Weekly Vulnerabilities Reports > September 2 to 8, 2024

Overview

446 new vulnerabilities reported during this period, including 52 critical vulnerabilities and 154 high severity vulnerabilities. This weekly summary report vulnerabilities in 909 products from 166 vendors including Linux, Qnap, Samsung, Qualcomm, and Huawei. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "Use After Free", and "OS Command Injection".

  • 291 reported vulnerabilities are remotely exploitables.
  • 172 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 212 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 60 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

52 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-05 CVE-2024-43102 Freebsd Use After Free vulnerability in Freebsd

Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTX_SHM_DESTROY sub-request in parallel can panic the kernel or enable further Use-After-Free attacks, potentially including code execution or Capsicum sandbox escape.

10.0
2024-09-04 CVE-2024-45076 IBM Unrestricted Upload of File with Dangerous Type vulnerability in IBM Webmethods Integration 10.15

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.

9.9
2024-09-08 CVE-2024-8579 Totolink Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220

A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220.

9.8
2024-09-08 CVE-2024-8570 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0

A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical.

9.8
2024-09-08 CVE-2024-6924 Themetechmount SQL Injection vulnerability in Themetechmount Truebooker

The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

9.8
2024-09-08 CVE-2024-6928 Opti Marketing SQL Injection vulnerability in Opti.Marketing Opti Marketing

The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

9.8
2024-09-08 CVE-2024-8569 Fabianros SQL Injection vulnerability in Fabianros Hospital Management System 1.0

A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical.

9.8
2024-09-08 CVE-2024-8568 Project Team SQL Injection vulnerability in Project Team Tmall Demo

A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901.

9.8
2024-09-08 CVE-2024-8567 Payroll Management System Project SQL Injection vulnerability in Payroll Management System Project Payroll Management System 1.0

A vulnerability, which was classified as critical, has been found in itsourcecode Payroll Management System 1.0.

9.8
2024-09-07 CVE-2024-8565 Oretnom23 SQL Injection vulnerability in Oretnom23 Clinic'S Patient Management System 2.0

A vulnerability was found in SourceCodesters Clinics Patient Management System 2.0.

9.8
2024-09-07 CVE-2024-8561 Rems SQL Injection vulnerability in Rems PHP Crud 1.0

A vulnerability has been found in SourceCodester PHP CRUD 1.0 and classified as critical.

9.8
2024-09-07 CVE-2024-40711 Veeam Deserialization of Untrusted Data vulnerability in Veeam Backup & Replication 12.0.0.1420

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

9.8
2024-09-06 CVE-2024-44401 Dlink Command Injection vulnerability in Dlink Di-8100G Firmware 17.12.20A1

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file

9.8
2024-09-06 CVE-2024-44402 Dlink Command Injection vulnerability in Dlink Di-8100G Firmware 17.12.20A1

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.

9.8
2024-09-06 CVE-2024-8517 Spip Unspecified vulnerability in Spip

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue.

9.8
2024-09-06 CVE-2024-7493 Wpcom Unspecified vulnerability in Wpcom Member

The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1.

9.8
2024-09-06 CVE-2024-8292 Plechevandrey Authorization Bypass Through User-Controlled Key vulnerability in Plechevandrey Wp-Recall

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8.

9.8
2024-09-05 CVE-2024-8395 Flycass SQL Injection vulnerability in Flycass

FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication.

9.8
2024-09-05 CVE-2024-45159 ARM Improper Certificate Validation vulnerability in ARM Mbed TLS

An issue was discovered in Mbed TLS 3.x before 3.6.1.

9.8
2024-09-05 CVE-2024-44727 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez Event Management System 1.0

Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php.

9.8
2024-09-04 CVE-2024-8416 Oretnom23 SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0

A vulnerability was found in SourceCodester Food Ordering Management System 1.0.

9.8
2024-09-04 CVE-2024-20439 Cisco Use of Hard-coded Credentials vulnerability in Cisco Smart License Utility

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account.

9.8
2024-09-04 CVE-2024-8415 Oretnom23 SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0

A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as critical.

9.8
2024-09-04 CVE-2024-7076 Semtekyazilim SQL Injection vulnerability in Semtekyazilim Semtek Sempos

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc.

9.8
2024-09-04 CVE-2024-7078 Semtekyazilim SQL Injection vulnerability in Semtekyazilim Semtek Sempos

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc.

9.8
2024-09-04 CVE-2024-7012 Redhat Improper Authentication vulnerability in Redhat Satellite 6.13/6.14/6.15

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration.

9.8
2024-09-04 CVE-2024-7923 Redhat Improper Authentication vulnerability in Redhat Satellite 6.13/6.14/6.15

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration.

9.8
2024-09-04 CVE-2024-8408 Linksys Out-of-bounds Write vulnerability in Linksys Wrt54G Firmware 4.21.5

A vulnerability was found in Linksys WRT54G 4.21.5.

9.8
2024-09-04 CVE-2024-44400 Dlink Command Injection vulnerability in Dlink Di-8400 Firmware 16.07.26A1

A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical.

9.8
2024-09-04 CVE-2024-45507 Apache Server-Side Request Forgery (SSRF) vulnerability in Apache Ofbiz

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.

9.8
2024-09-04 CVE-2024-8289 Multivendorx Missing Authorization vulnerability in Multivendorx

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0.

9.8
2024-09-04 CVE-2024-34657 Samsung Out-of-bounds Write vulnerability in Samsung Notes

Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code.

9.8
2024-09-04 CVE-2024-6926 WOW Company SQL Injection vulnerability in Wow-Company Viral Signup

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

9.8
2024-09-04 CVE-2024-7950 Wpjobportal Missing Authorization vulnerability in Wpjobportal WP JOB Portal

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function.

9.8
2024-09-03 CVE-2024-45390 Blakeembrey Code Injection vulnerability in Blakeembrey Template

@blakeembrey/template is a string template library.

9.8
2024-09-03 CVE-2024-45307 Onesoftnet Missing Authorization vulnerability in Onesoftnet Sudobot

SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the `-config` command in versions prior to 9.26.7.

9.8
2024-09-03 CVE-2024-4259 Sambas Unspecified vulnerability in Sambas Akos 20240902

Improper Privilege Management vulnerability in SAMPA? Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

9.8
2024-09-03 CVE-2024-8381 Mozilla Type Confusion vulnerability in Mozilla Firefox ESR

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment.

9.8
2024-09-03 CVE-2024-8384 Mozilla Out-of-bounds Write vulnerability in Mozilla Firefox ESR

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes.

9.8
2024-09-03 CVE-2024-8385 Mozilla Type Confusion vulnerability in Mozilla Firefox

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability.

9.8
2024-09-03 CVE-2024-8387 Mozilla Out-of-bounds Write vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1.

9.8
2024-09-03 CVE-2024-8389 Mozilla Out-of-bounds Write vulnerability in Mozilla Firefox 129.0

Memory safety bugs present in Firefox 129.

9.8
2024-09-03 CVE-2024-44921 Seacms SQL Injection vulnerability in Seacms 12.9

SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.

9.8
2024-09-03 CVE-2024-7261 Zyxel OS Command Injection vulnerability in Zyxel products

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.

9.8
2024-09-03 CVE-2024-8380 Rems SQL Injection vulnerability in Rems Contact Manager With Export to VCF 1.0

A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0.

9.8
2024-09-02 CVE-2024-6919 NAC SQL Injection vulnerability in NAC Nacpremium

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc.

9.8
2024-09-02 CVE-2024-43772 Easytest SQL Injection vulnerability in Easytest Online Test Platform

SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.

9.8
2024-09-02 CVE-2024-43773 Easytest SQL Injection vulnerability in Easytest Online Test Platform

SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter.

9.8
2024-09-02 CVE-2024-45522 Linen Unspecified vulnerability in Linen

Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password.

9.8
2024-09-03 CVE-2024-7345 Progress Code Injection vulnerability in Progress Openedge

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms

9.6
2024-09-05 CVE-2024-24759 Mindsdb Server-Side Request Forgery (SSRF) vulnerability in Mindsdb

MindsDB is a platform for building artificial intelligence from enterprise data.

9.1
2024-09-04 CVE-2024-45443 Huawei Path Traversal vulnerability in Huawei Emui and Harmonyos

Directory traversal vulnerability in the cust module Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

9.1

154 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-08 CVE-2024-8577 Totolink Classic Buffer Overflow vulnerability in Totolink T10 Firmware and T8 Firmware

A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207.

8.8
2024-09-08 CVE-2024-8578 Totolink Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220.

8.8
2024-09-08 CVE-2024-8576 Totolink Classic Buffer Overflow vulnerability in Totolink T10 Firmware and T8 Firmware

A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207.

8.8
2024-09-08 CVE-2024-8575 Totolink Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical.

8.8
2024-09-08 CVE-2024-8574 Totolink OS Command Injection vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical.

8.8
2024-09-08 CVE-2024-8573 Totolink Classic Buffer Overflow vulnerability in Totolink T10 Firmware and T8 Firmware

A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207.

8.8
2024-09-07 CVE-2024-8564 Rems SQL Injection vulnerability in Rems PHP Crud 1.0

A vulnerability was found in SourceCodester PHP CRUD 1.0.

8.8
2024-09-07 CVE-2024-8560 Oretnom23 SQL Injection vulnerability in Oretnom23 Simple Invoice Generator System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Simple Invoice Generator System 1.0.

8.8
2024-09-06 CVE-2024-44844 Draytek OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.

8.8
2024-09-06 CVE-2024-44845 Draytek OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.

8.8
2024-09-06 CVE-2023-34974 Qnap OS Command Injection vulnerability in Qnap QTS and Quts Hero

An OS command injection vulnerability has been reported to affect several QNAP operating system versions.

8.8
2024-09-06 CVE-2023-45038 Qnap Improper Authentication vulnerability in Qnap Music Station

An improper authentication vulnerability has been reported to affect Music Station.

8.8
2024-09-06 CVE-2023-47563 Qnap Command Injection vulnerability in Qnap Video Station

An OS command injection vulnerability has been reported to affect Video Station.

8.8
2024-09-06 CVE-2023-50360 Qnap SQL Injection vulnerability in Qnap Video Station

A SQL injection vulnerability has been reported to affect Video Station.

8.8
2024-09-06 CVE-2023-51367 Qnap Stack-based Buffer Overflow vulnerability in Qnap QTS and Quts Hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

8.8
2024-09-06 CVE-2024-21898 Qnap OS Command Injection vulnerability in Qnap QTS and Quts Hero

An OS command injection vulnerability has been reported to affect several QNAP operating system versions.

8.8
2024-09-06 CVE-2024-32763 Qnap Heap-based Buffer Overflow vulnerability in Qnap QTS and Quts Hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

8.8
2024-09-06 CVE-2024-8428 Ultimatemember Authorization Bypass Through User-Controlled Key vulnerability in Ultimatemember Forumwp

The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key.

