 [Thu Feb 10 12:59:06 2022] irq_exit_rcu+0xe/0x30 [Thu Feb 10 12:59:06 2022] sysvec_hyperv_stimer0+0x9d/0xc0 ... [Thu Feb 10 12:59:07 2022] Freed by task 58179: [Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50 [Thu Feb 10 12:59:07 2022] kasan_set_track+0x25/0x30 [Thu Feb 10 12:59:07 2022] kasan_set_free_info+0x24/0x40 [Thu Feb 10 12:59:07 2022] ____kasan_slab_free+0x137/0x170 [Thu Feb 10 12:59:07 2022] __kasan_slab_free+0x12/0x20 [Thu Feb 10 12:59:07 2022] slab_free_freelist_hook+0xb3/0x1d0 [Thu Feb 10 12:59:07 2022] kfree+0xcd/0x520 [Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0x149/0xbe0 [cifs] [Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs] [Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140 [Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0 [Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210 [Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0 [Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae [Thu Feb 10 12:59:07 2022] Last potentially related work creation: [Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50 [Thu Feb 10 12:59:07 2022] __kasan_record_aux_stack+0xb6/0xc0 [Thu Feb 10 12:59:07 2022] kasan_record_aux_stack_noalloc+0xb/0x10 [Thu Feb 10 12:59:07 2022] call_rcu+0x76/0x3c0 [Thu Feb 10 12:59:07 2022] cifs_umount+0xce/0xe0 [cifs] [Thu Feb 10 12:59:07 2022] cifs_kill_sb+0xc8/0xe0 [cifs] [Thu Feb 10 12:59:07 2022] deactivate_locked_super+0x5d/0xd0 [Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0xab9/0xbe0 [cifs] [Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs] [Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140 [Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0 [Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210 [Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0 [Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae

7.8
2024-08-22 CVE-2022-48925 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.src_addr outside state checks If the state is not idle then resolve_prepare_src() should immediately fail and no change to global state should happen.

7.8
2024-08-21 CVE-2024-7977 Google Unspecified vulnerability in Google Chrome

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file.

7.8
2024-08-21 CVE-2024-7979 Google Insufficient Verification of Data Authenticity vulnerability in Google Chrome

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link.

7.8
2024-08-21 CVE-2024-7980 Google Insufficient Verification of Data Authenticity vulnerability in Google Chrome

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link.

7.8
2024-08-21 CVE-2024-5928 Vipre Link Following vulnerability in Vipre Advanced Security 12.0.1.214

VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability.

7.8
2024-08-21 CVE-2024-5929 Vipre Uncontrolled Search Path Element vulnerability in Vipre Advanced Security 12.0.1.214

VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability.

7.8
2024-08-21 CVE-2024-5930 Vipre Incorrect Permission Assignment for Critical Resource vulnerability in Vipre Advanced Security 12.0.1.214

VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability.

7.8
2024-08-21 CVE-2024-6141 Windscribe Path Traversal vulnerability in Windscribe 2.9.9

Windscribe Directory Traversal Local Privilege Escalation Vulnerability.

7.8
2024-08-21 CVE-2024-6811 Irfanview Out-of-bounds Write vulnerability in Irfanview and WSQ

IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability.

7.8
2024-08-21 CVE-2024-6812 Irfanview Out-of-bounds Write vulnerability in Irfanview and WSQ

IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability.

7.8
2024-08-21 CVE-2024-7604 Logsign Incorrect Authorization vulnerability in Logsign Unified Secops Platform 6.4.20

Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability.

7.8
2024-08-21 CVE-2020-11847 Microfocus OS Command Injection vulnerability in Microfocus Netiq Privileged Access Manager 3.7

SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash.

7.8
2024-08-21 CVE-2023-22576 Dell Unspecified vulnerability in Dell Repository Manager 1.1.52/1.2.155/1.3.124

Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module.

7.8
2024-08-21 CVE-2024-37008 Autodesk Out-of-bounds Write vulnerability in Autodesk Revit

A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow.

7.8
2024-08-21 CVE-2022-48867 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Prevent use after free on completion memory On driver unload any pending descriptors are flushed at the time the interrupt is freed: idxd_dmaengine_drv_remove() -> drv_disable_wq() -> idxd_wq_free_irq() -> idxd_flush_pending_descs(). If there are any descriptors present that need to be flushed this flow triggers a "not present" page fault as below: BUG: unable to handle page fault for address: ff391c97c70c9040 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page The address that triggers the fault is the address of the descriptor that was freed moments earlier via: drv_disable_wq()->idxd_wq_free_resources() Fix the use after free by freeing the descriptors after any possible usage.

7.8
2024-08-21 CVE-2022-48873 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Don't remove map on creater_process and device_release Do not remove the map from the list on error path in fastrpc_init_create_process, instead call fastrpc_map_put, to avoid use-after-free.

7.8
2024-08-21 CVE-2022-48874 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free and race in fastrpc_map_find Currently, there is a race window between the point when the mutex is unlocked in fastrpc_map_lookup and the reference count increasing (fastrpc_map_get) in fastrpc_map_find, which can also lead to use-after-free. So lets merge fastrpc_map_find into fastrpc_map_lookup which allows us to both protect the maps list by also taking the &fl->lock spinlock and the reference count, since the spinlock will be released only after. Add take_ref argument to make this suitable for all callers.

7.8
2024-08-21 CVE-2022-48878 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Fix driver shutdown on closed serdev The driver shutdown callback (which sends EDL_SOC_RESET to the device over serdev) should not be invoked when HCI device is not open (e.g.

7.8
2024-08-21 CVE-2022-48892 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: sched/core: Fix use-after-free bug in dup_user_cpus_ptr() Since commit 07ec77a1d4e8 ("sched: Allow task CPU affinity to be restricted on asymmetric systems"), the setting and clearing of user_cpus_ptr are done under pi_lock for arm64 architecture.

7.8
2024-08-21 CVE-2023-52906 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mpls: Fix warning during failed attribute validation The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has a validation type of 'NLA_VALIDATE_FUNCTION'.

7.8
2024-08-21 CVE-2024-43873 Linux Missing Initialization of Resource vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1.

7.8
2024-08-19 CVE-2024-32927 Google Use After Free vulnerability in Google Android

In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking.

7.8
2024-08-24 CVE-2024-45234 Nicmx Unspecified vulnerability in Nicmx Fort-Validator

An issue was discovered in Fort before 1.6.3.

7.5
2024-08-24 CVE-2024-45236 Nicmx Unspecified vulnerability in Nicmx Fort-Validator

An issue was discovered in Fort before 1.6.3.

7.5
2024-08-24 CVE-2024-45239 Nicmx NULL Pointer Dereference vulnerability in Nicmx Fort-Validator

An issue was discovered in Fort before 1.6.3.

7.5
2024-08-23 CVE-2024-43477 Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.
7.5
2024-08-22 CVE-2023-7260 Opentext Path Traversal vulnerability in Opentext Cx-E Voice

Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4.

7.5
2024-08-22 CVE-2024-39776 Avtecinc Sensitive Data Under Web Root vulnerability in Avtecinc Outpost 0810 Firmware and Outpost Uploader Utility

Avtec Outpost stores sensitive information in an insecure location without proper access controls in place.

7.5
2024-08-22 CVE-2024-42418 Avtecinc Use of Hard-coded Cryptographic Key vulnerability in Avtecinc Outpost 0810 Firmware and Outpost Uploader Utility

Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.

7.5
2024-08-22 CVE-2024-39745 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling Connect Direct web Services

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2024-08-21 CVE-2020-11846 Microfocus Unspecified vulnerability in Microfocus Netiq Privileged Access Manager 3.7

A vulnerability found in OpenText Privileged Access Manager that issues a token.

7.5
2024-08-21 CVE-2024-7885 Redhat Unspecified vulnerability in Redhat products

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests.

7.5
2024-08-21 CVE-2023-49198 Apache Files or Directories Accessible to External Parties vulnerability in Apache Seatunnel 1.0.0

Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue.

7.5
2024-08-21 CVE-2024-7651 Appcheap SQL Injection vulnerability in Appcheap APP Builder

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

7.5
2024-08-20 CVE-2024-42662 Apolloconfig Unspecified vulnerability in Apolloconfig Apollo 2.2.0

An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request.

7.5
2024-08-20 CVE-2024-34458 Keyfactor SQL Injection vulnerability in Keyfactor Command 10.5.0/11.5.0

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure.

7.5
2024-08-20 CVE-2024-42006 Keyfactor Unspecified vulnerability in Keyfactor AWS Orchestrator

Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure.

7.5
2024-08-20 CVE-2024-41698 Priority Software Information Exposure vulnerability in Priority-Software Priority 19.1.0.68/22.0

Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

7.5
2024-08-20 CVE-2024-41699 Priority Software Files or Directories Accessible to External Parties vulnerability in Priority-Software Priority 19.1.0.68/22.0

Priority – CWE-552: Files or Directories Accessible to External Parties

7.5
2024-08-20 CVE-2024-41700 Barix Information Exposure vulnerability in Barix SIP Client Firmware

Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

7.5
2024-08-19 CVE-2024-7928 Fastadmin Path Traversal vulnerability in Fastadmin

A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121.

7.5
2024-08-19 CVE-2024-7926 Zzcms Path Traversal vulnerability in Zzcms 2023

A vulnerability classified as critical has been found in ZZCMS 2023.

7.5
2024-08-19 CVE-2024-7927 Zzcms Path Traversal vulnerability in Zzcms 2023

A vulnerability classified as critical was found in ZZCMS 2023.

7.5
2024-08-19 CVE-2024-7592 Python Unspecified vulnerability in Python

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

7.5
2024-08-19 CVE-2024-7924 Zzcms Path Traversal vulnerability in Zzcms 2023

A vulnerability was found in ZZCMS 2023.

7.5
2024-08-19 CVE-2024-7925 Zzcms Unspecified vulnerability in Zzcms 2023

A vulnerability was found in ZZCMS 2023.

7.5
2024-08-19 CVE-2024-42657 Nepstech Missing Encryption of Sensitive Data vulnerability in Nepstech Ntpl-Xpon1Gfevn Firmware 1.0

An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process

7.5
2024-08-19 CVE-2024-6348 Nissan Global Use of Insufficiently Random Values vulnerability in Nissan-Global Blind Spot Protection Sensor ECU Firmware

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests.

7.5
2024-08-19 CVE-2024-43380 Floraison Unspecified vulnerability in Floraison Fugit

fugit contains time tools for flor and the floraison group.

7.5
2024-08-19 CVE-2024-44083 HEX Rays Allocation of Resources Without Limits or Throttling vulnerability in Hex-Rays IDA PRO

ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked.

7.5
2024-08-19 CVE-2024-44073 Rust Bitcoin Out-of-bounds Write vulnerability in Rust-Bitcoin Miniscript

The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth.

7.5
2024-08-19 CVE-2024-44070 Frrouting
Redhat
An issue was discovered in FRRouting (FRR) through 10.1.
7.5
2024-08-24 CVE-2024-7351 Presstigers Deserialization of Untrusted Data vulnerability in Presstigers Simple JOB Board

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications.

7.2
2024-08-22 CVE-2024-39717 Versa Networks Unrestricted Upload of File with Dangerous Type vulnerability in Versa-Networks Versa Director

The Versa Director GUI provides an option to customize the look and feel of the user interface.

7.2
2024-08-22 CVE-2024-8071 Mattermost Unspecified vulnerability in Mattermost

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role (e.g.

7.2
2024-08-21 CVE-2024-7134 The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘form_data’ parameter in all versions up to, and including, 3.3.78 due to insufficient input sanitization and output escaping.
7.2
2024-08-20 CVE-2024-7702 Bitapps SQL Injection vulnerability in Bitapps Contact Form Builder

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.

