Weekly Vulnerabilities Reports > September 16 to 22, 2024

Overview

447 new vulnerabilities reported during this period, including 53 critical vulnerabilities and 164 high severity vulnerabilities. This weekly summary report vulnerabilities in 186 products from 130 vendors including Apple, Linux, Opennetworking, Draytek, and Intel. Vulnerabilities are notably categorized as "Cross-site Scripting", "Classic Buffer Overflow", "Out-of-bounds Read", "NULL Pointer Dereference", and "SQL Injection".

  • 305 reported vulnerabilities are remotely exploitables.
  • 120 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 244 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 74 reported vulnerabilities.
  • Code Projects has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

53 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-17 CVE-2024-44146 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved file handling.

10.0
2024-09-17 CVE-2024-44148 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved validation of file attributes.

10.0
2024-09-18 CVE-2024-46986 Tuzitio Path Traversal vulnerability in Tuzitio Camaleon CMS

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails.

9.9
2024-09-22 CVE-2024-9087 Vehicle Management Project SQL Injection vulnerability in Vehicle Management Project Vehicle Management 1.0

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0.

9.8
2024-09-22 CVE-2024-9088 Razormist Classic Buffer Overflow vulnerability in Razormist Telecom Billing Management System 1.0

A vulnerability has been found in SourceCodester Telecom Billing Management System 1.0 and classified as critical.

9.8
2024-09-22 CVE-2024-9086 Code Projects SQL Injection vulnerability in Code-Projects Restaurant Reservation System 1.0

A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0.

9.8
2024-09-22 CVE-2024-9082 Oretnom23 Incorrect Authorization vulnerability in Oretnom23 Online Eyewear Shop 1.0

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0.

9.8
2024-09-22 CVE-2024-9085 Code Projects SQL Injection vulnerability in Code-Projects Restaurant Reservation System 1.0

A vulnerability was found in code-projects Restaurant Reservation System 1.0.

9.8
2024-09-22 CVE-2024-9080 Code Projects SQL Injection vulnerability in Code-Projects Student Record System 1.0

A vulnerability was found in code-projects Student Record System 1.0.

9.8
2024-09-22 CVE-2024-9079 Code Projects SQL Injection vulnerability in Code-Projects Student Record System 1.0

A vulnerability was found in code-projects Student Record System 1.0 and classified as critical.

9.8
2024-09-22 CVE-2024-9078 Code Projects SQL Injection vulnerability in Code-Projects Student Record System 1.0

A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical.

9.8
2024-09-20 CVE-2024-9038 Codezips Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Shopping Portal 1.0

A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0.

9.8
2024-09-20 CVE-2024-9039 Mayurik SQL Injection vulnerability in Mayurik Best House Rental Management System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0.

9.8
2024-09-20 CVE-2024-9043 Cellopoint Out-of-bounds Write vulnerability in Cellopoint Secure Email Gateway

Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process.

9.8
2024-09-20 CVE-2024-8853 Medialibs Unspecified vulnerability in Medialibs Webo-Facto

The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function.

9.8
2024-09-20 CVE-2024-9011 Code Projects SQL Injection vulnerability in Code-Projects Crud Operation System 1.0

A vulnerability, which was classified as critical, was found in code-projects Crud Operation System 1.0.

9.8
2024-09-20 CVE-2024-9009 Fabianros SQL Injection vulnerability in Fabianros Online Quiz Site 1.0

A vulnerability, which was classified as critical, has been found in code-projects Online Quiz Site 1.0.

9.8
2024-09-19 CVE-2023-27584 D7Y Use of Hard-coded Credentials vulnerability in D7Y Dragonfly

Dragonfly is an open source P2P-based file distribution and image acceleration system.

9.8
2024-09-19 CVE-2024-46983 Antfin Unspecified vulnerability in Antfin Sofa-Hessian

sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd.

9.8
2024-09-19 CVE-2024-46984 Gematik XXE vulnerability in Gematik Reference Validator

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards.

9.8
2024-09-19 CVE-2024-9008 Best Online News Portal Project SQL Injection vulnerability in Best Online News Portal Project Best Online News Portal 1.0

A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0.

9.8
2024-09-19 CVE-2024-9004 Dlink OS Command Injection vulnerability in Dlink Dar-7000 Firmware

A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912.

9.8
2024-09-19 CVE-2024-33109 Ergophone
Yealink
Path Traversal vulnerability in multiple products

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.

9.8
2024-09-19 CVE-2024-40125 Closed Loop Unrestricted Upload of File with Dangerous Type vulnerability in Closed-Loop Cless Server 4.5.2

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint.

9.8
2024-09-19 CVE-2024-31570 Freeimage Project Out-of-bounds Write vulnerability in Freeimage Project Freeimage

libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.

9.8
2024-09-19 CVE-2024-47088 Apexsoftcell Improper Restriction of Excessive Authentication Attempts vulnerability in Apexsoftcell LD DP Back Office and LD GEO

This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login.