8.8
2024-09-06 CVE-2024-38486 Dell Command Injection vulnerability in Dell Smartfabric Os10

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability.

8.8
2024-09-06 CVE-2024-8247 Tribulant Unspecified vulnerability in Tribulant Newsletters

The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2.

8.8
2024-09-06 CVE-2024-8480 Sirv Missing Authorization vulnerability in Sirv

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7.

8.8
2024-09-05 CVE-2024-8463 Phpgurukul Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul JOB Portal 1.0

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.

8.8
2024-09-05 CVE-2024-42416 Freebsd Improper Validation of Specified Quantity in Input vulnerability in Freebsd

The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.

8.8
2024-09-05 CVE-2024-43110 Freebsd Out-of-bounds Read vulnerability in Freebsd

The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.

8.8
2024-09-05 CVE-2024-45063 Freebsd Use After Free vulnerability in Freebsd

The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.

8.8
2024-09-05 CVE-2024-8178 Freebsd Missing Initialization of Resource vulnerability in Freebsd

The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.

8.8
2024-09-04 CVE-2024-43402 Rust Lang Argument Injection or Modification vulnerability in Rust-Lang Rust

Rust is a programming language.

8.8
2024-09-04 CVE-2024-45075 IBM Unspecified vulnerability in IBM Webmethods Integration 10.15

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.

8.8
2024-09-04 CVE-2024-8102 Wpextended Missing Authorization vulnerability in Wpextended WP Extended

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8.

8.8
2024-09-03 CVE-2024-8382 Mozilla Unspecified vulnerability in Mozilla Firefox ESR

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events.

8.8
2024-09-03 CVE-2024-45586 Symphonyfintech Unspecified vulnerability in Symphonyfintech XTS Mobile Trader and XTS web Trader

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160).

8.8
2024-09-03 CVE-2024-45587 Symphonyfintech Unspecified vulnerability in Symphonyfintech XTS Mobile Trader and XTS web Trader

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application.

8.8
2024-09-02 CVE-2024-43774 Easytest SQL Injection vulnerability in Easytest Online Test Platform

SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter.

8.8
2024-09-02 CVE-2024-43775 Easytest SQL Injection vulnerability in Easytest Online Test Platform

SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter.

8.8
2024-09-02 CVE-2024-43776 Easytest SQL Injection vulnerability in Easytest Online Test Platform

SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter.

8.8
2024-09-02 CVE-2024-7871 Easytest Online Test Platform Project SQL Injection vulnerability in Easytest Online Test Platform Project Easytest Online Test Platform

SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter.

8.8
2024-09-02 CVE-2024-23365 Memory corruption while releasing shared resources in MinkSocket listener thread.
8.4
2024-09-02 CVE-2024-33035 Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.
8.4
2024-09-05 CVE-2024-32668 Freebsd Out-of-bounds Write vulnerability in Freebsd

An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root.

8.2
2024-09-02 CVE-2024-23359 Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
8.2
2024-09-08 CVE-2024-8580 Totolink Use of Hard-coded Password vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220

A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220.

8.1
2024-09-06 CVE-2024-39585 Dell Use of Hard-coded Credentials vulnerability in Dell Smartfabric Os10

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability.

8.1
2024-09-05 CVE-2024-45098 IBM Unspecified vulnerability in IBM Aspera Faspex

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.

8.1
2024-09-05 CVE-2024-7627 Bitapps Race Condition vulnerability in Bitapps File Manager

The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function.

8.1
2024-09-04 CVE-2024-8417 Yunknet Unspecified vulnerability in Yunknet Online School System

A vulnerability was found in ?????????? Yunke Online School System up to 1.5.5.

8.1
2024-09-04 CVE-2024-41716 Idec Cleartext Storage of Sensitive Information vulnerability in Idec Windldr and Windo/I-Nv4

Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4.

8.1
2024-09-03 CVE-2024-45588 Symphonyfintech Incorrect Authorization vulnerability in Symphonyfintech XTS Mobile Trader and XTS web Trader

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application.

8.1
2024-09-03 CVE-2024-42057 Zyxel OS Command Injection vulnerability in Zyxel ZLD Firmware 4.30/4.55

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device.

8.1
2024-09-06 CVE-2023-39298 Qnap Missing Authorization vulnerability in Qnap QTS and Quts Hero

A missing authorization vulnerability has been reported to affect several QNAP operating system versions.

7.8
2024-09-06 CVE-2024-38641 Qnap Command Injection vulnerability in Qnap QTS and Quts Hero

An OS command injection vulnerability has been reported to affect several QNAP operating system versions.

7.8
2024-09-06 CVE-2024-38642 Qnap Improper Certificate Validation vulnerability in Qnap Qumagie 2.3.0

An improper certificate validation vulnerability has been reported to affect QuMagie.

7.8
2024-09-04 CVE-2024-44974 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on.

7.8
2024-09-04 CVE-2024-44977 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary size Add TA binary size validation to avoid OOB write. (cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)

7.8
2024-09-04 CVE-2024-44978 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xe_exec_queue_put Free job depends on job->vm being valid, the last xe_exec_queue_put can destroy the VM.

7.8
2024-09-04 CVE-2024-44985 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UAF in ip6_xmit() If skb_expand_head() returns NULL, skb has been freed and the associated dst/idev could also have been freed. We must use rcu_read_lock() to prevent a possible UAF.

7.8
2024-09-04 CVE-2024-44986 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and associated idev are alive.

7.8
2024-09-04 CVE-2024-44987 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer can safely dereference rt, unless we hold rcu_read_lock(). A similar issue has been fixed in commit a688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()") Another potential issue in ip6_finish_output2() is handled in a separate patch. [1] BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964 Read of size 8 at addr ffff88806dde4858 by task syz.1.380/6530 CPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964 rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588 rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 sock_write_iter+0x2dd/0x400 net/socket.c:1160 do_iter_readv_writev+0x60a/0x890 vfs_writev+0x37c/0xbb0 fs/read_write.c:971 do_writev+0x1b1/0x350 fs/read_write.c:1018 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f936bf79e79 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79 RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004 RBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8 </TASK> Allocated by task 6530: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3988 [inline] slab_alloc_node mm/slub.c:4037 [inline] kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044 dst_alloc+0x12b/0x190 net/core/dst.c:89 ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670 make_blackhole net/xfrm/xfrm_policy.c:3120 [inline] xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313 ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257 rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597 ___sys_sendmsg net/socket.c:2651 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 45: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2252 [inline] slab_free mm/slub.c:4473 [inline] kmem_cache_free+0x145/0x350 mm/slub.c:4548 dst_destroy+0x2ac/0x460 net/core/dst.c:124 rcu_do_batch kernel/rcu/tree.c:2569 [inline] rcu_core+0xafd/0x1830 kernel/rcu/tree. ---truncated---

7.8
2024-09-04 CVE-2024-44997 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() When there are multiple ap interfaces on one band and with WED on, turning the interface down will cause a kernel panic on MT798X. Previously, cb_priv was freed in mtk_wed_setup_tc_block() without marking NULL,and mtk_wed_setup_tc_block_cb() didn't check the value, too. Assign NULL after free cb_priv in mtk_wed_setup_tc_block() and check NULL in mtk_wed_setup_tc_block_cb(). ---------- Unable to handle kernel paging request at virtual address 0072460bca32b4f5 Call trace: mtk_wed_setup_tc_block_cb+0x4/0x38 0xffffffc0794084bc tcf_block_playback_offloads+0x70/0x1e8 tcf_block_unbind+0x6c/0xc8 ... ---------

7.8
2024-09-04 CVE-2024-44998 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeue_rx() We can't dereference "skb" after calling vcc->push() because the skb is released.

7.8
2024-09-04 CVE-2024-44949 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line.

7.8
2024-09-04 CVE-2024-44951 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix TX fifo corruption Sometimes, when a packet is received on channel A at almost the same time as a packet is about to be transmitted on channel B, we observe with a logic analyzer that the received packet on channel A is transmitted on channel B.

7.8
2024-09-04 CVE-2024-44964 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring q_vector->vport pointers after reinitializating the structures. This is due to that all queue allocation functions are performed here with the new temporary vport structure and those functions rewrite the backpointers to the vport.

7.8
2024-09-04 CVE-2024-44967 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/mgag200: Bind I2C lifetime to DRM device Managed cleanup with devm_add_action_or_reset() will release the I2C adapter when the underlying Linux device goes away.

7.8
2024-09-04 CVE-2024-43405 Projectdiscovery OS Command Injection vulnerability in Projectdiscovery Nuclei

Nuclei is a vulnerability scanner powered by YAML based templates.

7.8
2024-09-04 CVE-2024-7834 Overwolf Uncontrolled Search Path Element vulnerability in Overwolf

A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch.

7.8
2024-09-04 CVE-2024-34656 Samsung Path Traversal vulnerability in Samsung Notes

Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.

7.8
2024-09-04 CVE-2024-34660 Samsung Out-of-bounds Write vulnerability in Samsung Notes

Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.

7.8
2024-09-03 CVE-2024-45394 Authenticator Use of a Broken or Risky Cryptographic Algorithm vulnerability in Authenticator

Authenticator is a browser extension that generates two-step verification codes.

7.8
2024-09-03 CVE-2024-6473 Yandex Untrusted Search Path vulnerability in Yandex Browser

Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.

7.8
2024-09-03 CVE-2024-38811 Vmware Unspecified vulnerability in VMWare Fusion 13.0.0/13.0.1/13.0.2

VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.

7.8
2024-09-03 CVE-2024-8374 Ultimaker Code Injection vulnerability in Ultimaker Cura

UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py).

7.8
2024-09-02 CVE-2024-33038 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.

7.8
2024-09-02 CVE-2024-33042 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption when Alternative Frequency offset value is set to 255.

7.8
2024-09-02 CVE-2024-33045 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

7.8
2024-09-02 CVE-2024-33047 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Memory corruption when the captureRead QDCM command is invoked from user-space.

7.8
2024-09-02 CVE-2024-33052 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption when user provides data for FM HCI command control operations.

7.8
2024-09-02 CVE-2024-33054 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.

7.8
2024-09-02 CVE-2024-33060 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption when two threads try to map and unmap a single node simultaneously.

7.8
2024-09-02 CVE-2024-38401 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption while processing concurrent IOCTL calls.

7.8
2024-09-02 CVE-2024-38402 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption while processing IOCTL call for getting group info.

7.8
2024-09-02 CVE-2024-38386 Openatom Out-of-bounds Write vulnerability in Openatom Openharmony 4.0

in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

7.8
2024-09-02 CVE-2024-39816 Openatom Out-of-bounds Write vulnerability in Openatom Openharmony 4.0

in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

7.8
2024-09-02 CVE-2024-41157 Openatom Use After Free vulnerability in Openatom Openharmony 4.0

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.