7.2
2024-08-20 CVE-2024-7780 Bitapps SQL Injection vulnerability in Bitapps Contact Form Builder

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.

7.2
2024-08-21 CVE-2022-48871 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer Driver's probe allocates memory for RX FIFO (port->rx_fifo) based on default RX FIFO depth, e.g.

7.1
2024-08-21 CVE-2022-48881 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix refcount leak in amd_pmc_probe pci_get_domain_bus_and_slot() takes reference, the caller should release the reference by calling pci_dev_put() after use.

7.1
2024-08-21 CVE-2022-48872 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() until map->fl->lock is taken in fastrpc_free_map(), another thread can call fastrpc_map_lookup() and get a reference to a map that is about to be deleted. Rewrite fastrpc_map_get() to only increase the reference count of a map if it's non-zero.

7.0
2024-08-21 CVE-2024-43882 Linux Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back.

7.0

219 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-08-25 CVE-2024-8158 9Front Authorization Bypass Through User-Controlled Key vulnerability in 9Front Lib9P

A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user. This is due to lib9p not properly verifying that the uname given in the Tauth and Tattach 9p messages matches the client UID returned from the factotum authentication handshake. The only filesystem making use of these functions within the base 9front systems is the experimental hjfs disk filesystem, other disk filesystems (cwfs and gefs) are not affected by this bug. This bug was inherited from Plan 9 and is present in all versions of 9front and is remedied fully in commit 9645ae07eb66a59015e3e118d0024790c37400da.

6.5
2024-08-25 CVE-2024-42337 Cyberark Information Exposure vulnerability in Cyberark Identity

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

6.5
2024-08-23 CVE-2024-45189 Mage Path Traversal vulnerability in Mage Mage-Ai

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request

6.5
2024-08-23 CVE-2024-44387 Tencacn Out-of-bounds Write vulnerability in Tencacn Fh1206 Firmware 1.2.0.8(8155)En

Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtraGet.

6.5
2024-08-23 CVE-2024-42364 Gethomepage Authentication Bypass by Spoofing vulnerability in Gethomepage Homepage 0.9.1

Homepage is a highly customizable homepage with Docker and service API integrations.

6.5
2024-08-22 CVE-2024-6502 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag.

6.5
2024-08-22 CVE-2024-8041 Gitlab Unspecified vulnerability in Gitlab

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1.

6.5
2024-08-22 CVE-2024-35151 IBM Missing Authentication for Critical Function vulnerability in IBM Openpages GRC Platform and Openpages With Watson

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.

6.5
2024-08-22 CVE-2024-7848 Mediajedi Authorization Bypass Through User-Controlled Key vulnerability in Mediajedi User Private Files

The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc' due to missing validation on the 'docid' user controlled key.

6.5
2024-08-22 CVE-2024-39836 Mattermost Unspecified vulnerability in Mattermost

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset passwords, when they are valid, functional emails.

6.5
2024-08-22 CVE-2024-42056 Retool Information Exposure Through Log Files vulnerability in Retool

Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data.

6.5
2024-08-21 CVE-2024-7602 Logsign Path Traversal vulnerability in Logsign Unified Secops Platform 6.4.20

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability.

6.5
2024-08-21 CVE-2024-43371 Okfn Server-Side Request Forgery (SSRF) vulnerability in Okfn Ckan

CKAN is an open-source data management system for powering data hubs and data portals.

6.5
2024-08-21 CVE-2024-7032 Zaytech Missing Authorization vulnerability in Zaytech Smart Online Order for Clover

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6.

6.5
2024-08-20 CVE-2024-41773 IBM Unspecified vulnerability in IBM Global Configuration Management 7.0.2/7.0.3

IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls.

6.5
2024-08-20 CVE-2024-6337 Github Incorrect Authorization vulnerability in Github Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository.

6.5
2024-08-20 CVE-2024-43409 Ghost Improper Authentication vulnerability in Ghost

Ghost is a Node.js content management system.

6.5
2024-08-20 CVE-2024-7782 Bitapps Path Traversal vulnerability in Bitapps Contact Form Builder

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4.

6.5
2024-08-19 CVE-2024-43250 Bitapps Incorrect Authorization vulnerability in Bitapps BIT Form

Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4.

6.5
2024-08-22 CVE-2024-7110 Gitlab Command Injection vulnerability in Gitlab

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.

6.4
2024-08-20 CVE-2024-7054 The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘close_text’ parameter in all versions up to, and including, 1.19.0 due to insufficient input sanitization and output escaping.
6.4
2024-08-20 CVE-2024-5576 The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'course_carousel_skin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-08-23 CVE-2024-38207 Microsoft Out-of-bounds Write vulnerability in Microsoft Edge Chromium

Microsoft Edge (HTML-based) Memory Corruption Vulnerability

6.3
2024-08-25 CVE-2024-8144 Classcms Cross-site Scripting vulnerability in Classcms 4.8

A vulnerability classified as problematic was found in ClassCMS 4.8.

6.1
2024-08-24 CVE-2024-8137 Jkev Cross-site Scripting vulnerability in Jkev Record Management System 1.0

A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as problematic.

6.1
2024-08-24 CVE-2024-8136 Jkev Cross-site Scripting vulnerability in Jkev Record Management System 1.0

A vulnerability, which was classified as problematic, was found in SourceCodester Record Management System 1.0.

6.1
2024-08-24 CVE-2023-6987 Instawp Cross-site Scripting vulnerability in Instawp String Locator

The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping.

6.1
2024-08-23 CVE-2024-37392 Smseagle Cross-site Scripting vulnerability in Smseagle

A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0.

6.1
2024-08-23 CVE-2024-41150 Zohocorp Cross-site Scripting vulnerability in Zohocorp products

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.

6.1
2024-08-23 CVE-2024-8112 Jeesite Cross-site Scripting vulnerability in Jeesite 5.3

A vulnerability was found in thinkgem JeeSite 5.3.

6.1
2024-08-22 CVE-2024-38208 Microsoft Cross-site Scripting vulnerability in Microsoft Edge

Microsoft Edge for Android Spoofing Vulnerability

6.1
2024-08-21 CVE-2024-20488 Cisco Cross-site Scripting vulnerability in Cisco Unified Communications Manager

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.

6.1
2024-08-21 CVE-2024-41572 Lang Learn GUY Cross-site Scripting vulnerability in Lang-Learn-Guy Learning With Texts 2.0.3

Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS).

6.1
2024-08-21 CVE-2024-41937 Apache Cross-site Scripting vulnerability in Apache Airflow

Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link.

6.1
2024-08-21 CVE-2024-41675 Okfn Cross-site Scripting vulnerability in Okfn Ckan

CKAN is an open-source data management system for powering data hubs and data portals.

6.1
2024-08-21 CVE-2024-43407 Ckeditor Cross-site Scripting vulnerability in Ckeditor 4.0/4.23.0/4.24.0

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.

6.1
2024-08-21 CVE-2020-11850 Microfocus Cross-site Scripting vulnerability in Microfocus Netiq Self Service Password Reset

Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6

6.1
2024-08-21 CVE-2024-6339 Averta Cross-site Scripting vulnerability in Averta Phlox

The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping.

6.1
2024-08-21 CVE-2024-7090 The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lh_add_media_from_url-file_url’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping.
6.1
2024-08-21 CVE-2024-7647 Otasync Cross-Site Request Forgery (CSRF) vulnerability in Otasync OTA Sync Booking Engine Widget

The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7.

6.1
2024-08-20 CVE-2024-41658 Casbin Cross-site Scripting vulnerability in Casbin Casdoor

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform.

6.1
2024-08-20 CVE-2024-6377 3DS Open Redirect vulnerability in 3DS 3Dexperience R2022X/R2023X

An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.

6.1
2024-08-20 CVE-2024-6379 3DS Cross-site Scripting vulnerability in 3DS 3Dexperience R2022X/R2023X

A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

6.1
2024-08-20 CVE-2024-41697 Priority Software Cross-site Scripting vulnerability in Priority-Software Priority 19.1.0.68/22.0

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

6.1
2024-08-20 CVE-2024-7850 The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5.
6.1
2024-08-19 CVE-2024-7929 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Simple Forum Website 1.0

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Forum Website 1.0.

6.1
2024-08-19 CVE-2024-23729 Heytap Cross-site Scripting vulnerability in Heytap Internet Browser 45.10.3.4.1

The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component.

6.1
2024-08-22 CVE-2024-39746 IBM Missing Encryption of Sensitive Data vulnerability in IBM Sterling Connect Direct web Services

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

5.9
2024-08-19 CVE-2024-32928 Google
Haxx
The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through.
5.9
2024-08-25 CVE-2024-8011 Logitech Incorrect Authorization vulnerability in Logitech Options+

Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.

5.5
2024-08-22 CVE-2022-48928 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is left unbalanced. Update the error handling path and add the missing iounmap() call, as already done in the remove function.

5.5
2024-08-22 CVE-2022-48929 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added kfunc support, it defined reg2btf_ids as a cheap way to translate the verifier reg type to the appropriate btf_vmlinux BTF ID, however commit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL") moved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after the base register types, and defined other variants using type flag composition.

5.5
2024-08-22 CVE-2022-48930 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync()

5.5
2024-08-22 CVE-2022-48932 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte When adding a rule with 32 destinations, we hit the following out-of-band access issue: BUG: KASAN: slab-out-of-bounds in mlx5_cmd_dr_create_fte+0x18ee/0x1e70 This patch fixes the issue by both increasing the allocated buffers to accommodate for the needed actions and by checking the number of actions to prevent this issue when a rule with too many actions is provided.

5.5
2024-08-22 CVE-2022-48933 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The ->init function was called for this object, so plain kfree() leaks resources.

5.5
2024-08-22 CVE-2022-48934 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX) inclusive. So NFP_MAX_MAC_INDEX (0xff) is a valid id. In order for the error handling path to work correctly, the 'invalid' value for 'ida_idx' should not be in the 0..NFP_MAX_MAC_INDEX range, inclusive. So set it to -1.

5.5
2024-08-22 CVE-2022-48935 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unregister flowtable hooks on netns exit Unregister flowtable hooks before they are releases via nf_tables_flowtable_destroy() otherwise hook core reports UAF. BUG: KASAN: use-after-free in nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142 Read of size 4 at addr ffff8880736f7438 by task syz-executor579/3666 CPU: 0 PID: 3666 Comm: syz-executor579 Not tainted 5.16.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] __dump_stack lib/dump_stack.c:88 [inline] lib/dump_stack.c:106 dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106 lib/dump_stack.c:106 print_address_description+0x65/0x380 mm/kasan/report.c:247 mm/kasan/report.c:247 __kasan_report mm/kasan/report.c:433 [inline] __kasan_report mm/kasan/report.c:433 [inline] mm/kasan/report.c:450 kasan_report+0x19a/0x1f0 mm/kasan/report.c:450 mm/kasan/report.c:450 nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142 __nf_register_net_hook+0x27e/0x8d0 net/netfilter/core.c:429 net/netfilter/core.c:429 nf_register_net_hook+0xaa/0x180 net/netfilter/core.c:571 net/netfilter/core.c:571 nft_register_flowtable_net_hooks+0x3c5/0x730 net/netfilter/nf_tables_api.c:7232 net/netfilter/nf_tables_api.c:7232 nf_tables_newflowtable+0x2022/0x2cf0 net/netfilter/nf_tables_api.c:7430 net/netfilter/nf_tables_api.c:7430 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline] net/netfilter/nfnetlink.c:652 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] net/netfilter/nfnetlink.c:652 nfnetlink_rcv+0x10e6/0x2550 net/netfilter/nfnetlink.c:652 net/netfilter/nfnetlink.c:652 __nft_release_hook() calls nft_unregister_flowtable_net_hooks() which only unregisters the hooks, then after RCU grace period, it is guaranteed that no packets add new entries to the flowtable (no flow offload rules and flowtable hooks are reachable from packet path), so it is safe to call nf_flow_table_free() which cleans up the remaining entries from the flowtable (both software and hardware) and it unbinds the flow_block.