9.8
2024-09-18 CVE-2024-34026 Openplcproject Out-of-bounds Write vulnerability in Openplcproject Openplc V3 Firmware 20240404

A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88.

9.8
2024-09-18 CVE-2024-5960 Elizsoftware Unprotected Storage of Credentials vulnerability in Elizsoftware Panel

Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24.

9.8
2024-09-17 CVE-2024-43976 Superstorefinder SQL Injection vulnerability in Superstorefinder Super Store Finder

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.

9.8
2024-09-17 CVE-2024-43978 Superstorefinder SQL Injection vulnerability in Superstorefinder Super Store Finder

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.

9.8
2024-09-17 CVE-2024-44004 Wptaskforce SQL Injection vulnerability in Wptaskforce Track & Trace

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.

9.8
2024-09-17 CVE-2024-8957 Ptzoptics OS Command Injection vulnerability in Ptzoptics Pt30X-Ndi-Xx-G2 Firmware and Pt30X-Sdi Firmware

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue.

9.8
2024-09-17 CVE-2024-38812 Vmware Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

9.8
2024-09-17 CVE-2024-38813 Vmware Improper Check for Dropped Privileges vulnerability in VMWare Vcenter Server 7.0/8.0

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

9.8
2024-09-17 CVE-2024-45682 Millbeck OS Command Injection vulnerability in Millbeck Proroute H685T-W Firmware 3.2.334

There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.

9.8
2024-09-17 CVE-2024-8944 Fabianros SQL Injection vulnerability in Fabianros Hospital Management System 1.0

A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0.

9.8
2024-09-16 CVE-2024-44623 SPX Code Injection vulnerability in SPX Graphics Controller

An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.

9.8
2024-09-16 CVE-2024-6401 SFS SQL Injection vulnerability in SFS Insuree GL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2.

9.8
2024-09-16 CVE-2024-7098 SFS XXE vulnerability in SFS Winsure

Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.

9.8
2024-09-16 CVE-2024-7104 SFS Code Injection vulnerability in SFS Winsure

Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2.

9.8
2024-09-16 CVE-2024-46419 Totolink Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.

9.8
2024-09-16 CVE-2024-46451 Totolink Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.

9.8
2024-09-16 CVE-2024-22399 Apache Deserialization of Untrusted Data vulnerability in Apache Seata

Deserialization of Untrusted Data vulnerability in Apache Seata.  When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue.

9.8
2024-09-16 CVE-2024-45694 Dlink Stack-based Buffer Overflow vulnerability in Dlink Dir-X4860 Firmware and Dir-X5460 Firmware

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

9.8
2024-09-16 CVE-2024-45695 Dlink Out-of-bounds Write vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

9.8
2024-09-16 CVE-2024-45697 Dlink Hidden Functionality vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in.

9.8
2024-09-16 CVE-2024-45698 Dlink Use of Hard-coded Credentials vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device.

9.8
2024-09-16 CVE-2024-8880 Playsms Code Injection vulnerability in Playsms

A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7.

9.8
2024-09-20 CVE-2024-45806 Envoyproxy Authorization Bypass Through User-Controlled Key vulnerability in Envoyproxy Envoy

Envoy is a cloud-native high-performance edge/middle/service proxy.

9.1
2024-09-19 CVE-2024-8963 Ivanti Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.6

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

9.1
2024-09-17 CVE-2024-8956 Ptzoptics Improper Authentication vulnerability in Ptzoptics Pt30X-Ndi-Xx-G2 Firmware and Pt30X-Sdi Firmware

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue.

9.1
2024-09-16 CVE-2024-46958 Nextcloud Unspecified vulnerability in Nextcloud Desktop 3.13.1/3.13.2/3.13.3

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable.

9.1
2024-09-17 CVE-2021-27915 Acquia Cross-site Scripting vulnerability in Acquia Mautic

Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system.

9.0

164 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-22 CVE-2024-9076 Dedecms OS Command Injection vulnerability in Dedecms

A vulnerability was found in DedeCMS up to 5.7.115.

8.8
2024-09-20 CVE-2024-9041 Mayurik SQL Injection vulnerability in Mayurik Best House Rental Management System 1.0

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical.

8.8
2024-09-20 CVE-2024-9032 Oretnom23 Path Traversal vulnerability in Oretnom23 Simple Forum/Discussion System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0.

8.8
2024-09-19 CVE-2024-9006 Jeanmarc77 Code Injection vulnerability in Jeanmarc77 123Solar 1.8.4.5

A vulnerability was found in jeanmarc77 123solar 1.8.4.5.

8.8
2024-09-19 CVE-2024-43489 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

8.8
2024-09-19 CVE-2024-43496 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

8.8
2024-09-19 CVE-2024-9001 Totolink OS Command Injection vulnerability in Totolink T10 Firmware 4.1.8Cu.5207

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207.