7.8
2024-09-02 CVE-2024-41160 Openatom Use After Free vulnerability in Openatom Openharmony

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.

7.8
2024-09-08 CVE-2024-42343 Loway Information Exposure Through Discrepancy vulnerability in Loway Queuemetrics

Loway - CWE-204: Observable Response Discrepancy

7.5
2024-09-07 CVE-2024-40681 IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
7.5
2024-09-07 CVE-2024-8557 Oretnom23 SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0

A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0.

7.5
2024-09-07 CVE-2024-37068 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Maximo Application Suite 8.10/8.11/9.0

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques.

7.5
2024-09-06 CVE-2024-44408 Dlink Missing Authorization vulnerability in Dlink Dir-823G Firmware 1.0.2B0520181207

D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure.

7.5
2024-09-06 CVE-2024-6445 Dataflowx Path Traversal vulnerability in Dataflowx Datadiodex

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: from v3.0.0 before v3.1.7.

7.5
2024-09-06 CVE-2024-1744 Accordors Unspecified vulnerability in Accordors Accord ORS

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1.

7.5
2024-09-05 CVE-2024-42495 Echostar Unspecified vulnerability in Echostar Fusion

Credentials to access device configuration were transmitted using an unencrypted protocol.

7.5
2024-09-05 CVE-2024-7884 Dfinity Memory Leak vulnerability in Dfinity Canister Developer KIT for the Internet Computer

When a canister method is called via ic_cdk::call* , a new Future CallFuture is created and can be awaited by the caller to get the execution result.

7.5
2024-09-05 CVE-2024-8464 Phpgurukul SQL Injection vulnerability in PHPgurukul JOB Portal 1.0

SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it.

7.5
2024-09-05 CVE-2024-8465 Phpgurukul SQL Injection vulnerability in PHPgurukul JOB Portal 1.0

SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it.

7.5
2024-09-05 CVE-2024-8466 Phpgurukul SQL Injection vulnerability in PHPgurukul JOB Portal 1.0

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it.

7.5
2024-09-05 CVE-2024-8467 Phpgurukul SQL Injection vulnerability in PHPgurukul JOB Portal 1.0

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it.

7.5
2024-09-05 CVE-2024-8468 Phpgurukul SQL Injection vulnerability in PHPgurukul JOB Portal 1.0

SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it.

7.5
2024-09-05 CVE-2024-8469 Phpgurukul SQL Injection vulnerability in PHPgurukul JOB Portal 1.0

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it.

7.5
2024-09-05 CVE-2024-8470 Phpgurukul SQL Injection vulnerability in PHPgurukul JOB Portal 1.0

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it.

7.5
2024-09-05 CVE-2024-5957 Trellix Improper Authentication vulnerability in Trellix Intrusion Prevention System Manager 10.1

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.

7.5
2024-09-05 CVE-2024-45287 Freebsd Integer Overflow or Wraparound vulnerability in Freebsd

A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.

7.5
2024-09-04 CVE-2024-45692 Virtualmin
Webmin
Infinite Loop vulnerability in multiple products

Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.

7.5
2024-09-04 CVE-2024-20505 Clamav Out-of-bounds Read vulnerability in Clamav

A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read.

7.5
2024-09-04 CVE-2024-45395 Sigstore Infinite Loop vulnerability in Sigstore Sigstore-Go

sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects.

7.5
2024-09-04 CVE-2024-20440 Cisco Information Exposure Through Log Files vulnerability in Cisco Smart License Utility 2.0.0/2.1.0/2.2.0

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file.

7.5
2024-09-04 CVE-2024-8391 Eclipse Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Vert.X

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).  This is fixed in the 4.5.10 version.  Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)

7.5
2024-09-04 CVE-2024-45506 Haproxy Unspecified vulnerability in Haproxy

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.

7.5
2024-09-04 CVE-2024-8409 Abcd Community Path Traversal vulnerability in Abcd-Community Abcd 2.2.0

A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1.

7.5
2024-09-04 CVE-2024-8410 Abcd Community Path Traversal vulnerability in Abcd-Community Abcd 2.2.0

A vulnerability classified as problematic was found in ABCD ABCD2 up to 2.2.0-beta-1.

7.5
2024-09-04 CVE-2024-8418 Containers Unspecified vulnerability in Containers Aardvark-Dns 1.12.0/1.12.1

A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries.

7.5
2024-09-04 CVE-2024-45195 Apache Forced Browsing vulnerability in Apache Ofbiz

Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.

7.5
2024-09-04 CVE-2024-7870 Pixelyoursite Improper Authentication vulnerability in Pixelyoursite

The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files.

7.5
2024-09-04 CVE-2024-39921 Fujitsu Information Exposure Through Discrepancy vulnerability in Fujitsu products

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112.

7.5
2024-09-04 CVE-2024-42039 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Access control vulnerability in the SystemUI module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

7.5
2024-09-04 CVE-2024-45441 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Input verification vulnerability in the system service module Impact: Successful exploitation of this vulnerability will affect availability.

7.5
2024-09-04 CVE-2024-45442 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of permission verification for APIs in the DownloadProviderMain module Impact: Successful exploitation of this vulnerability will affect availability.

7.5
2024-09-04 CVE-2024-45450 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Permission control vulnerability in the software update module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

7.5
2024-09-03 CVE-2024-45391 Tina Cleartext Storage of Sensitive Information vulnerability in Tina

Tina is an open-source content management system (CMS).

7.5
2024-09-03 CVE-2024-6232 Python Unspecified vulnerability in Python

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

7.5
2024-09-03 CVE-2024-8383 Mozilla Unspecified vulnerability in Mozilla Firefox ESR

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support.

7.5
2024-09-03 CVE-2024-42058 Zyxel NULL Pointer Dereference vulnerability in Zyxel ZLD Firmware 4.30/4.55

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V5.20 through V5.38, and USG20(W)-VPN series firmware versions from V5.20 through V5.38 could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device.

7.5
2024-09-03 CVE-2024-5412 Zyxel Classic Buffer Overflow vulnerability in Zyxel products

A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

7.5
2024-09-02 CVE-2024-1621 NT Ware Unspecified vulnerability in Nt-Ware products

The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant.

7.5
2024-09-02 CVE-2020-36830 Nescalante Unspecified vulnerability in Nescalante Urlregex

A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic.

7.5
2024-09-02 CVE-2024-42471 Github Path Traversal vulnerability in Github Actions/Artifact and Actions Toolkit

actions/artifact is the GitHub ToolKit for developing GitHub Actions.

7.5
2024-09-02 CVE-2024-45311 Quinn Project Always-Incorrect Control Flow Implementation vulnerability in Quinn Project Quinn

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol.

7.5
2024-09-02 CVE-2024-45388 Hoverfly Path Traversal vulnerability in Hoverfly

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers.

7.5
2024-09-02 CVE-2024-6921 NAC Cleartext Storage of Sensitive Information vulnerability in NAC Nacpremium

Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc.

7.5
2024-09-02 CVE-2024-23358 Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
7.5
2024-09-02 CVE-2024-23364 Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).
7.5
2024-09-02 CVE-2024-33048 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

7.5
2024-09-02 CVE-2024-33050 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

7.5
2024-09-02 CVE-2024-33051 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

7.5
2024-09-02 CVE-2024-33057 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

7.5
2024-09-02 CVE-2024-20089 Linuxfoundation
Rdkcentral
Google
Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

In wlan, there is a possible denial of service due to incorrect error handling.

7.5
2024-09-02 CVE-2024-39775 Openatom Out-of-bounds Read vulnerability in Openatom Openharmony 4.0

in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read.

7.5
2024-09-07 CVE-2024-8559 Remyandrade SQL Injection vulnerability in Remyandrade Online Food Menu 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Online Food Menu 1.0.

7.2
2024-09-06 CVE-2023-34979 Qnap OS Command Injection vulnerability in Qnap QTS and Quts Hero

An OS command injection vulnerability has been reported to affect several QNAP operating system versions.

7.2
2024-09-06 CVE-2023-39300 Qnap OS Command Injection vulnerability in Qnap QTS

An OS command injection vulnerability has been reported to affect legacy QTS.

7.2
2024-09-06 CVE-2024-7349 Lifterlms SQL Injection vulnerability in Lifterlms

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

7.2
2024-09-05 CVE-2024-7591 Kemptechnologies OS Command Injection vulnerability in Kemptechnologies Loadmaster and Multi-Tenant Hypervisor Firmware

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above

7.2
2024-09-04 CVE-2024-45053 Ethyca Code Injection vulnerability in Ethyca Fides

Fides is an open-source privacy engineering platform.

7.2
2024-09-03 CVE-2024-42059 Zyxel OS Command Injection vulnerability in Zyxel ZLD Firmware

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series firmware versions from V5.00 through V5.38, and USG20(W)-VPN series firmware versions from V5.00 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted compressed language file via FTP.

7.2
2024-09-03 CVE-2024-42060 Zyxel OS Command Injection vulnerability in Zyxel ZLD Firmware 4.30/4.55

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted internal user agreement file to the vulnerable device.

7.2
2024-09-03 CVE-2024-7203 Zyxel OS Command Injection vulnerability in Zyxel ZLD Firmware

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.

7.2
2024-09-05 CVE-2024-45401 Stripe Path Traversal vulnerability in Stripe Stripe-Cli

stripe-cli is a command-line tool for the payment processor Stripe.

7.1
2024-09-05 CVE-2024-45097 IBM Interpretation Conflict vulnerability in IBM Aspera Faspex

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.

7.1
2024-09-04 CVE-2024-44983 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header, validate it once before the flowtable lookup. ===================================================== BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline] nf_ingress net/core/dev.c:5440 [inline]

7.1
2024-09-04 CVE-2024-44993 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()` When enabling UBSAN on Raspberry Pi 5, we get the following warning: [ 387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3 [ 387.903868] index 7 is out of range for type '__u32 [7]' [ 387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G WC 6.10.3-v8-16k-numa #151 [ 387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT) [ 387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched] [ 387.932525] Call trace: [ 387.935296] dump_backtrace+0x170/0x1b8 [ 387.939403] show_stack+0x20/0x38 [ 387.942907] dump_stack_lvl+0x90/0xd0 [ 387.946785] dump_stack+0x18/0x28 [ 387.950301] __ubsan_handle_out_of_bounds+0x98/0xd0 [ 387.955383] v3d_csd_job_run+0x3a8/0x438 [v3d] [ 387.960707] drm_sched_run_job_work+0x520/0x6d0 [gpu_sched] [ 387.966862] process_one_work+0x62c/0xb48 [ 387.971296] worker_thread+0x468/0x5b0 [ 387.975317] kthread+0x1c4/0x1e0 [ 387.978818] ret_from_fork+0x10/0x20 [ 387.983014] ---[ end trace ]--- This happens because the UAPI provides only seven configuration registers and we are reading the eighth position of this u32 array. Therefore, fix the out-of-bounds read in `v3d_csd_job_run()` by accessing only seven positions on the '__u32 [7]' array.