5.5
2024-08-22 CVE-2022-48938 Linux Integer Overflow or Wraparound vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment.

5.5
2024-08-22 CVE-2022-48940 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to incorrect copy_map_value When both bpf_spin_lock and bpf_timer are present in a BPF map value, copy_map_value needs to skirt both objects when copying a value into and out of the map.

5.5
2024-08-22 CVE-2022-48942 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: hwmon: Handle failure to register sensor with thermal zone correctly If an attempt is made to a sensor with a thermal zone and it fails, the call to devm_thermal_zone_of_sensor_register() may return -ENODEV. This may result in crashes similar to the following. Unable to handle kernel NULL pointer dereference at virtual address 00000000000003cd ... Internal error: Oops: 96000021 [#1] PREEMPT SMP ... pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : mutex_lock+0x18/0x60 lr : thermal_zone_device_update+0x40/0x2e0 sp : ffff800014c4fc60 x29: ffff800014c4fc60 x28: ffff365ee3f6e000 x27: ffffdde218426790 x26: ffff365ee3f6e000 x25: 0000000000000000 x24: ffff365ee3f6e000 x23: ffffdde218426870 x22: ffff365ee3f6e000 x21: 00000000000003cd x20: ffff365ee8bf3308 x19: ffffffffffffffed x18: 0000000000000000 x17: ffffdde21842689c x16: ffffdde1cb7a0b7c x15: 0000000000000040 x14: ffffdde21a4889a0 x13: 0000000000000228 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000001120000 x7 : 0000000000000001 x6 : 0000000000000000 x5 : 0068000878e20f07 x4 : 0000000000000000 x3 : 00000000000003cd x2 : ffff365ee3f6e000 x1 : 0000000000000000 x0 : 00000000000003cd Call trace: mutex_lock+0x18/0x60 hwmon_notify_event+0xfc/0x110 0xffffdde1cb7a0a90 0xffffdde1cb7a0b7c irq_thread_fn+0x2c/0xa0 irq_thread+0x134/0x240 kthread+0x178/0x190 ret_from_fork+0x10/0x20 Code: d503201f d503201f d2800001 aa0103e4 (c8e47c02) Jon Hunter reports that the exact call sequence is: hwmon_notify_event() --> hwmon_thermal_notify() --> thermal_zone_device_update() --> update_temperature() --> mutex_lock() The hwmon core needs to handle all errors returned from calls to devm_thermal_zone_of_sensor_register().

5.5
2024-08-22 CVE-2021-4441 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(), which could lead to a NULL pointer dereference on failure of kzalloc(). Fix this bug by adding a check of tmpbuf. This bug was found by a static analyzer.

5.5
2024-08-22 CVE-2022-48901 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not start relocation until in progress drops are done We hit a bug with a recovering relocation on mount for one of our file systems in production.

5.5
2024-08-22 CVE-2022-48902 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not WARN_ON() if we have PageError set Whenever we do any extent buffer operations we call assert_eb_page_uptodate() to complain loudly if we're operating on an non-uptodate page.

5.5
2024-08-22 CVE-2022-48903 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() We are seeing crashes similar to the following trace: [38.969182] WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070 btrfs_relocate_block_group+0x2dc/0x340 [btrfs] [38.973556] CPU: 20 PID: 2105 Comm: btrfs Not tainted 5.17.0-rc4 #54 [38.974580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [38.976539] RIP: 0010:btrfs_relocate_block_group+0x2dc/0x340 [btrfs] [38.980336] RSP: 0000:ffffb0dd42e03c20 EFLAGS: 00010206 [38.981218] RAX: ffff96cfc4ede800 RBX: ffff96cfc3ce0000 RCX: 000000000002ca14 [38.982560] RDX: 0000000000000000 RSI: 4cfd109a0bcb5d7f RDI: ffff96cfc3ce0360 [38.983619] RBP: ffff96cfc309c000 R08: 0000000000000000 R09: 0000000000000000 [38.984678] R10: ffff96cec0000001 R11: ffffe84c80000000 R12: ffff96cfc4ede800 [38.985735] R13: 0000000000000000 R14: 0000000000000000 R15: ffff96cfc3ce0360 [38.987146] FS: 00007f11c15218c0(0000) GS:ffff96d6dfb00000(0000) knlGS:0000000000000000 [38.988662] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [38.989398] CR2: 00007ffc922c8e60 CR3: 00000001147a6001 CR4: 0000000000370ee0 [38.990279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [38.991219] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [38.992528] Call Trace: [38.992854] <TASK> [38.993148] btrfs_relocate_chunk+0x27/0xe0 [btrfs] [38.993941] btrfs_balance+0x78e/0xea0 [btrfs] [38.994801] ? vsnprintf+0x33c/0x520 [38.995368] ? __kmalloc_track_caller+0x351/0x440 [38.996198] btrfs_ioctl_balance+0x2b9/0x3a0 [btrfs] [38.997084] btrfs_ioctl+0x11b0/0x2da0 [btrfs] [38.997867] ? mod_objcg_state+0xee/0x340 [38.998552] ? seq_release+0x24/0x30 [38.999184] ? proc_nr_files+0x30/0x30 [38.999654] ? call_rcu+0xc8/0x2f0 [39.000228] ? __x64_sys_ioctl+0x84/0xc0 [39.000872] ? btrfs_ioctl_get_supported_features+0x30/0x30 [btrfs] [39.001973] __x64_sys_ioctl+0x84/0xc0 [39.002566] do_syscall_64+0x3a/0x80 [39.003011] entry_SYSCALL_64_after_hwframe+0x44/0xae [39.003735] RIP: 0033:0x7f11c166959b [39.007324] RSP: 002b:00007fff2543e998 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [39.008521] RAX: ffffffffffffffda RBX: 00007f11c1521698 RCX: 00007f11c166959b [39.009833] RDX: 00007fff2543ea40 RSI: 00000000c4009420 RDI: 0000000000000003 [39.011270] RBP: 0000000000000003 R08: 0000000000000013 R09: 00007f11c16f94e0 [39.012581] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff25440df3 [39.014046] R13: 0000000000000000 R14: 00007fff2543ea40 R15: 0000000000000001 [39.015040] </TASK> [39.015418] ---[ end trace 0000000000000000 ]--- [43.131559] ------------[ cut here ]------------ [43.132234] kernel BUG at fs/btrfs/extent-tree.c:2717! [43.133031] invalid opcode: 0000 [#1] PREEMPT SMP PTI [43.133702] CPU: 1 PID: 1839 Comm: btrfs Tainted: G W 5.17.0-rc4 #54 [43.134863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [43.136426] RIP: 0010:unpin_extent_range+0x37a/0x4f0 [btrfs] [43.139913] RSP: 0000:ffffb0dd4216bc70 EFLAGS: 00010246 [43.140629] RAX: 0000000000000000 RBX: ffff96cfc34490f8 RCX: 0000000000000001 [43.141604] RDX: 0000000080000001 RSI: 0000000051d00000 RDI: 00000000ffffffff [43.142645] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff96cfd07dca50 [43.143669] R10: ffff96cfc46e8a00 R11: fffffffffffec000 R12: 0000000041d00000 [43.144657] R13: ffff96cfc3ce0000 R14: ffffb0dd4216bd08 R15: 0000000000000000 [43.145686] FS: 00007f7657dd68c0(0000) GS:ffff96d6df640000(0000) knlGS:0000000000000000 [43.146808] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [43.147584] CR2: 00007f7fe81bf5b0 CR3: 00000001093ee004 CR4: 0000000000370ee0 [43.148589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [43.149581] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 00000000000 ---truncated---

5.5
2024-08-22 CVE-2022-48904 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the logic to free memory used for the page table. This results in IOMMU page table memory leak, and can be observed when launching VM w/ pass-through devices. Fix by freeing the memory used for page table before updating the mode.

5.5
2024-08-22 CVE-2022-48905 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue.

5.5
2024-08-22 CVE-2022-48906 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mptcp: Correctly set DATA_FIN timeout when number of retransmits is large Syzkaller with UBSAN uncovered a scenario where a large number of DATA_FIN retransmits caused a shift-out-of-bounds in the DATA_FIN timeout calculation: ================================================================================ UBSAN: shift-out-of-bounds in net/mptcp/protocol.c:470:29 shift exponent 32 is too large for 32-bit type 'unsigned int' CPU: 1 PID: 13059 Comm: kworker/1:0 Not tainted 5.17.0-rc2-00630-g5fbf21c90c60 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: events mptcp_worker Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 ubsan_epilogue+0xb/0x5a lib/ubsan.c:151 __ubsan_handle_shift_out_of_bounds.cold+0xb2/0x20e lib/ubsan.c:330 mptcp_set_datafin_timeout net/mptcp/protocol.c:470 [inline] __mptcp_retrans.cold+0x72/0x77 net/mptcp/protocol.c:2445 mptcp_worker+0x58a/0xa70 net/mptcp/protocol.c:2528 process_one_work+0x9df/0x16d0 kernel/workqueue.c:2307 worker_thread+0x95/0xe10 kernel/workqueue.c:2454 kthread+0x2f4/0x3b0 kernel/kthread.c:377 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> ================================================================================ This change limits the maximum timeout by limiting the size of the shift, which keeps all intermediate values in-bounds.

5.5
2024-08-22 CVE-2022-48907 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: lcd2s: Fix memory leak in ->remove() Once allocated the struct lcd2s_data is never freed. Fix the memory leak by switching to devm_kzalloc().

5.5
2024-08-22 CVE-2022-48908 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() During driver initialization, the pointer of card info, i.e.

5.5
2024-08-22 CVE-2022-48909 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix connection leak There's a potential leak issue under following execution sequence : smc_release smc_connect_work if (sk->sk_state == SMC_INIT) send_clc_confirim tcp_abort(); ... sk.sk_state = SMC_ACTIVE smc_close_active switch(sk->sk_state) { ... case SMC_ACTIVE: smc_close_final() // then wait peer closed Unfortunately, tcp_abort() may discard CLC CONFIRM messages that are still in the tcp send buffer, in which case our connection token cannot be delivered to the server side, which means that we cannot get a passive close message at all.

5.5
2024-08-22 CVE-2022-48910 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ensure we call ipv6_mc_down() at most once There are two reasons for addrconf_notify() to be called with NETDEV_DOWN: either the network device is actually going down, or IPv6 was disabled on the interface. If either of them stays down while the other is toggled, we repeatedly call the code for NETDEV_DOWN, including ipv6_mc_down(), while never calling the corresponding ipv6_mc_up() in between.

5.5
2024-08-22 CVE-2022-48911 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet and need to indicate an error.

5.5
2024-08-22 CVE-2022-48914 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before real_num_tx_queues is zeroed xennet_destroy_queues() relies on info->netdev->real_num_tx_queues to delete queues.

5.5
2024-08-22 CVE-2022-48915 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference Do not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if the thermal zone does not define one.