8.8
2024-09-19 CVE-2024-46394 Frogcms Project Cross-Site Request Forgery (CSRF) vulnerability in Frogcms Project Frogcms 0.9.5

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add

8.8
2024-09-18 CVE-2024-46086 Frogcms Project Cross-Site Request Forgery (CSRF) vulnerability in Frogcms Project Frogcms 0.9.5

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/123

8.8
2024-09-18 CVE-2024-5958 Elizsoftware SQL Injection vulnerability in Elizsoftware Panel

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection.This issue affects Panel: before v2.3.24.

8.8
2024-09-18 CVE-2024-8890 Circutor Unspecified vulnerability in Circutor Q-Smt Firmware 1.0.4

An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol.

8.8
2024-09-17 CVE-2024-45398 Contao Unrestricted Upload of File with Dangerous Type vulnerability in Contao

Contao is an Open Source CMS.

8.8
2024-09-17 CVE-2024-38183 Microsoft Unspecified vulnerability in Microsoft Groupme

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.

8.8
2024-09-17 CVE-2024-43460 Microsoft Unspecified vulnerability in Microsoft Dynamics 365 Business Central

Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.

8.8
2024-09-17 CVE-2024-8949 Oretnom23 Improper Ownership Management vulnerability in Oretnom23 Online Eyewear Shop 1.0

A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0.

8.8
2024-09-17 CVE-2024-8945 Fairsketch SQL Injection vulnerability in Fairsketch Rise Ultimate Project Manager 3.7.0

A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical.

8.8
2024-09-16 CVE-2024-45696 Dlink Hidden Functionality vulnerability in Dlink Covr-X1870 Firmware and Dir-X4860 Firmware

Certain models of D-Link wireless routers contain hidden functionality.

8.8
2024-09-16 CVE-2024-8779 Syscomgo Unspecified vulnerability in Syscomgo Omflow

OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server.

8.8
2024-09-18 CVE-2024-8887 Circutor Improper Validation of Specified Quantity in Input vulnerability in Circutor Q-Smt Firmware 1.0.4

CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device.

8.6
2024-09-17 CVE-2024-47049 Czim Server-Side Request Forgery (SSRF) vulnerability in Czim File-Handling

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.

8.2
2024-09-17 CVE-2024-8947 Micropython Use After Free vulnerability in Micropython 1.22.2

A vulnerability was found in MicroPython 1.22.2.

8.1
2024-09-17 CVE-2021-27916 Acquia Path Traversal vulnerability in Acquia Mautic

Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion.

8.1
2024-09-19 CVE-2024-38016 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Visio Remote Code Execution Vulnerability

7.8
2024-09-18 CVE-2024-46738 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_table in vmci_resource_remove(), the search is performed using the resource handle by comparing context and resource fields. It is possible though to create two resources with different types but same handle (same context and resource fields). When trying to remove one of the resources, vmci_resource_remove() may not remove the intended one, but the object will still be freed as in the case of the datagram type in vmci_datagram_destroy_handle(). vmci_resource_table will still hold a pointer to this freed resource leading to a use-after-free vulnerability. BUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline] BUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 Read of size 4 at addr ffff88801c16d800 by task syz-executor197/1592 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106 print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239 __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425 kasan_report+0x38/0x51 mm/kasan/report.c:442 vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline] vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182 ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444 kref_put include/linux/kref.h:65 [inline] vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline] vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195 vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143 __fput+0x261/0xa34 fs/file_table.c:282 task_work_run+0xf0/0x194 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187 exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220 __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline] syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313 do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x6e/0x0 This change ensures the type is also checked when removing the resource from vmci_resource_table in vmci_resource_remove().

7.8
2024-09-18 CVE-2024-46740 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions.

7.8
2024-09-18 CVE-2024-46741 Linux Double Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix double free of 'buf' in error path smatch warning: drivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf' In fastrpc_req_mmap() error path, the fastrpc buffer is freed in fastrpc_req_munmap_impl() if unmap is successful. But in the end, there is an unconditional call to fastrpc_buf_free(). So the above case triggers the double free of fastrpc buf.

7.8
2024-09-18 CVE-2024-46744 Linux Link Following vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason why the corrupted symlink size causes an uninitialised page is due to the following sequence of events: 1.

7.8
2024-09-18 CVE-2024-46746 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: free driver_data after destroying hid device HID driver callbacks aren't called anymore once hid_destroy_device() has been called.

7.8
2024-09-18 CVE-2024-46756 Linux Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.

7.8
2024-09-18 CVE-2024-46757 Linux Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.

7.8
2024-09-18 CVE-2024-46758 Linux Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm95234) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.

7.8
2024-09-18 CVE-2024-46759 Linux Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.

7.8
2024-09-18 CVE-2024-46766 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ice: move netif_queue_set_napi to rtnl-protected sections Currently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is not rtnl-locked when called from the reset.