7.1
2024-09-04 CVE-2024-44999 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtp_dev_xmit() syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] We must make sure the IPv4 or Ipv6 header is pulled in skb->head before accessing fields in them. Use pskb_inet_may_pull() to fix this issue. [1] BUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline] BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 ipv6_pdp_find drivers/net/gtp.c:220 [inline] gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 __netdev_start_xmit include/linux/netdevice.h:4913 [inline] netdev_start_xmit include/linux/netdevice.h:4922 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596 __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423 dev_queue_xmit include/linux/netdevice.h:3105 [inline] packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3145 [inline] packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2204 __do_sys_sendto net/socket.c:2216 [inline] __se_sys_sendto net/socket.c:2212 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:3994 [inline] slab_alloc_node mm/slub.c:4037 [inline] kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674 alloc_skb include/linux/skbuff.h:1320 [inline] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815 packet_alloc_skb net/packet/af_packet.c:2994 [inline] packet_snd net/packet/af_packet.c:3088 [inline] packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2204 __do_sys_sendto net/socket.c:2216 [inline] __se_sys_sendto net/socket.c:2212 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024

7.1
2024-09-04 CVE-2024-34638 Samsung Improper Handling of Exceptional Conditions vulnerability in Samsung Android 12.0/13.0/14.0

Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications.

7.1
2024-09-04 CVE-2024-34658 Samsung Out-of-bounds Read vulnerability in Samsung Notes

Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR.

7.1
2024-09-02 CVE-2024-23362 Cryptographic issue while parsing RSA keys in COBR format.
7.1

229 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-04 CVE-2024-44383 Wayos Command Injection vulnerability in Wayos Fbm-291W Firmware 19.09.11

WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.

6.8
2024-09-02 CVE-2024-33016 memory corruption when an invalid firehose patch command is invoked.
6.8
2024-09-06 CVE-2022-27592 Qnap Unquoted Search Path or Element vulnerability in Qnap QVR Smart Client 2.4.0

An unquoted search path or element vulnerability has been reported to affect QVR Smart Client.

6.7
2024-09-04 CVE-2024-42642 Crucial Out-of-bounds Write vulnerability in Crucial Mx500 Firmware M3Cr046

Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller.

6.7
2024-09-04 CVE-2024-20469 Cisco OS Command Injection vulnerability in Cisco Identity Services Engine 3.2/3.3

A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.

6.7
2024-09-02 CVE-2024-20086 Google Out-of-bounds Write vulnerability in Google Android 12.0

In vdec, there is a possible out of bounds write due to a missing bounds check.

6.7
2024-09-02 CVE-2024-20087 Google Out-of-bounds Write vulnerability in Google Android 12.0

In vdec, there is a possible out of bounds write due to a missing bounds check.

6.7
2024-09-07 CVE-2024-7620 The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7.
6.6
2024-09-07 CVE-2024-7112 Pinpoint SQL Injection vulnerability in Pinpoint Booking System

The Pinpoint Booking System – #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

6.5
2024-09-06 CVE-2023-51366 Qnap Path Traversal vulnerability in Qnap QTS and Quts Hero

A path traversal vulnerability has been reported to affect several QNAP operating system versions.

6.5
2024-09-06 CVE-2023-51368 Qnap NULL Pointer Dereference vulnerability in Qnap QTS and Quts Hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions.

6.5
2024-09-06 CVE-2024-21904 Qnap Path Traversal vulnerability in Qnap QTS and Quts Hero

A path traversal vulnerability has been reported to affect several QNAP operating system versions.

6.5
2024-09-06 CVE-2024-8394 Mozilla Use After Free vulnerability in Mozilla Thunderbird

When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash.

6.5
2024-09-06 CVE-2024-45299 ALF Improper Encoding or Escaping of Output vulnerability in ALF 2.0M42304

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups.

6.5
2024-09-05 CVE-2024-45096 IBM Unspecified vulnerability in IBM Aspera Faspex

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.

6.5
2024-09-05 CVE-2024-6332 Tmsproducts Missing Authorization vulnerability in Tmsproducts Amelia

The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3.

6.5
2024-09-04 CVE-2024-45074 IBM Path Traversal vulnerability in IBM Webmethods Integration 10.15

IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system.

6.5
2024-09-04 CVE-2024-8104 Wpextended Path Traversal vulnerability in Wpextended WP Extended

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function.

6.5
2024-09-04 CVE-2024-8106 Wpextended Unspecified vulnerability in Wpextended WP Extended

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function.

6.5
2024-09-03 CVE-2024-4629 Redhat Improper Enforcement of a Single, Unique Action vulnerability in Redhat products

A vulnerability was found in Keycloak.

6.5
2024-09-03 CVE-2024-42903 Limesurvey Injection vulnerability in Limesurvey

A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.

6.5
2024-09-02 CVE-2024-8365 Hashicorp Information Exposure Through Log Files vulnerability in Hashicorp Vault

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed.

6.5
2024-09-06 CVE-2024-45039 Consensys Unspecified vulnerability in Consensys Gnark-Crypto

gnark is a fast zk-SNARK library that offers a high-level API to design circuits.

6.2
2024-09-08 CVE-2024-8582 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Food Ordering Management System 1.0

A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as problematic.

6.1
2024-09-08 CVE-2024-42341 Loway Open Redirect vulnerability in Loway Queuemetrics 22.11.6/23.09/24.05

Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

6.1
2024-09-08 CVE-2024-8572 Gouniverse Cross-site Scripting vulnerability in Gouniverse Golang CMS

A vulnerability was found in Gouniverse GoLang CMS 1.4.0.

6.1
2024-09-08 CVE-2024-8566 Online Shop Store Project Cross-site Scripting vulnerability in Online Shop Store Project Online Shop Store 1.0

A vulnerability classified as problematic was found in code-projects Online Shop Store 1.0.

6.1
2024-09-07 CVE-2024-8563 Rems Cross-site Scripting vulnerability in Rems PHP Crud 1.0

A vulnerability was found in SourceCodester PHP CRUD 1.0.

6.1
2024-09-07 CVE-2024-8562 Rems Cross-site Scripting vulnerability in Rems PHP Crud 1.0

A vulnerability was found in SourceCodester PHP CRUD 1.0 and classified as problematic.

6.1
2024-09-07 CVE-2024-8555 Oretnom23 Open Redirect vulnerability in Oretnom23 Clinic'S Patient Management System 2.0

A vulnerability was found in SourceCodester Clinics Patient Management System 2.0.

6.1
2024-09-07 CVE-2024-1596 Ninjaforms Cross-site Scripting vulnerability in Ninjaforms Ninja Forms File Uploads

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g.

6.1
2024-09-06 CVE-2024-32762 Qnap Cross-site Scripting vulnerability in Qnap Qulog Center

A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center.

6.1
2024-09-06 CVE-2024-45400 Mlewand Cross-site Scripting vulnerability in Mlewand Open Link

ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab.

6.1
2024-09-05 CVE-2024-44728 Angeljudesuarez Cross-site Scripting vulnerability in Angeljudesuarez Event Management System 1.0

Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact# in /clientdetails/admin/regester.php.

6.1
2024-09-05 CVE-2024-45176 C MOR Cross-site Scripting vulnerability in C-Mor 5.2401

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401.

6.1
2024-09-05 CVE-2024-8471 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul JOB Portal 1.0

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted.

6.1
2024-09-05 CVE-2024-8472 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul JOB Portal 1.0

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted.

6.1
2024-09-05 CVE-2024-8473 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul JOB Portal 1.0

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted.

6.1
2024-09-04 CVE-2024-45429 Wpengine Cross-site Scripting vulnerability in Wpengine Advanced Custom Fields

Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier.

6.1
2024-09-04 CVE-2024-20506 Clamav Improper Check for Unusual or Exceptional Conditions vulnerability in Clamav

A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link.

6.1
2024-09-04 CVE-2024-2166 Forcepoint Cross-site Scripting vulnerability in Forcepoint Email Security

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003.

6.1
2024-09-04 CVE-2024-45399 Cern Cross-site Scripting vulnerability in Cern Indico

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask.

6.1
2024-09-04 CVE-2024-8412 Linuxos Open Redirect vulnerability in Linuxos Shakal-Ng

A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3.

6.1
2024-09-04 CVE-2024-44819 Zzcms Cross-site Scripting vulnerability in Zzcms

Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the admin/del.php component.

6.1
2024-09-04 CVE-2024-44820 Zzcms Cross-site Scripting vulnerability in Zzcms

A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/.

6.1
2024-09-04 CVE-2024-7077 Semtekyazilim Cross-site Scripting vulnerability in Semtekyazilim Semtek Sempos

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semtek Informatics Software Consulting Inc.

6.1
2024-09-04 CVE-2024-8413 Raspcontrol Project Cross-site Scripting vulnerability in Raspcontrol Project Raspcontrol 1.0

Cross Site Scripting (XSS) vulnerability through the action parameter in index.php.

6.1
2024-09-04 CVE-2024-8117 Wpextended Cross-site Scripting vulnerability in Wpextended WP Extended

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping.

6.1
2024-09-04 CVE-2024-8119 Wpextended Cross-site Scripting vulnerability in Wpextended WP Extended

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping.

6.1
2024-09-04 CVE-2024-6020 Fetchdesigns Cross-site Scripting vulnerability in Fetchdesigns Sign-Up Sheets

The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting.

6.1
2024-09-03 CVE-2024-42904 Syspass Cross-site Scripting vulnerability in Syspass

A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php.

6.1
2024-09-03 CVE-2024-7654 Progress Cross-site Scripting vulnerability in Progress Openedge

An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated.  Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other types of attack that could spoof or deceive web interface users.   Unauthorized use of the OEE/OEM discovery service was remediated by deactivating the discovery service by default.

6.1
2024-09-03 CVE-2024-8386 Mozilla Open Redirect vulnerability in Mozilla Firefox

If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack.

6.1
2024-09-03 CVE-2024-44920 Seacms Cross-site Scripting vulnerability in Seacms 12.9

A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter.

6.1
2024-09-03 CVE-2024-42061 Zyxel Cross-site Scripting vulnerability in Zyxel ZLD Firmware 4.30/4.55

A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload.

6.1
2024-09-02 CVE-2024-43792 Halo Cross-site Scripting vulnerability in Halo

Halo is an open source website building tool.

6.1
2024-09-02 CVE-2024-6920 NAC Cross-site Scripting vulnerability in NAC Nacpremium

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc.

6.1
2024-09-02 CVE-2024-38858 Checkmk Cross-site Scripting vulnerability in Checkmk

Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.