5.5
2024-08-22 CVE-2022-48916 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix double list_add when enabling VMD in scalable mode When enabling VMD and IOMMU scalable mode, the following kernel panic call trace/kernel log is shown in Eagle Stream platform (Sapphire Rapids CPU) during booting: pci 0000:59:00.5: Adding to iommu group 42 ... vmd 0000:59:00.5: PCI host bridge to bus 10000:80 pci 10000:80:01.0: [8086:352a] type 01 class 0x060400 pci 10000:80:01.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit] pci 10000:80:01.0: enabling Extended Tags pci 10000:80:01.0: PME# supported from D0 D3hot D3cold pci 10000:80:01.0: DMAR: Setup RID2PASID failed pci 10000:80:01.0: Failed to add to iommu group 42: -16 pci 10000:80:03.0: [8086:352b] type 01 class 0x060400 pci 10000:80:03.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit] pci 10000:80:03.0: enabling Extended Tags pci 10000:80:03.0: PME# supported from D0 D3hot D3cold ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:29! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.17.0-rc3+ #7 Hardware name: Lenovo ThinkSystem SR650V3/SB27A86647, BIOS ESE101Y-1.00 01/13/2022 Workqueue: events work_for_cpu_fn RIP: 0010:__list_add_valid.cold+0x26/0x3f Code: 9a 4a ab ff 4c 89 c1 48 c7 c7 40 0c d9 9e e8 b9 b1 fe ff 0f 0b 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 f0 0c d9 9e e8 a2 b1 fe ff <0f> 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 98 0c d9 9e e8 8b b1 fe RSP: 0000:ff5ad434865b3a40 EFLAGS: 00010246 RAX: 0000000000000058 RBX: ff4d61160b74b880 RCX: ff4d61255e1fffa8 RDX: 0000000000000000 RSI: 00000000fffeffff RDI: ffffffff9fd34f20 RBP: ff4d611d8e245c00 R08: 0000000000000000 R09: ff5ad434865b3888 R10: ff5ad434865b3880 R11: ff4d61257fdc6fe8 R12: ff4d61160b74b8a0 R13: ff4d61160b74b8a0 R14: ff4d611d8e245c10 R15: ff4d611d8001ba70 FS: 0000000000000000(0000) GS:ff4d611d5ea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ff4d611fa1401000 CR3: 0000000aa0210001 CR4: 0000000000771ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> intel_pasid_alloc_table+0x9c/0x1d0 dmar_insert_one_dev_info+0x423/0x540 ? device_to_iommu+0x12d/0x2f0 intel_iommu_attach_device+0x116/0x290 __iommu_attach_device+0x1a/0x90 iommu_group_add_device+0x190/0x2c0 __iommu_probe_device+0x13e/0x250 iommu_probe_device+0x24/0x150 iommu_bus_notifier+0x69/0x90 blocking_notifier_call_chain+0x5a/0x80 device_add+0x3db/0x7b0 ? arch_memremap_can_ram_remap+0x19/0x50 ? memremap+0x75/0x140 pci_device_add+0x193/0x1d0 pci_scan_single_device+0xb9/0xf0 pci_scan_slot+0x4c/0x110 pci_scan_child_bus_extend+0x3a/0x290 vmd_enable_domain.constprop.0+0x63e/0x820 vmd_probe+0x163/0x190 local_pci_probe+0x42/0x80 work_for_cpu_fn+0x13/0x20 process_one_work+0x1e2/0x3b0 worker_thread+0x1c4/0x3a0 ? rescuer_thread+0x370/0x370 kthread+0xc7/0xf0 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- ... Kernel panic - not syncing: Fatal exception Kernel Offset: 0x1ca00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) ---[ end Kernel panic - not syncing: Fatal exception ]--- The following 'lspci' output shows devices '10000:80:*' are subdevices of the VMD device 0000:59:00.5: $ lspci ... 0000:59:00.5 RAID bus controller: Intel Corporation Volume Management Device NVMe RAID Controller (rev 20) ... 10000:80:01.0 PCI bridge: Intel Corporation Device 352a (rev 03) 10000:80:03.0 PCI bridge: Intel Corporation Device 352b (rev 03) 10000:80:05.0 PCI bridge: Intel Corporation Device 352c (rev 03) 10000:80:07.0 PCI bridge: Intel Corporation Device 352d (rev 03) 10000:81:00.0 Non-Volatile memory controller: Intel Corporation NVMe Datacenter SSD [3DNAND, Beta Rock Controller] 10000:82:00 ---truncated---

5.5
2024-08-22 CVE-2022-48917 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min While the $val/$val2 values passed in from userspace are always >= 0 integers, the limits of the control can be signed integers and the $min can be non-zero and less than zero.

5.5
2024-08-22 CVE-2022-48918 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: check debugfs_dir ptr before use When "debugfs=off" is used on the kernel command line, iwiwifi's mvm module uses an invalid/unchecked debugfs_dir pointer and causes a BUG: BUG: kernel NULL pointer dereference, address: 000000000000004f #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP CPU: 1 PID: 503 Comm: modprobe Tainted: G W 5.17.0-rc5 #7 Hardware name: Dell Inc.

5.5
2024-08-22 CVE-2022-48920 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transaction commit we trigger a warning from __writeback_inodes_sb_nr(): $ cat fs/fs-writeback.c: (...) static void __writeback_inodes_sb_nr(struct super_block *sb, ... { (...) WARN_ON(!rwsem_is_locked(&sb->s_umount)); (...) } (...) The trace produced in dmesg looks like the following: [947.473890] WARNING: CPU: 5 PID: 930 at fs/fs-writeback.c:2610 __writeback_inodes_sb_nr+0x7e/0xb3 [947.481623] Modules linked in: nfsd nls_cp437 cifs asn1_decoder cifs_arc4 fscache cifs_md4 ipmi_ssif [947.489571] CPU: 5 PID: 930 Comm: btrfs-transacti Not tainted 95.16.3-srb-asrock-00001-g36437ad63879 #186 [947.497969] RIP: 0010:__writeback_inodes_sb_nr+0x7e/0xb3 [947.502097] Code: 24 10 4c 89 44 24 18 c6 (...) [947.519760] RSP: 0018:ffffc90000777e10 EFLAGS: 00010246 [947.523818] RAX: 0000000000000000 RBX: 0000000000963300 RCX: 0000000000000000 [947.529765] RDX: 0000000000000000 RSI: 000000000000fa51 RDI: ffffc90000777e50 [947.535740] RBP: ffff888101628a90 R08: ffff888100955800 R09: ffff888100956000 [947.541701] R10: 0000000000000002 R11: 0000000000000001 R12: ffff888100963488 [947.547645] R13: ffff888100963000 R14: ffff888112fb7200 R15: ffff888100963460 [947.553621] FS: 0000000000000000(0000) GS:ffff88841fd40000(0000) knlGS:0000000000000000 [947.560537] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [947.565122] CR2: 0000000008be50c4 CR3: 000000000220c000 CR4: 00000000001006e0 [947.571072] Call Trace: [947.572354] <TASK> [947.573266] btrfs_commit_transaction+0x1f1/0x998 [947.576785] ? start_transaction+0x3ab/0x44e [947.579867] ? schedule_timeout+0x8a/0xdd [947.582716] transaction_kthread+0xe9/0x156 [947.585721] ? btrfs_cleanup_transaction.isra.0+0x407/0x407 [947.590104] kthread+0x131/0x139 [947.592168] ? set_kthread_struct+0x32/0x32 [947.595174] ret_from_fork+0x22/0x30 [947.597561] </TASK> [947.598553] ---[ end trace 644721052755541c ]--- This is because we started using writeback_inodes_sb() to flush delalloc when committing a transaction (when using -o flushoncommit), in order to avoid deadlocks with filesystem freeze operations.

5.5
2024-08-22 CVE-2022-48922 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: riscv: fix oops caused by irqsoff latency tracer The trace_hardirqs_{on,off}() require the caller to setup frame pointer properly.

5.5
2024-08-22 CVE-2022-48923 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: prevent copying too big compressed lzo segment Compressed length can be corrupted to be a lot larger than memory we have allocated for buffer. This will cause memcpy in copy_compressed_segment to write outside of allocated memory. This mostly results in stuck read syscall but sometimes when using btrfs send can get #GP kernel: general protection fault, probably for non-canonical address 0x841551d5c1000: 0000 [#1] PREEMPT SMP NOPTI kernel: CPU: 17 PID: 264 Comm: kworker/u256:7 Tainted: P OE 5.17.0-rc2-1 #12 kernel: Workqueue: btrfs-endio btrfs_work_helper [btrfs] kernel: RIP: 0010:lzo_decompress_bio (./include/linux/fortify-string.h:225 fs/btrfs/lzo.c:322 fs/btrfs/lzo.c:394) btrfs Code starting with the faulting instruction =========================================== 0:* 48 8b 06 mov (%rsi),%rax <-- trapping instruction 3: 48 8d 79 08 lea 0x8(%rcx),%rdi 7: 48 83 e7 f8 and $0xfffffffffffffff8,%rdi b: 48 89 01 mov %rax,(%rcx) e: 44 89 f0 mov %r14d,%eax 11: 48 8b 54 06 f8 mov -0x8(%rsi,%rax,1),%rdx kernel: RSP: 0018:ffffb110812efd50 EFLAGS: 00010212 kernel: RAX: 0000000000001000 RBX: 000000009ca264c8 RCX: ffff98996e6d8ff8 kernel: RDX: 0000000000000064 RSI: 000841551d5c1000 RDI: ffffffff9500435d kernel: RBP: ffff989a3be856c0 R08: 0000000000000000 R09: 0000000000000000 kernel: R10: 0000000000000000 R11: 0000000000001000 R12: ffff98996e6d8000 kernel: R13: 0000000000000008 R14: 0000000000001000 R15: 000841551d5c1000 kernel: FS: 0000000000000000(0000) GS:ffff98a09d640000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 00001e9f984d9ea8 CR3: 000000014971a000 CR4: 00000000003506e0 kernel: Call Trace: kernel: <TASK> kernel: end_compressed_bio_read (fs/btrfs/compression.c:104 fs/btrfs/compression.c:1363 fs/btrfs/compression.c:323) btrfs kernel: end_workqueue_fn (fs/btrfs/disk-io.c:1923) btrfs kernel: btrfs_work_helper (fs/btrfs/async-thread.c:326) btrfs kernel: process_one_work (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:212 ./include/trace/events/workqueue.h:108 kernel/workqueue.c:2312) kernel: worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2455) kernel: ? process_one_work (kernel/workqueue.c:2397) kernel: kthread (kernel/kthread.c:377) kernel: ? kthread_complete_and_exit (kernel/kthread.c:332) kernel: ret_from_fork (arch/x86/entry/entry_64.S:301) kernel: </TASK>

5.5
2024-08-22 CVE-2022-48924 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400_notify() It is easy to hit the below memory leaks in my TigerLake platform: unreferenced object 0xffff927c8b91dbc0 (size 32): comm "kworker/0:2", pid 112, jiffies 4294893323 (age 83.604s) hex dump (first 32 bytes): 4e 41 4d 45 3d 49 4e 54 33 34 30 30 20 54 68 65 NAME=INT3400 The 72 6d 61 6c 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 rmal.kkkkkkkkkk. backtrace: [<ffffffff9c502c3e>] __kmalloc_track_caller+0x2fe/0x4a0 [<ffffffff9c7b7c15>] kvasprintf+0x65/0xd0 [<ffffffff9c7b7d6e>] kasprintf+0x4e/0x70 [<ffffffffc04cb662>] int3400_notify+0x82/0x120 [int3400_thermal] [<ffffffff9c8b7358>] acpi_ev_notify_dispatch+0x54/0x71 [<ffffffff9c88f1a7>] acpi_os_execute_deferred+0x17/0x30 [<ffffffff9c2c2c0a>] process_one_work+0x21a/0x3f0 [<ffffffff9c2c2e2a>] worker_thread+0x4a/0x3b0 [<ffffffff9c2cb4dd>] kthread+0xfd/0x130 [<ffffffff9c201c1f>] ret_from_fork+0x1f/0x30 Fix it by calling kfree() accordingly.