7.8
2024-09-18 CVE-2024-46782 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ila: call nf_unregister_net_hooks() sooner syzbot found an use-after-free Read in ila_nf_input [1] Issue here is that ila_xlat_exit_net() frees the rhashtable, then call nf_unregister_net_hooks(). It should be done in the reverse way, with a synchronize_rcu(). This is a good match for a pre_exit() method. [1] BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline] BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline] BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 Read of size 4 at addr ffff888064620008 by task ksoftirqd/0/16 CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 rht_key_hashfn include/linux/rhashtable.h:159 [inline] __rhashtable_lookup include/linux/rhashtable.h:604 [inline] rhashtable_lookup include/linux/rhashtable.h:646 [inline] rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline] ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline] ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312 __netif_receive_skb_one_core net/core/dev.c:5661 [inline] __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775 process_backlog+0x662/0x15b0 net/core/dev.c:6108 __napi_poll+0xcb/0x490 net/core/dev.c:6772 napi_poll net/core/dev.c:6841 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:6963 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:928 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) page_type: 0xbfffffff(buddy) raw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000 raw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as freed page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493 prep_new_page mm/page_alloc.c:1501 [inline] get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline] alloc_pages_node_noprof include/linux/gfp.h:296 [inline] ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103 __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130 __do_kmalloc_node mm/slub.c:4146 [inline] __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164 __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650 bucket_table_alloc lib/rhashtable.c:186 [inline] rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071 ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613 ops_ini ---truncated---

7.8
2024-09-18 CVE-2024-46786 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF The fscache_cookie_lru_timer is initialized when the fscache module is inserted, but is not deleted when the fscache module is removed. If timer_reduce() is called before removing the fscache module, the fscache_cookie_lru_timer will be added to the timer list of the current cpu.

7.8
2024-09-18 CVE-2024-46796 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_set_path_size() If smb2_compound_op() is called with a valid @cfile and returned -EINVAL, we need to call cifs_get_writable_path() before retrying it as the reference of @cfile was already dropped by previous call. This fixes the following KASAN splat when running fstests generic/013 against Windows Server 2022: CIFS: Attempting to mount //w22-fs0/scratch run fstests generic/013 at 2024-09-02 19:48:59 ================================================================== BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200 Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176 CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 Workqueue: cifsoplockd cifs_oplock_break [cifs] Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 ? detach_if_pending+0xab/0x200 print_report+0x156/0x4d9 ? detach_if_pending+0xab/0x200 ? __virt_addr_valid+0x145/0x300 ? __phys_addr+0x46/0x90 ? detach_if_pending+0xab/0x200 kasan_report+0xda/0x110 ? detach_if_pending+0xab/0x200 detach_if_pending+0xab/0x200 timer_delete+0x96/0xe0 ? __pfx_timer_delete+0x10/0x10 ? rcu_is_watching+0x20/0x50 try_to_grab_pending+0x46/0x3b0 __cancel_work+0x89/0x1b0 ? __pfx___cancel_work+0x10/0x10 ? kasan_save_track+0x14/0x30 cifs_close_deferred_file+0x110/0x2c0 [cifs] ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs] ? __pfx_down_read+0x10/0x10 cifs_oplock_break+0x4c1/0xa50 [cifs] ? __pfx_cifs_oplock_break+0x10/0x10 [cifs] ? lock_is_held_type+0x85/0xf0 ? mark_held_locks+0x1a/0x90 process_one_work+0x4c6/0x9f0 ? find_held_lock+0x8a/0xa0 ? __pfx_process_one_work+0x10/0x10 ? lock_acquired+0x220/0x550 ? __list_add_valid_or_report+0x37/0x100 worker_thread+0x2e4/0x570 ? __kthread_parkme+0xd1/0xf0 ? __pfx_worker_thread+0x10/0x10 kthread+0x17f/0x1c0 ? kthread+0xda/0x1c0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x60 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 1118: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 cifs_new_fileinfo+0xc8/0x9d0 [cifs] cifs_atomic_open+0x467/0x770 [cifs] lookup_open.isra.0+0x665/0x8b0 path_openat+0x4c3/0x1380 do_filp_open+0x167/0x270 do_sys_openat2+0x129/0x160 __x64_sys_creat+0xad/0xe0 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 83: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x70 poison_slab_object+0xe9/0x160 __kasan_slab_free+0x32/0x50 kfree+0xf2/0x300 process_one_work+0x4c6/0x9f0 worker_thread+0x2e4/0x570 kthread+0x17f/0x1c0 ret_from_fork+0x31/0x60 ret_from_fork_asm+0x1a/0x30 Last potentially related work creation: kasan_save_stack+0x30/0x50 __kasan_record_aux_stack+0xad/0xc0 insert_work+0x29/0xe0 __queue_work+0x5ea/0x760 queue_work_on+0x6d/0x90 _cifsFileInfo_put+0x3f6/0x770 [cifs] smb2_compound_op+0x911/0x3940 [cifs] smb2_set_path_size+0x228/0x270 [cifs] cifs_set_file_size+0x197/0x460 [cifs] cifs_setattr+0xd9c/0x14b0 [cifs] notify_change+0x4e3/0x740 do_truncate+0xfa/0x180 vfs_truncate+0x195/0x200 __x64_sys_truncate+0x109/0x150 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f