6.1
2024-09-02 CVE-2024-7354 Ninjaforms Cross-site Scripting vulnerability in Ninjaforms Ninja Forms

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2024-09-02 CVE-2024-7691 Projectcaruso Cross-site Scripting vulnerability in Projectcaruso Flaming Forms

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.

6.1
2024-09-02 CVE-2024-7692 Projectcaruso Cross-site Scripting vulnerability in Projectcaruso Flaming Forms

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

6.1
2024-09-06 CVE-2024-45040 Consensys Unspecified vulnerability in Consensys Gnark-Crypto

gnark is a fast zk-SNARK library that offers a high-level API to design circuits.

5.9
2024-09-06 CVE-2024-45300 ALF Race Condition vulnerability in ALF 2.0M42304

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups.

5.9
2024-09-05 CVE-2024-45589 Identityautomation Improper Restriction of Excessive Authentication Attempts vulnerability in Identityautomation Rapididentity

RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters.

5.9
2024-09-05 CVE-2024-8460 Dlink Unspecified vulnerability in Dlink Dns-320 Firmware 2.02B01

A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01.

5.9
2024-09-02 CVE-2023-7279 SSE Secure Systems Unspecified vulnerability in Sse-Secure-Systems Connaisseur

A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic.

5.9
2024-09-07 CVE-2024-40680 IBM Allocation of Resources Without Limits or Throttling vulnerability in IBM MQ Operator 2.0.26/3.2.4

IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.

5.5
2024-09-06 CVE-2023-52915 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user.

5.5
2024-09-05 CVE-2024-45107 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-09-04 CVE-2024-44975 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: fix panic caused by partcmd_update We find a bug as below: BUG: unable to handle page fault for address: 00000003 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 358 Comm: bash Tainted: G W I 6.6.0-10893-g60d6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4 RIP: 0010:partition_sched_domains_locked+0x483/0x600 Code: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9 RSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202 RAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80 RBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000 R10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002 R13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0 Call Trace: <TASK> ? show_regs+0x8c/0xa0 ? __die_body+0x23/0xa0 ? __die+0x3a/0x50 ? page_fault_oops+0x1d2/0x5c0 ? partition_sched_domains_locked+0x483/0x600 ? search_module_extables+0x2a/0xb0 ? search_exception_tables+0x67/0x90 ? kernelmode_fixup_or_oops+0x144/0x1b0 ? __bad_area_nosemaphore+0x211/0x360 ? up_read+0x3b/0x50 ? bad_area_nosemaphore+0x1a/0x30 ? exc_page_fault+0x890/0xd90 ? __lock_acquire.constprop.0+0x24f/0x8d0 ? __lock_acquire.constprop.0+0x24f/0x8d0 ? asm_exc_page_fault+0x26/0x30 ? partition_sched_domains_locked+0x483/0x600 ? partition_sched_domains_locked+0xf0/0x600 rebuild_sched_domains_locked+0x806/0xdc0 update_partition_sd_lb+0x118/0x130 cpuset_write_resmask+0xffc/0x1420 cgroup_file_write+0xb2/0x290 kernfs_fop_write_iter+0x194/0x290 new_sync_write+0xeb/0x160 vfs_write+0x16f/0x1d0 ksys_write+0x81/0x180 __x64_sys_write+0x21/0x30 x64_sys_call+0x2f25/0x4630 do_syscall_64+0x44/0xb0 entry_SYSCALL_64_after_hwframe+0x78/0xe2 RIP: 0033:0x7f44a553c887 It can be reproduced with cammands: cd /sys/fs/cgroup/ mkdir test cd test/ echo +cpuset > ../cgroup.subtree_control echo root > cpuset.cpus.partition cat /sys/fs/cgroup/cpuset.cpus.effective 0-3 echo 0-3 > cpuset.cpus // taking away all cpus from root This issue is caused by the incorrect rebuilding of scheduling domains. In this scenario, test/cpuset.cpus.partition should be an invalid root and should not trigger the rebuilding of scheduling domains.

5.5
2024-09-04 CVE-2024-44976 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ata: pata_macio: Fix DMA table overflow Kolbjørn and Jonáš reported that their 32-bit PowerMacs were crashing in pata-macio since commit 09fe2bfa6b83 ("ata: pata_macio: Fix max_segment_size with PAGE_SIZE == 64K"). For example: kernel BUG at drivers/ata/pata_macio.c:544! Oops: Exception in kernel mode, sig: 5 [#1] BE PAGE_SIZE=4K MMU=Hash SMP NR_CPUS=2 DEBUG_PAGEALLOC PowerMac ... NIP pata_macio_qc_prep+0xf4/0x190 LR pata_macio_qc_prep+0xfc/0x190 Call Trace: 0xc1421660 (unreliable) ata_qc_issue+0x14c/0x2d4 __ata_scsi_queuecmd+0x200/0x53c ata_scsi_queuecmd+0x50/0xe0 scsi_queue_rq+0x788/0xb1c __blk_mq_issue_directly+0x58/0xf4 blk_mq_plug_issue_direct+0x8c/0x1b4 blk_mq_flush_plug_list.part.0+0x584/0x5e0 __blk_flush_plug+0xf8/0x194 __submit_bio+0x1b8/0x2e0 submit_bio_noacct_nocheck+0x230/0x304 btrfs_work_helper+0x200/0x338 process_one_work+0x1a8/0x338 worker_thread+0x364/0x4c0 kthread+0x100/0x104 start_kernel_thread+0x10/0x14 That commit increased max_segment_size to 64KB, with the justification that the SCSI core was already using that size when PAGE_SIZE == 64KB, and that there was existing logic to split over-sized requests. However with a sufficiently large request, the splitting logic causes each sg to be split into two commands in the DMA table, leading to overflow of the DMA table, triggering the BUG_ON(). With default settings the bug doesn't trigger, because the request size is limited by max_sectors_kb == 1280, however max_sectors_kb can be increased, and apparently some distros do that by default using udev rules. Fix the bug for 4KB kernels by reverting to the old max_segment_size. For 64KB kernels the sg_tablesize needs to be halved, to allow for the possibility that each sg will be split into two.

5.5
2024-09-04 CVE-2024-44979 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault On driver reload we never free up the memory for the pagefault and access counter workqueues.

5.5
2024-09-04 CVE-2024-44980 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix opregion leak Being part o the display, ideally the setup and cleanup would be done by display itself.

5.5
2024-09-04 CVE-2024-44981 Linux Integer Overflow or Wraparound vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask() UBSAN reports the following 'subtraction overflow' error when booting in a virtual machine on Android: | Internal error: UBSAN: integer subtraction overflow: 00000000f2005515 [#1] PREEMPT SMP | Modules linked in: | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-00006-g3cbe9e5abd46-dirty #4 | Hardware name: linux,dummy-virt (DT) | pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : cancel_delayed_work+0x34/0x44 | lr : cancel_delayed_work+0x2c/0x44 | sp : ffff80008002ba60 | x29: ffff80008002ba60 x28: 0000000000000000 x27: 0000000000000000 | x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 | x23: 0000000000000000 x22: 0000000000000000 x21: ffff1f65014cd3c0 | x20: ffffc0e84c9d0da0 x19: ffffc0e84cab3558 x18: ffff800080009058 | x17: 00000000247ee1f8 x16: 00000000247ee1f8 x15: 00000000bdcb279d | x14: 0000000000000001 x13: 0000000000000075 x12: 00000a0000000000 | x11: ffff1f6501499018 x10: 00984901651fffff x9 : ffff5e7cc35af000 | x8 : 0000000000000001 x7 : 3d4d455453595342 x6 : 000000004e514553 | x5 : ffff1f6501499265 x4 : ffff1f650ff60b10 x3 : 0000000000000620 | x2 : ffff80008002ba78 x1 : 0000000000000000 x0 : 0000000000000000 | Call trace: | cancel_delayed_work+0x34/0x44 | deferred_probe_extend_timeout+0x20/0x70 | driver_register+0xa8/0x110 | __platform_driver_register+0x28/0x3c | syscon_init+0x24/0x38 | do_one_initcall+0xe4/0x338 | do_initcall_level+0xac/0x178 | do_initcalls+0x5c/0xa0 | do_basic_setup+0x20/0x30 | kernel_init_freeable+0x8c/0xf8 | kernel_init+0x28/0x1b4 | ret_from_fork+0x10/0x20 | Code: f9000fbf 97fffa2f 39400268 37100048 (d42aa2a0) | ---[ end trace 0000000000000000 ]--- | Kernel panic - not syncing: UBSAN: integer subtraction overflow: Fatal exception This is due to shift_and_mask() using a signed immediate to construct the mask and being called with a shift of 31 (WORK_OFFQ_POOL_SHIFT) so that it ends up decrementing from INT_MIN. Use an unsigned constant '1U' to generate the mask in shift_and_mask().

5.5
2024-09-04 CVE-2024-44982 Linux Incomplete Cleanup vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails If the dpu_format_populate_layout() fails, then FB is prepared, but not cleaned up.

5.5
2024-09-04 CVE-2024-44984 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT Remove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT code path.

5.5
2024-09-04 CVE-2024-44988 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).

5.5
2024-09-04 CVE-2024-44989 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel.

5.5
2024-09-04 CVE-2024-44990 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer.

5.5
2024-09-04 CVE-2024-44991 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: tcp: prevent concurrent execution of tcp_sk_exit_batch Its possible that two threads call tcp_sk_exit_batch() concurrently, once from the cleanup_net workqueue, once from a task that failed to clone a new netns.

5.5
2024-09-04 CVE-2024-44992 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid possible NULL dereference in cifs_free_subrequest() Clang static checker (scan-build) warning: cifsglob.h:line 890, column 3 Access to field 'ops' results in a dereference of a null pointer. Commit 519be989717c ("cifs: Add a tracepoint to track credits involved in R/W requests") adds a check for 'rdata->server', and let clang throw this warning about NULL dereference. When 'rdata->credits.value != 0 && rdata->server == NULL' happens, add_credits_and_wake_if() will call rdata->server->ops->add_credits(). This will cause NULL dereference problem.

5.5
2024-09-04 CVE-2024-44994 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iommu: Restore lost return in iommu_report_device_fault() When iommu_report_device_fault gets called with a partial fault it is supposed to collect the fault into the group and then return. Instead the return was accidently deleted which results in trying to process the fault and an eventual crash. Deleting the return was a typo, put it back.

5.5
2024-09-04 CVE-2024-44995 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: pf reset start ¦ ? ...... setup tc ¦ ¦ ? ? DOWN: napi_disable() napi_disable()(skip) ¦ ¦ ¦ ? ? ......

5.5
2024-09-04 CVE-2024-44996 Linux Uncontrolled Recursion vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive ->recvmsg calls After a vsock socket has been added to a BPF sockmap, its prot->recvmsg has been replaced with vsock_bpf_recvmsg().