5.5
2024-08-21 CVE-2022-48868 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Let probe fail when workqueue cannot be enabled The workqueue is enabled when the appropriate driver is loaded and disabled when the driver is removed.

5.5
2024-08-21 CVE-2022-48870 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: tty: fix possible null-ptr-defer in spk_ttyio_release Run the following tests on the qemu platform: syzkaller:~# modprobe speakup_audptr input: Speakup as /devices/virtual/input/input4 initialized device: /dev/synth, node (MAJOR 10, MINOR 125) speakup 3.1.6: initialized synth name on entry is: (null) synth probe spk_ttyio_initialise_ldisc failed because tty_kopen_exclusive returned failed (errno -16), then remove the module, we will get a null-ptr-defer problem, as follow: syzkaller:~# modprobe -r speakup_audptr releasing synth audptr BUG: kernel NULL pointer dereference, address: 0000000000000080 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP PTI CPU: 2 PID: 204 Comm: modprobe Not tainted 6.1.0-rc6-dirty #1 RIP: 0010:mutex_lock+0x14/0x30 Call Trace: <TASK> spk_ttyio_release+0x19/0x70 [speakup] synth_release.part.6+0xac/0xc0 [speakup] synth_remove+0x56/0x60 [speakup] __x64_sys_delete_module+0x156/0x250 ? fpregs_assert_state_consistent+0x1d/0x50 do_syscall_64+0x37/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd </TASK> Modules linked in: speakup_audptr(-) speakup Dumping ftrace buffer: in_synth->dev was not initialized during modprobe, so we add check for in_synth->dev to fix this bug.

5.5
2024-08-21 CVE-2022-48875 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthentication is ongoing. Here a trace triggering the race with the hostapd test multi_ap_fronthaul_on_ap: (gdb) list *drv_ampdu_action+0x46 0x8b16 is in drv_ampdu_action (net/mac80211/driver-ops.c:396). 391 int ret = -EOPNOTSUPP; 392 393 might_sleep(); 394 395 sdata = get_bss_sdata(sdata); 396 if (!check_sdata_in_driver(sdata)) 397 return -EIO; 398 399 trace_drv_ampdu_action(local, sdata, params); 400 wlan0: moving STA 02:00:00:00:03:00 to state 3 wlan0: associated wlan0: deauthenticating from 02:00:00:00:03:00 by local choice (Reason: 3=DEAUTH_LEAVING) wlan3.sta1: Open BA session requested for 02:00:00:00:00:00 tid 0 wlan3.sta1: dropped frame to 02:00:00:00:00:00 (unauthorized port) wlan0: moving STA 02:00:00:00:03:00 to state 2 wlan0: moving STA 02:00:00:00:03:00 to state 1 wlan0: Removed STA 02:00:00:00:03:00 wlan0: Destroyed STA 02:00:00:00:03:00 BUG: unable to handle page fault for address: fffffffffffffb48 PGD 11814067 P4D 11814067 PUD 11816067 PMD 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 2 PID: 133397 Comm: kworker/u16:1 Tainted: G W 6.1.0-rc8-wt+ #59 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 Workqueue: phy3 ieee80211_ba_session_work [mac80211] RIP: 0010:drv_ampdu_action+0x46/0x280 [mac80211] Code: 53 48 89 f3 be 89 01 00 00 e8 d6 43 bf ef e8 21 46 81 f0 83 bb a0 1b 00 00 04 75 0e 48 8b 9b 28 0d 00 00 48 81 eb 10 0e 00 00 <8b> 93 58 09 00 00 f6 c2 20 0f 84 3b 01 00 00 8b 05 dd 1c 0f 00 85 RSP: 0018:ffffc900025ebd20 EFLAGS: 00010287 RAX: 0000000000000000 RBX: fffffffffffff1f0 RCX: ffff888102228240 RDX: 0000000080000000 RSI: ffffffff918c5de0 RDI: ffff888102228b40 RBP: ffffc900025ebd40 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff888118c18ec0 R13: 0000000000000000 R14: ffffc900025ebd60 R15: ffff888018b7efb8 FS: 0000000000000000(0000) GS:ffff88817a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffffffffffb48 CR3: 0000000105228006 CR4: 0000000000170ee0 Call Trace: <TASK> ieee80211_tx_ba_session_handle_start+0xd0/0x190 [mac80211] ieee80211_ba_session_work+0xff/0x2e0 [mac80211] process_one_work+0x29f/0x620 worker_thread+0x4d/0x3d0 ? process_one_work+0x620/0x620 kthread+0xfb/0x120 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 </TASK>

5.5
2024-08-21 CVE-2022-48876 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix initialization of rx->link and rx->link_sta There are some codepaths that do not initialize rx->link_sta properly.

5.5
2024-08-21 CVE-2022-48877 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extent_tree is not created This patch avoids the below panic. pc : __lookup_extent_tree+0xd8/0x760 lr : f2fs_do_write_data_page+0x104/0x87c sp : ffffffc010cbb3c0 x29: ffffffc010cbb3e0 x28: 0000000000000000 x27: ffffff8803e7f020 x26: ffffff8803e7ed40 x25: ffffff8803e7f020 x24: ffffffc010cbb460 x23: ffffffc010cbb480 x22: 0000000000000000 x21: 0000000000000000 x20: ffffffff22e90900 x19: 0000000000000000 x18: ffffffc010c5d080 x17: 0000000000000000 x16: 0000000000000020 x15: ffffffdb1acdbb88 x14: ffffff888759e2b0 x13: 0000000000000000 x12: ffffff802da49000 x11: 000000000a001200 x10: ffffff8803e7ed40 x9 : ffffff8023195800 x8 : ffffff802da49078 x7 : 0000000000000001 x6 : 0000000000000000 x5 : 0000000000000006 x4 : ffffffc010cbba28 x3 : 0000000000000000 x2 : ffffffc010cbb480 x1 : 0000000000000000 x0 : ffffff8803e7ed40 Call trace: __lookup_extent_tree+0xd8/0x760 f2fs_do_write_data_page+0x104/0x87c f2fs_write_single_data_page+0x420/0xb60 f2fs_write_cache_pages+0x418/0xb1c __f2fs_write_data_pages+0x428/0x58c f2fs_write_data_pages+0x30/0x40 do_writepages+0x88/0x190 __writeback_single_inode+0x48/0x448 writeback_sb_inodes+0x468/0x9e8 __writeback_inodes_wb+0xb8/0x2a4 wb_writeback+0x33c/0x740 wb_do_writeback+0x2b4/0x400 wb_workfn+0xe4/0x34c process_one_work+0x24c/0x5bc worker_thread+0x3e8/0xa50 kthread+0x150/0x1b4

5.5
2024-08-21 CVE-2022-48879 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in the unlikely event that EFI initialisation fails to avoid dereferencing a NULL pointer.

5.5
2024-08-21 CVE-2022-48882 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) Upon updating MAC security entity (SecY) in hw offload path, the macsec security association (SA) initialization routine is called.

5.5
2024-08-21 CVE-2022-48885 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ice: Fix potential memory leak in ice_gnss_tty_write() The ice_gnss_tty_write() return directly if the write_buf alloc failed, leaking the cmd_buf. Fix by free cmd_buf if write_buf alloc failed.

5.5
2024-08-21 CVE-2022-48886 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ice: Add check for kzalloc Add the check for the return value of kzalloc in order to avoid NULL pointer dereference. Moreover, use the goto-label to share the clean code.

5.5
2024-08-21 CVE-2022-48887 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Remove rcu locks from user resources User resource lookups used rcu to avoid two extra atomics.

5.5
2024-08-21 CVE-2022-48888 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path of_icc_get() alloc resources for path1, we should release it when not need anymore.

5.5
2024-08-21 CVE-2022-48889 Linux Incorrect Calculation of Buffer Size vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof-nau8825: fix module alias overflow The maximum name length for a platform_device_id entry is 20 characters including the trailing NUL byte.

5.5
2024-08-21 CVE-2022-48890 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM storvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(), which in a confidential VM allocates swiotlb bounce buffers.

5.5
2024-08-21 CVE-2022-48891 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: regulator: da9211: Use irq handler when ready If the system does not come from reset (like when it is kexec()), the regulator might have an IRQ waiting for us. If we enable the IRQ handler before its structures are ready, we crash. This patch fixes: [ 1.141839] Unable to handle kernel read from unreadable memory at virtual address 0000000000000078 [ 1.316096] Call trace: [ 1.316101] blocking_notifier_call_chain+0x20/0xa8 [ 1.322757] cpu cpu0: dummy supplies not allowed for exclusive requests [ 1.327823] regulator_notifier_call_chain+0x1c/0x2c [ 1.327825] da9211_irq_handler+0x68/0xf8 [ 1.327829] irq_thread+0x11c/0x234 [ 1.327833] kthread+0x13c/0x154

5.5
2024-08-21 CVE-2022-48893 Linux Incomplete Cleanup vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Cleanup partial engine discovery failures If we abort driver initialisation in the middle of gt/engine discovery, some engines will be fully setup and some not.

5.5
2024-08-21 CVE-2022-48894 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: Don't unregister on shutdown Similar to SMMUv2, this driver calls iommu_device_unregister() from the shutdown path, which removes the IOMMU groups with no coordination whatsoever with their users - shutdown methods are optional in device drivers.

5.5
2024-08-21 CVE-2022-48895 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f".

5.5
2024-08-21 CVE-2022-48896 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix pci device refcount leak As the comment of pci_get_domain_bus_and_slot() says, it returns a PCI device with refcount incremented, when finish using it, the caller must decrement the reference count by calling pci_dev_put(). In ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii(), pci_dev_put() is called to avoid leak.

5.5
2024-08-21 CVE-2022-48897 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect file_map_count for invalid pmd The page table check trigger BUG_ON() unexpectedly when split hugepage: ------------[ cut here ]------------ kernel BUG at mm/page_table_check.c:119! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 7 PID: 210 Comm: transhuge-stres Not tainted 6.1.0-rc3+ #748 Hardware name: linux,dummy-virt (DT) pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : page_table_check_set.isra.0+0x398/0x468 lr : page_table_check_set.isra.0+0x1c0/0x468 [...] Call trace: page_table_check_set.isra.0+0x398/0x468 __page_table_check_pte_set+0x160/0x1c0 __split_huge_pmd_locked+0x900/0x1648 __split_huge_pmd+0x28c/0x3b8 unmap_page_range+0x428/0x858 unmap_single_vma+0xf4/0x1c8 zap_page_range+0x2b0/0x410 madvise_vma_behavior+0xc44/0xe78 do_madvise+0x280/0x698 __arm64_sys_madvise+0x90/0xe8 invoke_syscall.constprop.0+0xdc/0x1d8 do_el0_svc+0xf4/0x3f8 el0_svc+0x58/0x120 el0t_64_sync_handler+0xb8/0xc0 el0t_64_sync+0x19c/0x1a0 [...] On arm64, pmd_leaf() will return true even if the pmd is invalid due to pmd_present_invalid() check.

5.5
2024-08-21 CVE-2023-52893 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 ("efi: pstore: Omit efivars caching EFI varstore access layer") added a new get_variable call with attr=NULL, which triggers panic in gsmi.