7.8
2024-09-18 CVE-2024-46798 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object When using kernel with the following extra config, - CONFIG_KASAN=y - CONFIG_KASAN_GENERIC=y - CONFIG_KASAN_INLINE=y - CONFIG_KASAN_VMALLOC=y - CONFIG_FRAME_WARN=4096 kernel detects that snd_pcm_suspend_all() access a freed 'snd_soc_pcm_runtime' object when the system is suspended, which leads to a use-after-free bug: [ 52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270 [ 52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330 [ 52.047785] Call trace: [ 52.047787] dump_backtrace+0x0/0x3c0 [ 52.047794] show_stack+0x34/0x50 [ 52.047797] dump_stack_lvl+0x68/0x8c [ 52.047802] print_address_description.constprop.0+0x74/0x2c0 [ 52.047809] kasan_report+0x210/0x230 [ 52.047815] __asan_report_load1_noabort+0x3c/0x50 [ 52.047820] snd_pcm_suspend_all+0x1a8/0x270 [ 52.047824] snd_soc_suspend+0x19c/0x4e0 The snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before making any access.

7.8
2024-09-18 CVE-2024-46800 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN.

7.8
2024-09-18 CVE-2024-46725 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds write warning Check the ring type value to fix the out-of-bounds write warning

7.8
2024-09-17 CVE-2024-7788 Libreoffice Improper Verification of Cryptographic Signature vulnerability in Libreoffice

Improper Digital Signature Invalidation  vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.

7.8
2024-09-17 CVE-2024-44162 Apple Unspecified vulnerability in Apple Xcode

This issue was addressed by enabling hardened runtime.

7.8
2024-09-16 CVE-2024-34153 Intel Uncontrolled Search Path Element vulnerability in Intel Raid web Console

Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2024-09-16 CVE-2024-34543 Intel Unspecified vulnerability in Intel Raid web Console

Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2024-09-16 CVE-2024-39613 Mattermost Uncontrolled Search Path Element vulnerability in Mattermost Desktop

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.

7.8
2024-09-19 CVE-2024-8698 A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class.
7.7
2024-09-18 CVE-2024-46987 Tuzitio Path Traversal vulnerability in Tuzitio Camaleon CMS

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails.

7.7
2024-09-22 CVE-2024-9081 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0.

7.5
2024-09-22 CVE-2024-47221 Rapidscada Weak Password Requirements vulnerability in Rapidscada Rapid Scada

CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password.

7.5
2024-09-20 CVE-2024-45807 Envoyproxy Unspecified vulnerability in Envoyproxy Envoy 1.31.0/1.31.1

Envoy is a cloud-native high-performance edge/middle/service proxy.

7.5
2024-09-20 CVE-2024-45809 Envoyproxy NULL Pointer Dereference vulnerability in Envoyproxy Envoy

Envoy is a cloud-native high-performance edge/middle/service proxy.

7.5
2024-09-20 CVE-2024-45810 Envoyproxy Unspecified vulnerability in Envoyproxy Envoy

Envoy is a cloud-native high-performance edge/middle/service proxy.

7.5
2024-09-20 CVE-2024-47000 Zitadel Unspecified vulnerability in Zitadel

Zitadel is an open source identity management platform.

7.5
2024-09-19 CVE-2024-45410 Traefik Insufficient Verification of Data Authenticity vulnerability in Traefik

Traefik is a golang, Cloud Native Application Proxy.

7.5
2024-09-19 CVE-2024-45861 Kastle Use of Hard-coded Credentials vulnerability in Kastle Access Control System Firmware

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information.

7.5
2024-09-19 CVE-2024-45862 Kastle Cleartext Storage of Sensitive Information vulnerability in Kastle Access Control System Firmware

Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information.

7.5
2024-09-19 CVE-2024-46382 Linlinjava SQL Injection vulnerability in Linlinjava Litemall 1.8.0

A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminGoodscontroller.java.

7.5
2024-09-18 CVE-2024-34057 Trianglemicroworks
Siemens
Classic Buffer Overflow vulnerability in multiple products

Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages.

7.5
2024-09-18 CVE-2024-8287 Canonical Improper Certificate Validation vulnerability in Canonical Anbox Cloud

Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent.

7.5
2024-09-18 CVE-2023-28452 Coredns IO Unspecified vulnerability in Coredns.Io Coredns

An issue was discovered in CoreDNS through 1.10.1.