5.5
2024-09-04 CVE-2024-45000 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fs/netfs/fscache_cookie: add missing "n_accesses" check This fixes a NULL pointer dereference bug due to a data race which looks like this: BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018 Workqueue: events_unbound netfs_rreq_write_to_cache_work RIP: 0010:cachefiles_prepare_write+0x30/0xa0 Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10 RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286 RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000 RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438 RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001 R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68 R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00 FS: 0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0 Call Trace: <TASK> ? __die+0x1f/0x70 ? page_fault_oops+0x15d/0x440 ? search_module_extables+0xe/0x40 ? fixup_exception+0x22/0x2f0 ? exc_page_fault+0x5f/0x100 ? asm_exc_page_fault+0x22/0x30 ? cachefiles_prepare_write+0x30/0xa0 netfs_rreq_write_to_cache_work+0x135/0x2e0 process_one_work+0x137/0x2c0 worker_thread+0x2e9/0x400 ? __pfx_worker_thread+0x10/0x10 kthread+0xcc/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Modules linked in: CR2: 0000000000000008 ---[ end trace 0000000000000000 ]--- This happened because fscache_cookie_state_machine() was slow and was still running while another process invoked fscache_unuse_cookie(); this led to a fscache_cookie_lru_do_one() call, setting the FSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by fscache_cookie_state_machine(), withdrawing the cookie via cachefiles_withdraw_cookie(), clearing cookie->cache_priv. At the same time, yet another process invoked cachefiles_prepare_write(), which found a NULL pointer in this code line: struct cachefiles_object *object = cachefiles_cres_object(cres); The next line crashes, obviously: struct cachefiles_cache *cache = object->volume->cache; During cachefiles_prepare_write(), the "n_accesses" counter is non-zero (via fscache_begin_operation()).

5.5
2024-09-04 CVE-2024-45001 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix RX buf alloc_size alignment and atomic op panic The MANA driver's RX buffer alloc_size is passed into napi_build_skb() to create SKB.

5.5
2024-09-04 CVE-2024-45002 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: rtla/osnoise: Prevent NULL dereference in error handling If the "tool->data" allocation fails then there is no need to call osnoise_free_top() and, in fact, doing so will lead to a NULL dereference.

5.5
2024-09-04 CVE-2024-45004 Linux Cleartext Storage of Sensitive Information vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak of blob encryption key Trusted keys unseal the key blob on load, but keep the sealed payload in the blob field so that every subsequent read (export) will simply convert this field to hex and send it to userspace. With DCP-based trusted keys, we decrypt the blob encryption key (BEK) in the Kernel due hardware limitations and then decrypt the blob payload. BEK decryption is done in-place which means that the trusted key blob field is modified and it consequently holds the BEK in plain text. Every subsequent read of that key thus send the plain text BEK instead of the encrypted BEK to userspace. This issue only occurs when importing a trusted DCP-based key and then exporting it again.

5.5
2024-09-04 CVE-2024-45005 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.use_gisa=0" or by setting the related sysfs attribute to N (echo N >/sys/module/kvm/parameters/use_gisa). The validity is caused by an invalid value in the SIE control block's gisa designation.

5.5
2024-09-04 CVE-2024-45006 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration re-enumerating full-speed devices after a failed address device command can trigger a NULL pointer dereference. Full-speed devices may need to reconfigure the endpoint 0 Max Packet Size value during enumeration.

5.5
2024-09-04 CVE-2024-44950 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix invalid FIFO access with special register set When enabling access to the special register set, Receiver time-out and RHR interrupts can happen.

5.5
2024-09-04 CVE-2024-44952 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: driver core: Fix uevent_show() vs driver detach race uevent_show() wants to de-reference dev->driver->name.

5.5
2024-09-04 CVE-2024-44953 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix deadlock during RTC update There is a deadlock when runtime suspend waits for the flush of RTC work, and the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume. Here is deadlock backtrace: kworker/0:1 D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367 ptr f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff <ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4 <ffffffee5e71e604> __schedule+0x684/0xa98 <ffffffee5e71ea60> schedule+0x48/0xc8 <ffffffee5e725f78> schedule_timeout+0x48/0x170 <ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0 <ffffffee5e71efe0> wait_for_completion+0x44/0x60 <ffffffee5d6de968> __flush_work+0x39c/0x424 <ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208 <ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28 <ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480 <ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4 <ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8 <ffffffee5df93580> __rpm_callback+0x94/0x3e0 <ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c <ffffffee5df91448> __pm_runtime_suspend+0x80/0x114 <ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c <ffffffee5df912f4> rpm_idle+0x264/0x338 <ffffffee5df90f14> __pm_runtime_idle+0x80/0x110 <ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4 <ffffffee5d6e3a40> process_one_work+0x26c/0x650 <ffffffee5d6e65c8> worker_thread+0x260/0x3d8 <ffffffee5d6edec8> kthread+0x110/0x134 <ffffffee5d616b18> ret_from_fork+0x10/0x20 Skip updating RTC if RPM state is not RPM_ACTIVE.

5.5
2024-09-04 CVE-2024-44955 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute [Why] When unplug one of monitors connected after mst hub, encounter null pointer dereference. It's due to dc_sink get released immediately in early_unregister() or detect_ctx().

5.5
2024-09-04 CVE-2024-44956 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/xe/preempt_fence: enlarge the fence critical section It is really easy to introduce subtle deadlocks in preempt_fence_work_func() since we operate on single global ordered-wq for signalling our preempt fences behind the scenes, so even though we signal a particular fence, everything in the callback should be in the fence critical section, since blocking in the callback will prevent other published fences from signalling.

5.5
2024-09-04 CVE-2024-44957 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Switch from mutex to spinlock for irqfds irqfd_wakeup() gets EPOLLHUP, when it is called by eventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which gets called under spin_lock_irqsave().

5.5
2024-09-04 CVE-2024-44958 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance sched_smt_present dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0 Call Trace: <TASK> __static_key_slow_dec_cpuslocked+0x16/0x70 sched_cpu_deactivate+0x26e/0x2a0 cpuhp_invoke_callback+0x3ad/0x10d0 cpuhp_thread_fun+0x3f5/0x680 smpboot_thread_fn+0x56d/0x8d0 kthread+0x309/0x400 ret_from_fork+0x41/0x70 ret_from_fork_asm+0x1b/0x30 </TASK> Because when cpuset_cpu_inactive() fails in sched_cpu_deactivate(), the cpu offline failed, but sched_smt_present is decremented before calling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so fix it by incrementing sched_smt_present in the error path.

5.5
2024-09-04 CVE-2024-44959 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: tracefs: Use generic inode RCU for synchronizing freeing With structure layout randomization enabled for 'struct inode' we need to avoid overlapping any of the RCU-used / initialized-only-once members, e.g.

5.5
2024-09-04 CVE-2024-44960 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug during development of new gadgets.

5.5
2024-09-04 CVE-2024-44961 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Forward soft recovery errors to userspace As we discussed before[1], soft recovery should be forwarded to userspace, or we can get into a really bad state where apps will keep submitting hanging command buffers cascading us to a hard reset. 1: https://lore.kernel.org/all/[email protected]/ (cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)

5.5
2024-09-04 CVE-2024-44962 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading When unload the btnxpuart driver, its associated timer will be deleted. If the timer happens to be modified at this moment, it leads to the kernel call this timer even after the driver unloaded, resulting in kernel panic. Use timer_shutdown_sync() instead of del_timer_sync() to prevent rearming. panic log: Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded: btnxpuart] CPU: 5 PID: 723 Comm: memtester Tainted: G O 6.6.23-lts-next-06207-g4aef2658ac28 #1 Hardware name: NXP i.MX95 19X19 board (DT) pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0xffff80007a2cf464 lr : call_timer_fn.isra.0+0x24/0x80 ... Call trace: 0xffff80007a2cf464 __run_timers+0x234/0x280 run_timer_softirq+0x20/0x40 __do_softirq+0x100/0x26c ____do_softirq+0x10/0x1c call_on_irq_stack+0x24/0x4c do_softirq_own_stack+0x1c/0x2c irq_exit_rcu+0xc0/0xdc el0_interrupt+0x54/0xd8 __el0_irq_handler_common+0x18/0x24 el0t_64_irq_handler+0x10/0x1c el0t_64_irq+0x190/0x194 Code: ???????? ???????? ???????? ???????? (????????) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x0,c0000000,40028143,1000721b Memory Limit: none ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---

5.5
2024-09-04 CVE-2024-44963 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON() when freeing tree block after error When freeing a tree block, at btrfs_free_tree_block(), if we fail to create a delayed reference we don't deal with the error and just do a BUG_ON().

5.5
2024-09-04 CVE-2024-44965 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pti_clone_pgtable() alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then #DF from the stack guard. It turned out that pti_clone_pgtable() had alignment assumptions on the start address, notably it hard assumes start is PMD aligned.

5.5
2024-09-04 CVE-2024-44966 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix corruption when not offsetting data start Commit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start") introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the (obsolete) array of shared library pointers.

5.5
2024-09-04 CVE-2024-44968 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer more reliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers hoist the access into the non-preemptible region where the pointer is actually used.

5.5
2024-09-04 CVE-2024-44969 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation.

5.5
2024-09-04 CVE-2024-44970 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list (mlx5_wq_ll_pop()).

5.5
2024-09-04 CVE-2024-44971 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() bcm_sf2_mdio_register() calls of_phy_find_device() and then phy_device_remove() in a loop to remove existing PHY devices. of_phy_find_device() eventually calls bus_find_device(), which calls get_device() on the returned struct device * to increment the refcount. The current implementation does not decrement the refcount, which causes memory leak. This commit adds the missing phy_device_free() call to decrement the refcount via put_device() to balance the refcount.

5.5
2024-09-04 CVE-2024-44972 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clear page dirty inside extent_write_locked_range() [BUG] For subpage + zoned case, the following workload can lead to rsv data leak at unmount time: # mkfs.btrfs -f -s 4k $dev # mount $dev $mnt # fsstress -w -n 8 -d $mnt -s 1709539240 0/0: fiemap - no filename 0/1: copyrange read - no filename 0/2: write - no filename 0/3: rename - no source filename 0/4: creat f0 x:0 0 0 0/4: creat add id=0,parent=-1 0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0 0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1 0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat() 0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0 # umount $mnt The dmesg includes the following rsv leak detection warning (all call trace skipped): ------------[ cut here ]------------ WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs] ---[ end trace 0000000000000000 ]--- BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6 ------------[ cut here ]------------ WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs] ---[ end trace 0000000000000000 ]--- BTRFS info (device sda): space_info DATA has 268218368 free, is not full BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0 BTRFS info (device sda): global_block_rsv: size 0 reserved 0 BTRFS info (device sda): trans_block_rsv: size 0 reserved 0 BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0 BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0 BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0 ------------[ cut here ]------------ WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs] ---[ end trace 0000000000000000 ]--- BTRFS info (device sda): space_info METADATA has 267796480 free, is not full BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760 BTRFS info (device sda): global_block_rsv: size 0 reserved 0 BTRFS info (device sda): trans_block_rsv: size 0 reserved 0 BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0 BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0 BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0 Above $dev is a tcmu-runner emulated zoned HDD, which has a max zone append size of 64K, and the system has 64K page size. [CAUSE] I have added several trace_printk() to show the events (header skipped): > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688 > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288 > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536 > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864 The above lines show our buffered write has dirtied 3 pages of inode 259 of root 5: 704K 768K 832K 896K I |////I/////////////////I///////////| I 756K 868K |///| is the dirtied range using subpage bitmaps.