5.5
2024-08-21 CVE-2023-52894 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() In Google internal bug 265639009 we've received an (as yet) unreproducible crash report from an aarch64 GKI 5.10.149-android13 running device. AFAICT the source code is at: https://android.googlesource.com/kernel/common/+/refs/tags/ASB-2022-12-05_13-5.10 The call stack is: ncm_close() -> ncm_notify() -> ncm_do_notify() with the crash at: ncm_do_notify+0x98/0x270 Code: 79000d0b b9000a6c f940012a f9400269 (b9405d4b) Which I believe disassembles to (I don't know ARM assembly, but it looks sane enough to me...): // halfword (16-bit) store presumably to event->wLength (at offset 6 of struct usb_cdc_notification) 0B 0D 00 79 strh w11, [x8, #6] // word (32-bit) store presumably to req->Length (at offset 8 of struct usb_request) 6C 0A 00 B9 str w12, [x19, #8] // x10 (NULL) was read here from offset 0 of valid pointer x9 // IMHO we're reading 'cdev->gadget' and getting NULL // gadget is indeed at offset 0 of struct usb_composite_dev 2A 01 40 F9 ldr x10, [x9] // loading req->buf pointer, which is at offset 0 of struct usb_request 69 02 40 F9 ldr x9, [x19] // x10 is null, crash, appears to be attempt to read cdev->gadget->max_speed 4B 5D 40 B9 ldr w11, [x10, #0x5c] which seems to line up with ncm_do_notify() case NCM_NOTIFY_SPEED code fragment: event->wLength = cpu_to_le16(8); req->length = NCM_STATUS_BYTECOUNT; /* SPEED_CHANGE data is up/down speeds in bits/sec */ data = req->buf + sizeof *event; data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget)); My analysis of registers and NULL ptr deref crash offset (Unable to handle kernel NULL pointer dereference at virtual address 000000000000005c) heavily suggests that the crash is due to 'cdev->gadget' being NULL when executing: data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget)); which calls: ncm_bitrate(NULL) which then calls: gadget_is_superspeed(NULL) which reads ((struct usb_gadget *)NULL)->max_speed and hits a panic. AFAICT, if I'm counting right, the offset of max_speed is indeed 0x5C. (remember there's a GKI KABI reservation of 16 bytes in struct work_struct) It's not at all clear to me how this is all supposed to work... but returning 0 seems much better than panic-ing...

5.5
2024-08-21 CVE-2023-52895 Linux Memory Leak vulnerability in Linux Kernel 6.1.7

In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: don't reissue in case of poll race on multishot request A previous commit fixed a poll race that can occur, but it's only applicable for multishot requests.

5.5
2024-08-21 CVE-2023-52899 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Add exception protection processing for vd in axi_chan_handle_err function Since there is no protection for vd, a kernel panic will be triggered here in exceptional cases. You can refer to the processing of axi_chan_block_xfer_complete function The triggered kernel panic is as follows: [ 67.848444] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 [ 67.848447] Mem abort info: [ 67.848449] ESR = 0x96000004 [ 67.848451] EC = 0x25: DABT (current EL), IL = 32 bits [ 67.848454] SET = 0, FnV = 0 [ 67.848456] EA = 0, S1PTW = 0 [ 67.848458] Data abort info: [ 67.848460] ISV = 0, ISS = 0x00000004 [ 67.848462] CM = 0, WnR = 0 [ 67.848465] user pgtable: 4k pages, 48-bit VAs, pgdp=00000800c4c0b000 [ 67.848468] [0000000000000060] pgd=0000000000000000, p4d=0000000000000000 [ 67.848472] Internal error: Oops: 96000004 [#1] SMP [ 67.848475] Modules linked in: dmatest [ 67.848479] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.100-emu_x2rc+ #11 [ 67.848483] pstate: 62000085 (nZCv daIf -PAN -UAO +TCO BTYPE=--) [ 67.848487] pc : axi_chan_handle_err+0xc4/0x230 [ 67.848491] lr : axi_chan_handle_err+0x30/0x230 [ 67.848493] sp : ffff0803fe55ae50 [ 67.848495] x29: ffff0803fe55ae50 x28: ffff800011212200 [ 67.848500] x27: ffff0800c42c0080 x26: ffff0800c097c080 [ 67.848504] x25: ffff800010d33880 x24: ffff80001139d850 [ 67.848508] x23: ffff0800c097c168 x22: 0000000000000000 [ 67.848512] x21: 0000000000000080 x20: 0000000000002000 [ 67.848517] x19: ffff0800c097c080 x18: 0000000000000000 [ 67.848521] x17: 0000000000000000 x16: 0000000000000000 [ 67.848525] x15: 0000000000000000 x14: 0000000000000000 [ 67.848529] x13: 0000000000000000 x12: 0000000000000040 [ 67.848533] x11: ffff0800c0400248 x10: ffff0800c040024a [ 67.848538] x9 : ffff800010576cd4 x8 : ffff0800c0400270 [ 67.848542] x7 : 0000000000000000 x6 : ffff0800c04003e0 [ 67.848546] x5 : ffff0800c0400248 x4 : ffff0800c4294480 [ 67.848550] x3 : dead000000000100 x2 : dead000000000122 [ 67.848555] x1 : 0000000000000100 x0 : ffff0800c097c168 [ 67.848559] Call trace: [ 67.848562] axi_chan_handle_err+0xc4/0x230 [ 67.848566] dw_axi_dma_interrupt+0xf4/0x590 [ 67.848569] __handle_irq_event_percpu+0x60/0x220 [ 67.848573] handle_irq_event+0x64/0x120 [ 67.848576] handle_fasteoi_irq+0xc4/0x220 [ 67.848580] __handle_domain_irq+0x80/0xe0 [ 67.848583] gic_handle_irq+0xc0/0x138 [ 67.848585] el1_irq+0xc8/0x180 [ 67.848588] arch_cpu_idle+0x14/0x2c [ 67.848591] default_idle_call+0x40/0x16c [ 67.848594] do_idle+0x1f0/0x250 [ 67.848597] cpu_startup_entry+0x2c/0x60 [ 67.848600] rest_init+0xc0/0xcc [ 67.848603] arch_call_rest_init+0x14/0x1c [ 67.848606] start_kernel+0x4cc/0x500 [ 67.848610] Code: eb0002ff 9a9f12d6 f2fbd5a2 f2fbd5a3 (a94602c1) [ 67.848613] ---[ end trace 585a97036f88203a ]---

5.5
2024-08-21 CVE-2023-52900 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling __nilfs_btree_get_block() against an invalid virtual block address, it returns -ENOENT because conversion of the virtual block address to a disk block address fails.

5.5
2024-08-21 CVE-2023-52901 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed.

5.5
2024-08-21 CVE-2023-52902 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nommu: fix memory leak in do_mmap() error path The preallocation of the maple tree nodes may leak if the error path to "error_just_free" is taken.

5.5
2024-08-21 CVE-2023-52903 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: io_uring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 CPU: 0 PID: 28 Comm: kworker/u4:1 Not tainted 6.2.0-rc3-syzkaller-16369-g358a161a6a9e #0 Workqueue: events_unbound io_ring_exit_work Call trace:  io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734  io_req_cqe_overflow+0x5c/0x70 io_uring/io_uring.c:773  io_fill_cqe_req io_uring/io_uring.h:168 [inline]  io_do_iopoll+0x474/0x62c io_uring/rw.c:1065  io_iopoll_try_reap_events+0x6c/0x108 io_uring/io_uring.c:1513  io_uring_try_cancel_requests+0x13c/0x258 io_uring/io_uring.c:3056  io_ring_exit_work+0xec/0x390 io_uring/io_uring.c:2869  process_one_work+0x2d8/0x504 kernel/workqueue.c:2289  worker_thread+0x340/0x610 kernel/workqueue.c:2436  kthread+0x12c/0x158 kernel/kthread.c:376  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863 There is no real problem for normal IOPOLL as flush is also called with uring_lock taken, but it's getting more complicated for IOPOLL|SQPOLL, for which __io_cqring_overflow_flush() happens from the CQ waiting path.

5.5
2024-08-21 CVE-2023-52904 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check.

5.5
2024-08-21 CVE-2023-52905 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and hash tables for the tc feature are not getting freed in driver unbind.

5.5
2024-08-21 CVE-2023-52907 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_urb.

5.5
2024-08-21 CVE-2023-52908 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential NULL dereference Fix potential NULL dereference, in the case when "man", the resource manager might be NULL, when/if we print debug information.

5.5
2024-08-21 CVE-2023-52910 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iommu/iova: Fix alloc iova overflows issue In __alloc_and_insert_iova_range, there is an issue that retry_pfn overflows.

5.5
2024-08-21 CVE-2023-52911 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/msm: another fix for the headless Adreno GPU Fix another oops reproducible when rebooting the board with the Adreno GPU working in the headless mode (e.g.

5.5
2024-08-21 CVE-2023-52912 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed bug on error when unloading amdgpu Fixed bug on error when unloading amdgpu. The error message is as follows: [ 377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278! [ 377.706215] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 377.706222] CPU: 4 PID: 8610 Comm: modprobe Tainted: G IOE 6.0.0-thomas #1 [ 377.706231] Hardware name: ASUS System Product Name/PRIME Z390-A, BIOS 2004 11/02/2021 [ 377.706238] RIP: 0010:drm_buddy_free_block+0x26/0x30 [drm_buddy] [ 377.706264] Code: 00 00 00 90 0f 1f 44 00 00 48 8b 0e 89 c8 25 00 0c 00 00 3d 00 04 00 00 75 10 48 8b 47 18 48 d3 e0 48 01 47 28 e9 fa fe ff ff <0f> 0b 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 54 55 48 89 f5 53 [ 377.706282] RSP: 0018:ffffad2dc4683cb8 EFLAGS: 00010287 [ 377.706289] RAX: 0000000000000000 RBX: ffff8b1743bd5138 RCX: 0000000000000000 [ 377.706297] RDX: ffff8b1743bd5160 RSI: ffff8b1743bd5c78 RDI: ffff8b16d1b25f70 [ 377.706304] RBP: ffff8b1743bd59e0 R08: 0000000000000001 R09: 0000000000000001 [ 377.706311] R10: ffff8b16c8572400 R11: ffffad2dc4683cf0 R12: ffff8b16d1b25f70 [ 377.706318] R13: ffff8b16d1b25fd0 R14: ffff8b1743bd59c0 R15: ffff8b16d1b25f70 [ 377.706325] FS: 00007fec56c72c40(0000) GS:ffff8b1836500000(0000) knlGS:0000000000000000 [ 377.706334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 377.706340] CR2: 00007f9b88c1ba50 CR3: 0000000110450004 CR4: 00000000003706e0 [ 377.706347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 377.706354] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 377.706361] Call Trace: [ 377.706365] <TASK> [ 377.706369] drm_buddy_free_list+0x2a/0x60 [drm_buddy] [ 377.706376] amdgpu_vram_mgr_fini+0xea/0x180 [amdgpu] [ 377.706572] amdgpu_ttm_fini+0x12e/0x1a0 [amdgpu] [ 377.706650] amdgpu_bo_fini+0x22/0x90 [amdgpu] [ 377.706727] gmc_v11_0_sw_fini+0x26/0x30 [amdgpu] [ 377.706821] amdgpu_device_fini_sw+0xa1/0x3c0 [amdgpu] [ 377.706897] amdgpu_driver_release_kms+0x12/0x30 [amdgpu] [ 377.706975] drm_dev_release+0x20/0x40 [drm] [ 377.707006] release_nodes+0x35/0xb0 [ 377.707014] devres_release_all+0x8b/0xc0 [ 377.707020] device_unbind_cleanup+0xe/0x70 [ 377.707027] device_release_driver_internal+0xee/0x160 [ 377.707033] driver_detach+0x44/0x90 [ 377.707039] bus_remove_driver+0x55/0xe0 [ 377.707045] pci_unregister_driver+0x3b/0x90 [ 377.707052] amdgpu_exit+0x11/0x6c [amdgpu] [ 377.707194] __x64_sys_delete_module+0x142/0x2b0 [ 377.707201] ? fpregs_assert_state_consistent+0x22/0x50 [ 377.707208] ? exit_to_user_mode_prepare+0x3e/0x190 [ 377.707215] do_syscall_64+0x38/0x90 [ 377.707221] entry_SYSCALL_64_after_hwframe+0x63/0xcd

5.5
2024-08-21 CVE-2023-52913 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs gem_context_register() makes the context visible to userspace, and which point a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl. So we need to ensure that nothing uses the ctx ptr after this.