7.5
2024-09-18 CVE-2024-36980 Openplcproject Out-of-bounds Read vulnerability in Openplcproject Openplc V3 Firmware 20240404

An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88.

7.5
2024-09-18 CVE-2024-36981 Openplcproject Out-of-bounds Read vulnerability in Openplcproject Openplc V3 Firmware 20240404

An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88.

7.5
2024-09-18 CVE-2024-39589 Openplcproject Incorrect Type Conversion or Cast vulnerability in Openplcproject Openplc V3 Firmware 20240528

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a.

7.5
2024-09-18 CVE-2024-39590 Openplcproject Incorrect Type Conversion or Cast vulnerability in Openplcproject Openplc V3 Firmware 20240528

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a.

7.5
2024-09-18 CVE-2024-46550 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi.

7.5
2024-09-18 CVE-2024-46551 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi.

7.5
2024-09-18 CVE-2024-46552 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi.

7.5
2024-09-18 CVE-2024-46553 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46554 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46555 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46556 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46557 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46558 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46559 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi.

7.5
2024-09-18 CVE-2024-46560 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46561 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46564 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi.

7.5
2024-09-18 CVE-2024-46565 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi.

7.5
2024-09-18 CVE-2024-46566 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at sslapp.cgi.

7.5
2024-09-18 CVE-2024-46567 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46568 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi.

7.5
2024-09-18 CVE-2024-46571 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi.

7.5
2024-09-18 CVE-2024-46580 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46581 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfName parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46582 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvAddr parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46583 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi.

7.5
2024-09-18 CVE-2024-46584 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi.

7.5
2024-09-18 CVE-2024-46585 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at usergrp.cgi.

7.5
2024-09-18 CVE-2024-46586 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sCloudPass parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46588 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at wizfw.cgi.

7.5
2024-09-18 CVE-2024-46589 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sIpv6AiccuUser parameter at inetipv6.cgi.

7.5
2024-09-18 CVE-2024-46590 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46591 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46592 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46593 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at cgiswm.cgi.

7.5
2024-09-18 CVE-2024-46594 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46595 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi.

7.5
2024-09-18 CVE-2024-46596 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi.

7.5
2024-09-18 CVE-2024-46597 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi.

7.5
2024-09-18 CVE-2024-46598 Draytek Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi.

7.5
2024-09-18 CVE-2024-23915 Opennetworking NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-23916 Opennetworking NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31164 Opennetworking NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31165 Opennetworking NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31166 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31167 Opennetworking NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31168 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31169 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31170 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31171 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31172 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31173 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31174 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31175 Opennetworking NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31176 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31177 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg modules).

7.5
2024-09-18 CVE-2024-31178 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31179 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31180 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31181 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31182 Opennetworking NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31183 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31184 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31185 Opennetworking NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31186 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31187 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31188 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31189 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31190 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31191 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31192 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31193 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31194 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31195 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31196 Opennetworking NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31197 Opennetworking Unspecified vulnerability in Opennetworking Libfluid MSG 0.1.0

Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-31198 Opennetworking Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).

7.5
2024-09-18 CVE-2024-8888 Circutor Insufficient Session Expiration vulnerability in Circutor Q-Smt Firmware 1.0.4

An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions.

7.5
2024-09-17 CVE-2024-8900 Mozilla Unspecified vulnerability in Mozilla Firefox

An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events.

7.5
2024-09-17 CVE-2024-8946 Micropython Out-of-bounds Write vulnerability in Micropython 1.23.0

A vulnerability was found in MicroPython 1.23.0.

7.5
2024-09-17 CVE-2024-8948 Micropython Out-of-bounds Write vulnerability in Micropython 1.23.0

A vulnerability was found in MicroPython 1.23.0.

7.5
2024-09-17 CVE-2024-47047 In2Code Authorization Bypass Through User-Controlled Key vulnerability in In2Code Powermail

An issue was discovered in the powermail extension through 12.4.0 for TYPO3.

7.5
2024-09-17 CVE-2024-27795 Apple Improper Preservation of Permissions vulnerability in Apple Macos

A permissions issue was addressed with additional restrictions.

7.5
2024-09-17 CVE-2024-27861 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved memory handling.

7.5
2024-09-17 CVE-2024-40770 Apple Improper Preservation of Permissions vulnerability in Apple Macos

A permissions issue was addressed with additional restrictions.

7.5
2024-09-17 CVE-2024-40848 Apple Unspecified vulnerability in Apple Macos

A downgrade issue was addressed with additional code-signing restrictions.

7.5
2024-09-17 CVE-2024-40856 Apple Unspecified vulnerability in Apple Iphone OS and Macos

An integrity issue was addressed with Beacon Protection.

7.5
2024-09-17 CVE-2024-44149 Apple Improper Preservation of Permissions vulnerability in Apple Macos

A permissions issue was addressed with additional restrictions.