5.5
2024-09-04 CVE-2024-44973 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mm, slub: do not call do_slab_free for kfence object In 782f8906f805 the freeing of kfence objects was moved from deep inside do_slab_free to the wrapper functions outside.

5.5
2024-09-04 CVE-2024-20503 Cisco Missing Encryption of Sensitive Data vulnerability in Cisco DUO Authentication for Epic

A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key.

5.5
2024-09-04 CVE-2024-45314 Dpgaspar Unspecified vulnerability in Dpgaspar Flask APP Builder

Flask-AppBuilder is an application development framework.

5.5
2024-09-04 CVE-2024-34637 Samsung Unspecified vulnerability in Samsung Android 12.0/13.0/14.0

Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.

5.5
2024-09-04 CVE-2024-34643 Samsung Unspecified vulnerability in Samsung Android 14.0

Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data.

5.5
2024-09-04 CVE-2024-34644 Samsung Unspecified vulnerability in Samsung Android 14.0

Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data.

5.5
2024-09-04 CVE-2024-34646 Samsung Unspecified vulnerability in Samsung Android 12.0/13.0/14.0

Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service.

5.5
2024-09-04 CVE-2024-34647 Samsung Unspecified vulnerability in Samsung Android 12.0/13.0/14.0

Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license.

5.5
2024-09-04 CVE-2024-34648 Samsung Incorrect Default Permissions vulnerability in Samsung Android 12.0/13.0/14.0

Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data.

5.5
2024-09-04 CVE-2024-34651 Samsung Incorrect Authorization vulnerability in Samsung Android 12.0/13.0/14.0

Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.

5.5
2024-09-04 CVE-2024-34654 Samsung Unspecified vulnerability in Samsung Android 13.0/14.0

Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege.

5.5
2024-09-04 CVE-2024-34655 Samsung Unspecified vulnerability in Samsung Android 12.0/13.0/14.0

Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager.

5.5
2024-09-04 CVE-2024-45444 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Access permission verification vulnerability in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-09-04 CVE-2024-45445 Huawei Incomplete Cleanup vulnerability in Huawei Emui and Harmonyos

Vulnerability of resources not being closed or released in the keystore module Impact: Successful exploitation of this vulnerability will affect availability.

5.5
2024-09-04 CVE-2024-45446 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Access permission verification vulnerability in the camera driver module Impact: Successful exploitation of this vulnerability will affect availability.

5.5
2024-09-04 CVE-2024-45447 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Access control vulnerability in the camera framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-09-04 CVE-2024-45448 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Page table protection configuration vulnerability in the trusted firmware module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-09-04 CVE-2024-45449 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Access permission verification vulnerability in the ringtone setting module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-09-04 CVE-2024-8298 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Memory request vulnerability in the memory management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-09-02 CVE-2024-44947 Linux Improper Initialization vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter).

5.5
2024-09-02 CVE-2024-45306 VIM Out-of-bounds Write vulnerability in VIM

Vim is an open source, command line text editor.

5.5
2024-09-02 CVE-2024-33043 Transient DOS while handling PS event when Program Service name length offset value is set to 255.
5.5
2024-09-02 CVE-2024-28044 Openatom Integer Overflow or Wraparound vulnerability in Openatom Openharmony 4.0

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow.

5.5
2024-09-02 CVE-2024-38382 Openatom Out-of-bounds Read vulnerability in Openatom Openharmony 4.0/4.0.1

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

5.5
2024-09-02 CVE-2024-39612 Openatom Out-of-bounds Read vulnerability in Openatom Openharmony 4.0/4.0.1

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

5.5
2024-09-08 CVE-2024-8583 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Online Bank Management System 1.0

A vulnerability was found in SourceCodester Online Bank Management System and Online Bank Management System - 1.0.

5.4
2024-09-08 CVE-2024-6859 Ngothang Cross-site Scripting vulnerability in Ngothang WP Multitasking

The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2024-09-07 CVE-2024-42020 Veeam Cross-site Scripting vulnerability in Veeam ONE 12.0.0.2498/12.0.1.2591

A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.

5.4
2024-09-07 CVE-2024-8554 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Clinic'S Patient Management System 2.0

A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic.

5.4
2024-09-07 CVE-2024-6849 WP Brandtheme Cross-site Scripting vulnerability in Wp-Brandtheme Preloader Plus

The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping.

5.4
2024-09-06 CVE-2024-21897 Qnap Cross-site Scripting vulnerability in Qnap QTS and Quts Hero

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions.

5.4
2024-09-06 CVE-2024-27122 Qnap Cross-site Scripting vulnerability in Qnap Notes Station 3

A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3.

5.4
2024-09-06 CVE-2024-27126 Qnap Cross-site Scripting vulnerability in Qnap Notes Station 3

A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3.

5.4
2024-09-06 CVE-2024-38640 Qnap Cross-site Scripting vulnerability in Qnap Download Station

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station.

5.4
2024-09-06 CVE-2024-44837 Deathbreak Cross-site Scripting vulnerability in Deathbreak Drug 1.0

A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter.

5.4
2024-09-06 CVE-2024-7599 Wpcodeus Cross-site Scripting vulnerability in Wpcodeus Advanced Sermons

The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping.

5.4
2024-09-06 CVE-2024-7611 Themelooks Cross-site Scripting vulnerability in Themelooks Enter Addons

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-06 CVE-2024-8317 Wpeka Cross-site Scripting vulnerability in Wpeka WP Adcenter

The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ad_alignment’ attribute in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping.

5.4
2024-09-05 CVE-2024-6894 Rdstation Cross-site Scripting vulnerability in Rdstation RD Station

The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post metaboxes added by the plugin.

5.4
2024-09-05 CVE-2024-6929 Ankitpokhrel Cross-site Scripting vulnerability in Ankitpokhrel Dynamic Featured Image

The Dynamic Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘dfiFeatured’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping.

5.4
2024-09-05 CVE-2024-5309 Wpvibes Missing Authorization vulnerability in Wpvibes Form Vibes

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12.

5.4
2024-09-05 CVE-2024-8363 Share This Image Cross-site Scripting vulnerability in Share-This-Image Share This Image

The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-04 CVE-2024-8407 Alwindoss Cross-site Scripting vulnerability in Alwindoss Akademy

A vulnerability was found in alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba.

5.4
2024-09-04 CVE-2024-8318 Websevendev Cross-site Scripting vulnerability in Websevendev Attributes for Blocks

The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributesForBlocks’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping.

5.4
2024-09-04 CVE-2024-8123 Wpextended Authorization Bypass Through User-Controlled Key vulnerability in Wpextended WP Extended

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key.

5.4
2024-09-04 CVE-2024-8325 Blockspare Cross-site Scripting vulnerability in Blockspare

The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the ‘blockspare_render_social_sharing_block’ function in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping.

5.4
2024-09-03 CVE-2024-45180 Squaredup Cross-site Scripting vulnerability in Squaredup DS for Scom

SquaredUp DS for SCOM 6.2.1.11104 allows XSS.

5.4
2024-09-03 CVE-2024-45389 Cloudcannon Cross-site Scripting vulnerability in Cloudcannon Pagefinder

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads.

5.4
2024-09-03 CVE-2024-43412 Xibosignage Cross-site Scripting vulnerability in Xibosignage Xibo

Xibo is an open source digital signage platform with a web content management system (CMS).

5.4
2024-09-02 CVE-2024-45621 Rocket Chat Cross-site Scripting vulnerability in Rocket.Chat

The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external actions from PDF documents.

5.4
2024-09-02 CVE-2024-28100 Elabftw Cross-site Scripting vulnerability in Elabftw

eLabFTW is an open source electronic lab notebook for research labs.

5.4
2024-09-02 CVE-2024-43801 Jellyfin Unspecified vulnerability in Jellyfin

Jellyfin is an open source self hosted media server.

5.4
2024-09-02 CVE-2024-45313 Overleaf Insecure Default Initialization of Resource vulnerability in Overleaf

Overleaf is a web-based collaborative LaTeX editor.

5.4
2024-09-02 CVE-2024-7932 3DS Cross-site Scripting vulnerability in 3DS 3Dexperience R2024X

A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

5.4
2024-09-02 CVE-2024-7938 3DS Cross-site Scripting vulnerability in 3DS 3Dexperience R2023X/R2024X

A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

5.4
2024-09-02 CVE-2024-7939 3DS Cross-site Scripting vulnerability in 3DS 3Dexperience R2024X

A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

5.4
2024-09-02 CVE-2024-8004 3DS Cross-site Scripting vulnerability in 3DS 3Dexperience Enovia R2022X/R2023X/R2024X

A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

5.4
2024-09-08 CVE-2024-8571 Erjemin Information Exposure Through an Error Message vulnerability in Erjemin Roll CMS

A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9.

5.3
2024-09-07 CVE-2024-6010 Stylemixthemes Unspecified vulnerability in Stylemixthemes Cost Calculator Builder

The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1.

5.3
2024-09-06 CVE-2024-7415 Coffee2Code Information Exposure Through an Error Message vulnerability in Coffee2Code Remember ME Controls

The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1.

5.3
2024-09-06 CVE-2024-40865 Apple Unspecified vulnerability in Apple Visionos 1.0.2/1.1/1.2

The issue was addressed by suspending Persona when the virtual keyboard is active.

5.3
2024-09-05 CVE-2024-8461 Dlink Unspecified vulnerability in Dlink Dns-320 Firmware 2.02B01

A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01.

5.3
2024-09-05 CVE-2022-4529 Msoftplugins Unspecified vulnerability in Msoftplugins Security Antivirus Firewall

The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5.

5.3
2024-09-05 CVE-2024-5956 Trellix Improper Authentication vulnerability in Trellix Intrusion Prevention System Manager 11.1.7.97

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly

5.3
2024-09-05 CVE-2024-7381 Infinitumform Missing Authorization vulnerability in Infinitumform GEO Controller

The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9.

5.3
2024-09-05 CVE-2024-6835 Ivorysearch Unspecified vulnerability in Ivorysearch Ivory Search

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function.