5.5
2024-08-21 CVE-2023-52914 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: add hash if ready poll request can't complete inline If we don't, then we may lose access to it completely, leading to a request leak.

5.5
2024-08-21 CVE-2024-6767 The WordSurvey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sounding_title’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping.
5.5
2024-08-21 CVE-2024-43871 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu().

5.5
2024-08-21 CVE-2024-43872 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup under heavy CEQE load CEQEs are handled in interrupt handler currently.

5.5
2024-08-21 CVE-2024-43874 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked Fix a null pointer dereference induced by DEBUG_TEST_DRIVER_REMOVE. Return from __sev_snp_shutdown_locked() if the psp_device or the sev_device structs are not initialized.

5.5
2024-08-21 CVE-2024-43862 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex The carrier_lock spinlock protects the carrier detection.

5.5
2024-08-21 CVE-2024-43863 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll->fence wait->fence unref deadlocks. vmwgfx overwrites the wait callback to iterate over the list of all fences and update their status, to do that it holds a lock to prevent the list modifcations from other threads.

5.5
2024-08-20 CVE-2024-43861 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive.

5.5
2024-08-25 CVE-2024-8152 Rems Cross-site Scripting vulnerability in Rems QR Code Bookmark System 1.0

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0.

5.4
2024-08-25 CVE-2024-8153 Rems Cross-site Scripting vulnerability in Rems QR Code Bookmark System 1.0

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0.

5.4
2024-08-25 CVE-2024-8154 Rems Cross-site Scripting vulnerability in Rems QR Code Bookmark System 1.0

A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0.

5.4
2024-08-25 CVE-2024-8151 Rems Cross-site Scripting vulnerability in Rems Interactive MAP With Marker 1.0

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0.

5.4
2024-08-25 CVE-2024-8142 Rems Cross-site Scripting vulnerability in Rems Daily Calories Monitoring Tool 1.0

A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0.

5.4
2024-08-25 CVE-2024-8140 Rems Cross-site Scripting vulnerability in Rems Task Progress Tracker 1.0

A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic.

5.4
2024-08-25 CVE-2024-8141 Rems Cross-site Scripting vulnerability in Rems Daily Calories Monitoring Tool 1.0

A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0.

5.4
2024-08-24 CVE-2024-2254 Risethemes Cross-site Scripting vulnerability in Risethemes RT Easy Builder

The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-08-24 CVE-2023-0926 Samiahmedsiddiqui Cross-site Scripting vulnerability in Samiahmedsiddiqui Custom Permalinks

The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names.

5.4
2024-08-23 CVE-2024-41841 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-08-23 CVE-2024-41843 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-08-23 CVE-2024-41844 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-08-23 CVE-2024-41845 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-08-23 CVE-2024-41846 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-08-23 CVE-2024-41847 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-08-23 CVE-2024-41848 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-08-23 CVE-2024-41875 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-08-23 CVE-2024-41876 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-08-23 CVE-2024-41877 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-08-23 CVE-2024-41878 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-08-23 CVE-2024-42918 Adonesevangelista Cross-site Scripting vulnerability in Adonesevangelista Online Accreditation Management System 1.0

itsourcecode Online Accreditation Management System contains a Cross Site Scripting vulnerability, which allows an attacker to execute arbitrary code via a crafted payload to the SCHOOLNAME, EMAILADDRES, CONTACTNO, COMPANYNAME and COMPANYCONTACTNO parameters in controller.php.

5.4
2024-08-23 CVE-2024-38869 Zohocorp Cross-site Scripting vulnerability in Zohocorp products

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.

5.4
2024-08-23 CVE-2024-42766 Kjayvik Unspecified vulnerability in Kjayvik BUS Ticket Reservation System 1.0

Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php.

5.4
2024-08-23 CVE-2024-8113 Pretix Cross-site Scripting vulnerability in Pretix

Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page.

5.4
2024-08-23 CVE-2024-5502 Piotnet Cross-site Scripting vulnerability in Piotnet Addons

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-08-22 CVE-2024-6870 Dfactory Cross-site Scripting vulnerability in Dfactory Responsive Lightbox

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rl_upload_image AJAX endpoint.

5.4
2024-08-22 CVE-2024-7778 Themeisle Cross-site Scripting vulnerability in Themeisle Orbit FOX

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping.

5.4
2024-08-22 CVE-2024-5583 Posimyth Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-08-21 CVE-2024-7629 Kirstyburgoine Cross-site Scripting vulnerability in Kirstyburgoine Responsive Video 1.0

The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-08-21 CVE-2024-42939 Yzncms Cross-site Scripting vulnerability in Yzncms 1.4.2

A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.

5.4
2024-08-20 CVE-2024-43396 Khoj Cross-site Scripting vulnerability in Khoj

Khoj is an application that creates personal AI agents.

5.4
2024-08-20 CVE-2024-39094 Friendica Cross-site Scripting vulnerability in Friendica 2024.03

Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters.

5.4
2024-08-20 CVE-2024-6378 3DS Cross-site Scripting vulnerability in 3DS 3Dexperience R2022X/R2023X

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

5.4
2024-08-20 CVE-2024-42335 7 Twenty Cross-site Scripting vulnerability in 7-Twenty BOT

7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4
2024-08-20 CVE-2024-6864 Sayandatta Cross-site Scripting vulnerability in Sayandatta WP Last Modified Info

The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘template’ attribute of the lmt-post-modified-info shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping.

5.4
2024-08-20 CVE-2024-5763 Posimyth Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_date attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping.

5.4
2024-08-20 CVE-2024-6575 Posimyth Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘res_width_value’ parameter within the plugin's tp_page_scroll widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping.

5.4
2024-08-20 CVE-2024-5941 Givewp Missing Authorization vulnerability in Givewp

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.14.1.

5.4
2024-08-20 CVE-2024-7945 Adonesevangelista Cross-site Scripting vulnerability in Adonesevangelista Laravel Property Management System 1.0

A vulnerability was found in itsourcecode Laravel Property Management System 1.0.

5.4
2024-08-20 CVE-2024-7948 Rems Cross-site Scripting vulnerability in Rems Account Manager APP 1.0

A vulnerability classified as problematic was found in SourceCodester Accounts Manager App 1.0.

5.4
2024-08-20 CVE-2024-7942 Rems Cross-site Scripting vulnerability in Rems Leads Manager Tool 1.0

A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic.

5.4
2024-08-19 CVE-2024-43400 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

5.4
2024-08-25 CVE-2023-48957 Purevpn Unspecified vulnerability in Purevpn 2.0.2

PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.

5.3
2024-08-25 CVE-2024-45244 Hyperledger Unspecified vulnerability in Hyperledger Fabric

Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window.

5.3
2024-08-24 CVE-2024-6499 Maxfoundry Unspecified vulnerability in Maxfoundry Maxbuttons

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8.

5.3
2024-08-22 CVE-2024-42411 Mattermost Improper Check for Unusual or Exceptional Conditions vulnerability in Mattermost

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account is much older.

5.3
2024-08-21 CVE-2024-41674 Okfn Information Exposure Through an Error Message vulnerability in Okfn Ckan

CKAN is an open-source data management system for powering data hubs and data portals.

5.3
2024-08-21 CVE-2024-6568 The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.0.
5.3
2024-08-21 CVE-2024-7390 Starkdigital Missing Authorization vulnerability in Starkdigital WP Testimonial Widget

The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.0.

5.3
2024-08-20 CVE-2024-42369 Matrix Uncontrolled Recursion vulnerability in Matrix Javascript SDK

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript.

5.3
2024-08-20 CVE-2024-43376 Umbraco Information Exposure Through an Error Message vulnerability in Umbraco CMS 14.0.0/14.1.0/14.1.1

Umbraco is an ASP.NET CMS.

5.3
2024-08-20 CVE-2024-5939 Givewp Missing Authorization vulnerability in Givewp

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 3.13.0.

5.3
2024-08-20 CVE-2024-5940 Givewp Missing Authorization vulnerability in Givewp

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.13.0.

5.3
2024-08-25 CVE-2024-8155 Continew SQL Injection vulnerability in Continew Admin 3.2.0

A vulnerability classified as critical was found in ContiNew Admin 3.2.0.

4.9
2024-08-25 CVE-2024-8150 Continew SQL Injection vulnerability in Continew Admin 3.2.0

A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical.

4.9
2024-08-22 CVE-2024-42497 Mattermost Unspecified vulnerability in Mattermost Server

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams.

4.9
2024-08-22 CVE-2024-39810 Mattermost Unspecified vulnerability in Mattermost

Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the connection, cause the application to crash.

4.9
2024-08-25 CVE-2024-8145 Classcms Cross-site Scripting vulnerability in Classcms 4.8

A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8.

4.8
2024-08-23 CVE-2024-41842 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

4.8
2024-08-22 CVE-2024-8084 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability, which was classified as problematic, was found in SourceCodester Online Computer and Laptop Store 1.0.

4.8
2024-08-20 CVE-2024-7775 Bitapps Cross-site Scripting vulnerability in Bitapps Contact Form Builder

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9.

4.8
2024-08-22 CVE-2022-48931 Linux Race Condition vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes add or delete list concurrently. Some unfortunate interleavings of them can cause kernel panic. One of cases is: A --> B --> C --> D A <-- B <-- C <-- D delete list_head *B | delete list_head *C --------------------------------|----------------------------------- configfs_unregister_subsystem | configfs_unregister_subsystem unlink_group | unlink_group unlink_obj | unlink_obj list_del_init | list_del_init __list_del_entry | __list_del_entry __list_del | __list_del // next == C | next->prev = prev | | next->prev = prev prev->next = next | | // prev == B | prev->next = next Fix this by adding mutex when calling link_group() or unlink_group(), but parent configfs_subsystem is NULL when config_item is root. So I create a mutex configfs_subsystem_mutex.

4.7
2024-08-22 CVE-2022-48941 Linux Race Condition vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ice: fix concurrent reset and removal of VFs Commit c503e63200c6 ("ice: Stop processing VF messages during teardown") introduced a driver state flag, ICE_VF_DEINIT_IN_PROGRESS, which is intended to prevent some issues with concurrently handling messages from VFs while tearing down the VFs. This change was motivated by crashes caused while tearing down and bringing up VFs in rapid succession. It turns out that the fix actually introduces issues with the VF driver caused because the PF no longer responds to any messages sent by the VF during its .remove routine.

4.7
2024-08-22 CVE-2022-48921 Linux Race Condition vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweight_entity Syzbot found a GPF in reweight_entity.

4.7
2024-08-21 CVE-2022-48869 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: USB: gadgetfs: Fix race between mounting and unmounting The syzbot fuzzer and Gerald Lee have identified a use-after-free bug in the gadgetfs driver, involving processes concurrently mounting and unmounting the gadgetfs filesystem.