7.5
2024-09-17 CVE-2024-44152 Apple Unspecified vulnerability in Apple Macos

A privacy issue was addressed with improved private data redaction for log entries.

7.5
2024-09-17 CVE-2024-44165 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved checks.

7.5
2024-09-17 CVE-2024-44189 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved checks.

7.5
2024-09-16 CVE-2024-8752 Smart HMI Path Traversal vulnerability in Smart-Hmi Webiq 2.15.9

The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.

7.5
2024-09-16 CVE-2024-46424 Totolink Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter.

7.5
2024-09-16 CVE-2024-46937 Mfasoft Authorization Bypass Through User-Controlled Key vulnerability in Mfasoft Secure Authentication Server

An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication.

7.5
2024-09-16 CVE-2024-8777 Syscomgo Insufficiently Protected Credentials vulnerability in Syscomgo Omflow

OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations.

7.5
2024-09-19 CVE-2024-45752 Pixlone Unspecified vulnerability in Pixlone Logiops

logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros.

7.3
2024-09-18 CVE-2022-25775 Acquia SQL Injection vulnerability in Acquia Mautic

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.

7.2
2024-09-21 CVE-2024-6785 Moxa Cleartext Storage of Sensitive Information vulnerability in Moxa Mxview ONE and Mxview ONE Central Manager

The configuration file stores credentials in cleartext.

7.1
2024-09-18 CVE-2024-46743 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ================================================================== BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0 Read of size 4 at addr ffffff81beca5608 by task bash/764 CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1 Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Call trace: dump_backtrace+0xdc/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0x6c/0x84 print_report+0x150/0x448 kasan_report+0x98/0x140 __asan_load4+0x78/0xa0 of_irq_parse_raw+0x2b8/0x8d0 of_irq_parse_one+0x24c/0x270 parse_interrupts+0xc0/0x120 of_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 device_add+0xb38/0xc30 of_device_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... The buggy address belongs to the object at ffffff81beca5600 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 8 bytes inside of 128-byte region [ffffff81beca5600, ffffff81beca5680) The buggy address belongs to the physical page: page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4 head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0 flags: 0x8000000000010200(slab|head|zone=2) raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300 raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ================================================================== OF: -> got it ! Prevent the out-of-bounds read by copying the device address into a buffer of sufficient size.

7.1
2024-09-18 CVE-2024-46747 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup report_fixup for the Cougar 500k Gaming Keyboard was not verifying that the report descriptor size was correct before accessing it

7.1
2024-09-18 CVE-2024-46722 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mc_data out-of-bounds read warning Clear warning that read mc_data[i-1] may out-of-bounds.

7.1
2024-09-18 CVE-2024-46723 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning Clear warning that read ucode[] may out-of-bounds.

7.1
2024-09-18 CVE-2024-46724 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Check the fb_channel_number range to avoid the array out-of-bounds read error

7.1
2024-09-18 CVE-2024-46731 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0.

7.1
2024-09-17 CVE-2024-44164 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved checks.

7.1

224 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-21 CVE-2024-6786 Moxa Path Traversal vulnerability in Moxa Mxview ONE

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system.

6.5
2024-09-20 CVE-2024-45808 Envoyproxy Improper Encoding or Escaping of Output vulnerability in Envoyproxy Envoy

Envoy is a cloud-native high-performance edge/middle/service proxy.

6.5
2024-09-20 CVE-2024-46999 Zitadel Unspecified vulnerability in Zitadel

Zitadel is an open source identity management platform.

6.5
2024-09-20 CVE-2024-47060 Zitadel Incorrect Authorization vulnerability in Zitadel

Zitadel is an open source identity management platform.

6.5
2024-09-19 CVE-2024-47087 Apexsoftcell Unspecified vulnerability in Apexsoftcell LD DP Back Office and LD GEO

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint.

6.5
2024-09-19 CVE-2024-47089 Apexsoftcell Improper Validation of Integrity Check Value vulnerability in Apexsoftcell LD DP Back Office and LD GEO

This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint.

6.5
2024-09-19 CVE-2024-47085 Apexsoftcell Unspecified vulnerability in Apexsoftcell LD DP Back Office and LD GEO

This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint.

6.5
2024-09-19 CVE-2024-47086 Apexsoftcell Unspecified vulnerability in Apexsoftcell LD DP Back Office and LD GEO

This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints.

6.5
2024-09-18 CVE-2022-25776 Acquia Incorrect Default Permissions vulnerability in Acquia Mautic

Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.

6.5
2024-09-18 CVE-2024-8969 OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data.
6.5
2024-09-18 CVE-2022-39068 ZTE Out-of-bounds Write vulnerability in ZTE Mf296R Firmware Mf296Rnordic1B06

There is a buffer overflow vulnerability in ZTE MF296R.

6.5
2024-09-17 CVE-2024-45815 Backstage Unspecified vulnerability in Backstage

Backstage is an open framework for building developer portals.