5.3
2024-09-04 CVE-2024-45052 Ethyca Information Exposure Through Discrepancy vulnerability in Ethyca Fides

Fides is an open-source privacy engineering platform.

5.3
2024-09-04 CVE-2024-34659 Samsung Unspecified vulnerability in Samsung Group Sharing 10.8.03.2

Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group.

5.3
2024-09-04 CVE-2024-7786 Automattic Unspecified vulnerability in Automattic Sensei LMS

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.

5.3
2024-09-03 CVE-2024-8388 Mozilla Unspecified vulnerability in Mozilla Firefox

Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121.

5.3
2024-09-02 CVE-2024-45312 Overleaf Injection vulnerability in Overleaf

Overleaf is a web-based collaborative LaTeX editor.

5.3
2024-09-05 CVE-2024-45157 ARM Unspecified vulnerability in ARM Mbed TLS

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used.

5.1
2024-09-03 CVE-2024-37136 Dell Unspecified vulnerability in Dell Path to Powerprotect 1.1/1.2

Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability.

4.9
2024-09-03 CVE-2024-6343 Zyxel Classic Buffer Overflow vulnerability in Zyxel ZLD Firmware 4.30/4.55

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

4.9
2024-09-06 CVE-2023-50366 Qnap Cross-site Scripting vulnerability in Qnap QTS and Quts Hero

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions.

4.8
2024-09-06 CVE-2024-27125 Qnap Cross-site Scripting vulnerability in Qnap Helpdesk

A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk.

4.8
2024-09-05 CVE-2022-3556 Kanev Cross-site Scripting vulnerability in Kanev CAB Fare Calculator 1.0.3/1.0.4

The Cab fare calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vehicle title setting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping.

4.8
2024-09-04 CVE-2024-6722 Mansurahamed Cross-site Scripting vulnerability in Mansurahamed Chatbot Support AI

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2024-09-04 CVE-2024-6888 AYS PRO Cross-site Scripting vulnerability in Ays-Pro Secure Copy Content Protection and Content Locking

The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2024-09-04 CVE-2024-6889 AYS PRO Cross-site Scripting vulnerability in Ays-Pro Secure Copy Content Protection and Content Locking

The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2024-09-03 CVE-2024-43413 Xibosignage Cross-site Scripting vulnerability in Xibosignage Xibo

Xibo is an open source digital signage platform with a web content management system (CMS).

4.8
2024-09-03 CVE-2024-7346 Progress Improper Authentication vulnerability in Progress Openedge

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection.  This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security.  The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation.

4.8
2024-09-06 CVE-2024-21903 Qnap Command Injection vulnerability in Qnap QTS and Quts Hero

An OS command injection vulnerability has been reported to affect several QNAP operating system versions.

4.7
2024-09-06 CVE-2024-21906 Qnap OS Command Injection vulnerability in Qnap QTS and Quts Hero

An OS command injection vulnerability has been reported to affect several QNAP operating system versions.

4.7
2024-09-05 CVE-2023-51712 ARM Unspecified vulnerability in ARM Trusted Firmware-M

An issue was discovered in Trusted Firmware-M through 2.0.0.

4.7
2024-09-04 CVE-2024-45003 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: vfs: Don't evict inode under the inode lru traversing context The inode reclaiming process(See function prune_icache_sb) collects all reclaimable inodes and mark them with I_FREEING flag at first, at that time, other processes will be stuck if they try getting these inodes (See function find_inode_fast), then the reclaiming process destroy the inodes by function dispose_list().

4.7
2024-09-04 CVE-2024-44954 Linux Race Condition vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from both the URB completion callback and the rawmidi API access.

4.7
2024-09-03 CVE-2024-8399 Mozilla Unspecified vulnerability in Mozilla Firefox Focus 122.0

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130.

4.7
2024-09-05 CVE-2024-39278 Echostar Insufficiently Protected Credentials vulnerability in Echostar Fusion

Credentials to access device configuration information stored unencrypted in flash memory.

4.6
2024-09-04 CVE-2024-34639 Samsung Improper Handling of Exceptional Conditions vulnerability in Samsung Android 12.0/13.0/14.0

Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.

4.6
2024-09-04 CVE-2024-34642 Samsung Incorrect Authorization vulnerability in Samsung Android 12.0/13.0/14.0

Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.

4.6
2024-09-04 CVE-2024-34645 Samsung Unspecified vulnerability in Samsung Android 12.0/13.0

Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications.

4.6
2024-09-04 CVE-2024-34653 Samsung Path Traversal vulnerability in Samsung Android 12.0/13.0/14.0

Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.

4.6
2024-09-04 CVE-2024-41927 Idec Cleartext Transmission of Sensitive Information vulnerability in Idec products

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs.

4.6
2024-09-02 CVE-2024-20084 Linuxfoundation
Rdkcentral
Google
Openwrt
Out-of-bounds Read vulnerability in multiple products

In power, there is a possible out of bounds read due to a missing bounds check.

4.4
2024-09-02 CVE-2024-20085 Linuxfoundation
Rdkcentral
Google
Openwrt
Out-of-bounds Read vulnerability in multiple products

In power, there is a possible out of bounds read due to a missing bounds check.

4.4
2024-09-02 CVE-2024-20088 Google Out-of-bounds Read vulnerability in Google Android 12.0/13.0/14.0

In keyinstall, there is a possible out of bounds read due to a missing bounds check.

4.4
2024-09-08 CVE-2024-42342 Loway HTTP Request Smuggling vulnerability in Loway Queuemetrics 22.11.6/23.09/24.05

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

4.3
2024-09-08 CVE-2024-6852 Ngothang Cross-Site Request Forgery (CSRF) vulnerability in Ngothang WP Multitasking

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3
2024-09-08 CVE-2024-6853 Ngothang Cross-Site Request Forgery (CSRF) vulnerability in Ngothang WP Multitasking

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack

4.3
2024-09-08 CVE-2024-6855 Ngothang Cross-Site Request Forgery (CSRF) vulnerability in Ngothang WP Multitasking

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack

4.3
2024-09-08 CVE-2024-6856 Ngothang Cross-Site Request Forgery (CSRF) vulnerability in Ngothang WP Multitasking

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3
2024-09-08 CVE-2024-6925 Themetechmount Cross-Site Request Forgery (CSRF) vulnerability in Themetechmount Truebooker

The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

4.3
2024-09-07 CVE-2024-8558 Oretnom23 Improper Validation of Specified Quantity in Input vulnerability in Oretnom23 Food Ordering Management System 1.0

A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0.

4.3
2024-09-07 CVE-2024-8538 Infiniteuploads Path Traversal vulnerability in Infiniteuploads BIG File Uploads

The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2.

4.3
2024-09-06 CVE-2024-7622 Jetplugs Missing Authorization vulnerability in Jetplugs Revision Manager TMC

The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the _a_ajaxQuickEmailTestCallback() function in all versions up to, and including, 2.8.19.

4.3
2024-09-06 CVE-2024-8427 Wpshuffle Missing Authorization vulnerability in Wpshuffle Frontend Post Submission Manager

The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_global_settings and process_form_edit functions in all versions up to, and including, 1.2.2.

4.3
2024-09-05 CVE-2024-45392 Salesagility Unspecified vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source customer relationship management (CRM) system.

4.3
2024-09-05 CVE-2024-7380 Infinitumform Missing Authorization vulnerability in Infinitumform GEO Controller

The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9.

4.3
2024-09-05 CVE-2024-7605 Helloasso Missing Authorization vulnerability in Helloasso

The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10.

4.3
2024-09-04 CVE-2024-8414 Munyweki Cross-Site Request Forgery (CSRF) vulnerability in Munyweki Insurance Management System 1.0

A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic.

4.3
2024-09-04 CVE-2024-8411 Abcd Community Cross-site Scripting vulnerability in Abcd-Community Abcd 2.2.0

A vulnerability, which was classified as problematic, has been found in ABCD ABCD2 up to 2.2.0-beta-1.

4.3
2024-09-04 CVE-2024-8121 Wpextended Missing Authorization vulnerability in Wpextended WP Extended

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8.

4.3
2024-09-04 CVE-2024-34661 Samsung Incorrect Default Permissions vulnerability in Samsung Assistant

Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data.

4.3
2024-09-03 CVE-2024-45619 Redhat
Opensc Project
Classic Buffer Overflow vulnerability in multiple products

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.

4.3
2024-09-02 CVE-2024-43797 Audiobookshelf Path Traversal vulnerability in Audiobookshelf

audiobookshelf is a self-hosted audiobook and podcast server.

4.3
2024-09-02 CVE-2024-7690 Digireturn Cross-Site Request Forgery (CSRF) vulnerability in Digireturn DN Popup

The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3
2024-09-02 CVE-2024-45269 Majeedraza Cross-Site Request Forgery (CSRF) vulnerability in Majeedraza Carousel Slider

WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature.

4.3
2024-09-02 CVE-2024-45270 Majeedraza Cross-Site Request Forgery (CSRF) vulnerability in Majeedraza Carousel Slider

WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature.

4.3
2024-09-03 CVE-2024-45678 Yubico Information Exposure Through Discrepancy vulnerability in Yubico products

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue.

4.2

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-03 CVE-2024-45615 Redhat
Opensc Project
Use of Uninitialized Resource vulnerability in multiple products

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.

3.9
2024-09-03 CVE-2024-45616 Redhat
Opensc Project
Use of Uninitialized Resource vulnerability in multiple products

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.

3.9
2024-09-03 CVE-2024-45617 Redhat
Opensc Project
Use of Uninitialized Resource vulnerability in multiple products

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.

3.9
2024-09-03 CVE-2024-45618 Redhat
Opensc Project
Use of Uninitialized Resource vulnerability in multiple products

A vulnerability was found in pkcs15-init in OpenSC.

3.9
2024-09-03 CVE-2024-45620 Redhat
Opensc Project
Classic Buffer Overflow vulnerability in multiple products

A vulnerability was found in the pkcs15-init tool in OpenSC.

3.9
2024-09-04 CVE-2024-34640 Samsung Unspecified vulnerability in Samsung Android 12.0/13.0/14.0

Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.

3.3
2024-09-04 CVE-2024-34641 Samsung Unspecified vulnerability in Samsung Android 12.0/13.0/14.0

Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.

3.3
2024-09-04 CVE-2024-34650 Samsung Incorrect Authorization vulnerability in Samsung Android 14.0

Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.

3.3
2024-09-04 CVE-2024-34652 Samsung Incorrect Authorization vulnerability in Samsung Android 12.0/13.0/14.0

Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.

3.3
2024-09-06 CVE-2024-32771 Qnap Improper Restriction of Excessive Authentication Attempts vulnerability in Qnap QTS and Quts Hero

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions.

2.4
2024-09-04 CVE-2024-34649 Samsung Unspecified vulnerability in Samsung Android 14.0

Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.

2.4