4.7
2024-08-21 CVE-2022-48898 Linux Race Condition vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer There are 3 possible interrupt sources are handled by DP controller, HPDstatus, Controller state changes and Aux read/write transaction. At every irq, DP controller have to check isr status of every interrupt sources and service the interrupt if its isr status bits shows interrupts are pending.

4.7
2024-08-21 CVE-2022-48899 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the handle's reference.

4.7
2024-08-21 CVE-2023-52896 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota rescan and disable leading to NULL pointer deref If we have one task trying to start the quota rescan worker while another one is trying to disable quotas, we can end up hitting a race that results in the quota rescan worker doing a NULL pointer dereference.

4.7
2024-08-21 CVE-2023-52897 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: do not warn on record without old_roots populated [BUG] There are some reports from the mailing list that since v6.1 kernel, the WARN_ON() inside btrfs_qgroup_account_extent() gets triggered during rescan: WARNING: CPU: 3 PID: 6424 at fs/btrfs/qgroup.c:2756 btrfs_qgroup_account_extents+0x1ae/0x260 [btrfs] CPU: 3 PID: 6424 Comm: snapperd Tainted: P OE 6.1.2-1-default #1 openSUSE Tumbleweed 05c7a1b1b61d5627475528f71f50444637b5aad7 RIP: 0010:btrfs_qgroup_account_extents+0x1ae/0x260 [btrfs] Call Trace: <TASK> btrfs_commit_transaction+0x30c/0xb40 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] ? start_transaction+0xc3/0x5b0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] btrfs_qgroup_rescan+0x42/0xc0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] btrfs_ioctl+0x1ab9/0x25c0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] ? __rseq_handle_notify_resume+0xa9/0x4a0 ? mntput_no_expire+0x4a/0x240 ? __seccomp_filter+0x319/0x4d0 __x64_sys_ioctl+0x90/0xd0 do_syscall_64+0x5b/0x80 ? syscall_exit_to_user_mode+0x17/0x40 ? do_syscall_64+0x67/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fd9b790d9bf </TASK> [CAUSE] Since commit e15e9f43c7ca ("btrfs: introduce BTRFS_QGROUP_RUNTIME_FLAG_NO_ACCOUNTING to skip qgroup accounting"), if our qgroup is already in inconsistent state, we will no longer do the time-consuming backref walk. This can leave some qgroup records without a valid old_roots ulist. Normally this is fine, as btrfs_qgroup_account_extents() would also skip those records if we have NO_ACCOUNTING flag set. But there is a small window, if we have NO_ACCOUNTING flag set, and inserted some qgroup_record without a old_roots ulist, but then the user triggered a qgroup rescan. During btrfs_qgroup_rescan(), we firstly clear NO_ACCOUNTING flag, then commit current transaction. And since we have a qgroup_record with old_roots = NULL, we trigger the WARN_ON() during btrfs_qgroup_account_extents(). [FIX] Unfortunately due to the introduction of NO_ACCOUNTING flag, the assumption that every qgroup_record would have its old_roots populated is no longer correct. Fix the false alerts and drop the WARN_ON().

4.7
2024-08-21 CVE-2023-52898 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhci_free_dev() which frees the xhci->devs[slot_id] virt device at the same time that xhci_kill_endpoint_urbs() tries to loop through all the device's endpoints, checking if there are any cancelled urbs left to give back. hold the xhci spinlock while freeing the virt device

4.7
2024-08-21 CVE-2023-52909 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix handling of cached open files in nfsd4_open codepath Commit fb70bf124b05 ("NFSD: Instantiate a struct file when creating a regular NFSv4 file") added the ability to cache an open fd over a compound.

4.7
2024-08-25 CVE-2024-42340 Cyberark Unspecified vulnerability in Cyberark Identity

CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security

4.3
2024-08-25 CVE-2024-42338 Cyberark Information Exposure vulnerability in Cyberark Identity

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

4.3
2024-08-25 CVE-2024-42339 Cyberark Unspecified vulnerability in Cyberark Identity

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

4.3
2024-08-24 CVE-2024-6631 Imagerecycle Missing Authorization vulnerability in Imagerecycle PDF & Image Compression

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 3.1.14.

4.3
2024-08-24 CVE-2024-8120 Imagerecycle Cross-Site Request Forgery (CSRF) vulnerability in Imagerecycle PDF & Image Compression

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14.

4.3
2024-08-22 CVE-2024-43780 Mattermost Unspecified vulnerability in Mattermost Server

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel.

4.3
2024-08-22 CVE-2024-39744 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Connect Direct web Services

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

4.3
2024-08-22 CVE-2024-43813 Mattermost Unspecified vulnerability in Mattermost

Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user.

4.3
2024-08-22 CVE-2024-7836 Themify Incorrect Authorization vulnerability in Themify Builder

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1.

4.3
2024-08-21 CVE-2024-7975 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

4.3
2024-08-21 CVE-2024-7976 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

4.3
2024-08-21 CVE-2024-7978 Google Unspecified vulnerability in Google Chrome

Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page.

4.3
2024-08-21 CVE-2024-7981 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

4.3
2024-08-21 CVE-2024-8033 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page.

4.3
2024-08-21 CVE-2024-8034 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

4.3
2024-08-21 CVE-2024-8035 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

4.3
2024-08-21 CVE-2024-7722 Foxit Use After Free vulnerability in Foxit PDF Editor and PDF Reader

Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability.

4.3
2024-08-21 CVE-2024-5880 The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password protection is enabled.
4.3
2024-08-21 CVE-2024-6883 The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to, and including, 5.0.22.decaf.
4.3
2024-08-21 CVE-2024-7030 Zaytech Missing Authorization vulnerability in Zaytech Smart Online Order for Clover

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6.

4.3
2024-08-20 CVE-2024-7711 Github Incorrect Authorization vulnerability in Github Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository.

4.3
2024-08-20 CVE-2024-43377 Umbraco Unspecified vulnerability in Umbraco CMS 14.0.0/14.1.0/14.1.1

Umbraco CMS is an ASP.NET CMS.

4.3
2024-08-20 CVE-2024-43397 Apolloconfig Unspecified vulnerability in Apolloconfig Apollo

Apollo is a configuration management system.

4.3
2024-08-23 CVE-2024-41849 Adobe Unspecified vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass.

4.1

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-08-22 CVE-2024-32939 Mattermost Cleartext Storage of Sensitive Information vulnerability in Mattermost

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server."

3.7
2024-08-22 CVE-2022-48937 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: io_uring: add a schedule point in io_add_buffers() Looping ~65535 times doing kmalloc() calls can trigger soft lockups, especially with DEBUG features (like KASAN). [ 253.536212] watchdog: BUG: soft lockup - CPU#64 stuck for 26s! [b219417889:12575] [ 253.544433] Modules linked in: vfat fat i2c_mux_pca954x i2c_mux spidev cdc_acm xhci_pci xhci_hcd sha3_generic gq(O) [ 253.544451] CPU: 64 PID: 12575 Comm: b219417889 Tainted: G S O 5.17.0-smp-DEV #801 [ 253.544457] RIP: 0010:kernel_text_address (./include/asm-generic/sections.h:192 ./include/linux/kallsyms.h:29 kernel/extable.c:67 kernel/extable.c:98) [ 253.544464] Code: 0f 93 c0 48 c7 c1 e0 63 d7 a4 48 39 cb 0f 92 c1 20 c1 0f b6 c1 5b 5d c3 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 53 48 89 fb <48> c7 c0 00 00 80 a0 41 be 01 00 00 00 48 39 c7 72 0c 48 c7 c0 40 [ 253.544468] RSP: 0018:ffff8882d8baf4c0 EFLAGS: 00000246 [ 253.544471] RAX: 1ffff1105b175e00 RBX: ffffffffa13ef09a RCX: 00000000a13ef001 [ 253.544474] RDX: ffffffffa13ef09a RSI: ffff8882d8baf558 RDI: ffffffffa13ef09a [ 253.544476] RBP: ffff8882d8baf4d8 R08: ffff8882d8baf5e0 R09: 0000000000000004 [ 253.544479] R10: ffff8882d8baf5e8 R11: ffffffffa0d59a50 R12: ffff8882eab20380 [ 253.544481] R13: ffffffffa0d59a50 R14: dffffc0000000000 R15: 1ffff1105b175eb0 [ 253.544483] FS: 00000000016d3380(0000) GS:ffff88af48c00000(0000) knlGS:0000000000000000 [ 253.544486] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 253.544488] CR2: 00000000004af0f0 CR3: 00000002eabfa004 CR4: 00000000003706e0 [ 253.544491] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 253.544492] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 253.544494] Call Trace: [ 253.544496] <TASK> [ 253.544498] ? io_queue_sqe (fs/io_uring.c:7143) [ 253.544505] __kernel_text_address (kernel/extable.c:78) [ 253.544508] unwind_get_return_address (arch/x86/kernel/unwind_frame.c:19) [ 253.544514] arch_stack_walk (arch/x86/kernel/stacktrace.c:27) [ 253.544517] ? io_queue_sqe (fs/io_uring.c:7143) [ 253.544521] stack_trace_save (kernel/stacktrace.c:123) [ 253.544527] ____kasan_kmalloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515) [ 253.544531] ? ____kasan_kmalloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515) [ 253.544533] ? __kasan_kmalloc (mm/kasan/common.c:524) [ 253.544535] ? kmem_cache_alloc_trace (./include/linux/kasan.h:270 mm/slab.c:3567) [ 253.544541] ? io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828) [ 253.544544] ? __io_queue_sqe (fs/io_uring.c:?) [ 253.544551] __kasan_kmalloc (mm/kasan/common.c:524) [ 253.544553] kmem_cache_alloc_trace (./include/linux/kasan.h:270 mm/slab.c:3567) [ 253.544556] ? io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828) [ 253.544560] io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828) [ 253.544564] ? __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469) [ 253.544567] ? __kasan_slab_alloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469) [ 253.544569] ? kmem_cache_alloc_bulk (mm/slab.h:732 mm/slab.c:3546) [ 253.544573] ? __io_alloc_req_refill (fs/io_uring.c:2078) [ 253.544578] ? io_submit_sqes (fs/io_uring.c:7441) [ 253.544581] ? __se_sys_io_uring_enter (fs/io_uring.c:10154 fs/io_uring.c:10096) [ 253.544584] ? __x64_sys_io_uring_enter (fs/io_uring.c:10096) [ 253.544587] ? do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) [ 253.544590] ? entry_SYSCALL_64_after_hwframe (??:?) [ 253.544596] __io_queue_sqe (fs/io_uring.c:?) [ 253.544600] io_queue_sqe (fs/io_uring.c:7143) [ 253.544603] io_submit_sqe (fs/io_uring.c:?) [ 253.544608] io_submit_sqes (fs/io_uring.c:?) [ 253.544612] __se_sys_io_uring_enter (fs/io_uring.c:10154 fs/io_uri ---truncated---

3.3
2024-08-22 CVE-2022-48939 Linux Excessive Iteration vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcu_barrier Nothing prevents batch ops to process huge amount of data, we need to add schedule points in them. Note that maybe_wait_bpf_programs(map) calls from generic_map_delete_batch() can be factorized by moving the call after the loop. This will be done later in -next tree once we get this fix merged, unless there is strong opinion doing this optimization sooner.

3.3
2024-08-19 CVE-2024-43379 Trufflesecurity Server-Side Request Forgery (SSRF) vulnerability in Trufflesecurity Trufflehog

TruffleHog is a secrets scanning tool.

3.1
2024-08-22 CVE-2024-40884 Mattermost Unspecified vulnerability in Mattermost Server

Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL.

2.7