6.5
2024-09-17 CVE-2024-45816 Backstage Path Traversal vulnerability in Backstage

Backstage is an open framework for building developer portals.

6.5
2024-09-17 CVE-2024-45537 Apache Unspecified vulnerability in Apache Druid

Apache Druid allows users with certain permissions to read data from other database systems using JDBC.

6.5
2024-09-17 CVE-2024-8490 WP Property Hive Cross-Site Request Forgery (CSRF) vulnerability in Wp-Property-Hive Propertyhive

The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19.

6.5
2024-09-17 CVE-2024-8044 Rubayathasan Cross-Site Request Forgery (CSRF) vulnerability in Rubayathasan Infolinks AD Wrap 1.0.2

The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

6.5
2024-09-17 CVE-2024-8047 Gowildchild Cross-Site Request Forgery (CSRF) vulnerability in Gowildchild Visual Sound

The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

6.5
2024-09-17 CVE-2024-8091 Jakesnyder Cross-Site Request Forgery (CSRF) vulnerability in Jakesnyder Enhanced Search BOX

The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

6.5
2024-09-17 CVE-2024-8093 Lucasgarcia Cross-Site Request Forgery (CSRF) vulnerability in Lucasgarcia Posts Reminder

The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

6.5
2024-09-17 CVE-2024-40866 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved UI.

6.5
2024-09-17 CVE-2024-44124 Apple Unspecified vulnerability in Apple Iphone OS

This issue was addressed through improved state management.

6.5
2024-09-17 CVE-2024-44187 Apple Origin Validation Error vulnerability in Apple products

A cross-origin issue existed with "iframe" elements.

6.5
2024-09-16 CVE-2024-38315 IBM Insufficient Session Expiration vulnerability in IBM Aspera Shares 1.10.0/1.9.14

IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.

6.5
2024-09-16 CVE-2024-45835 Mattermost Unspecified vulnerability in Mattermost Server

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.

6.5
2024-09-16 CVE-2024-45833 Mattermost Unspecified vulnerability in Mattermost Mobile 1.26.0/1.29.0/1.30.0

Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character..

6.5
2024-09-16 CVE-2024-8778 Syscomgo Path Traversal vulnerability in Syscomgo Omflow

OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.

6.5
2024-09-16 CVE-2024-8780 Syscomgo Unspecified vulnerability in Syscomgo Omflow

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.

6.5
2024-09-21 CVE-2024-9048 Ruoyi Cross-site Scripting vulnerability in Ruoyi

A vulnerability was found in y_project RuoYi up to 4.7.9.

6.1
2024-09-19 CVE-2024-25673 Couchbase Injection vulnerability in Couchbase Server

Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.

6.1
2024-09-19 CVE-2024-8652 Netcat Cross-site Scripting vulnerability in Netcat Content Management System

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v.

6.1
2024-09-19 CVE-2024-8653 Netcat Cross-site Scripting vulnerability in Netcat Content Management System

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v.

6.1
2024-09-19 CVE-2024-8883 Redhat Open Redirect vulnerability in Redhat products

A misconfiguration flaw was found in Keycloak.

6.1
2024-09-19 CVE-2024-8850 Ibericode Cross-site Scripting vulnerability in Ibericode Mailchimp

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as {email} is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping.

6.1
2024-09-18 CVE-2024-46372 Dedecms Cross-site Scripting vulnerability in Dedecms 5.7.115

DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module.

6.1
2024-09-18 CVE-2024-47050 Acquia Cross-site Scripting vulnerability in Acquia Mautic

Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.

6.1
2024-09-18 CVE-2024-43024 RWS Cross-site Scripting vulnerability in RWS Multitrans

Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload.

6.1
2024-09-18 CVE-2024-43025 RWS Cross-site Scripting vulnerability in RWS Multitrans

An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail.

6.1
2024-09-18 CVE-2024-6877 Elizsoftware Cross-site Scripting vulnerability in Elizsoftware Panel

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Reflected XSS.This issue affects Panel: before v2.3.24.

6.1
2024-09-18 CVE-2024-43970 Surecart Cross-site Scripting vulnerability in Surecart

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3.

6.1
2024-09-18 CVE-2024-43971 Sunshinephotocart Cross-site Scripting vulnerability in Sunshinephotocart Sunshine Photo Cart

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.2.5.

6.1
2024-09-18 CVE-2024-43975 Superstorefinder Cross-site Scripting vulnerability in Superstorefinder Super Store Finder

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7.

6.1
2024-09-18 CVE-2024-44002 Pickplugins Cross-site Scripting vulnerability in Pickplugins Team Showcase

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Reflected XSS.This issue affects Team Showcase: from n/a through 1.22.25.

6.1
2024-09-18 CVE-2024-44003 Spicethemes Cross-site Scripting vulnerability in Spicethemes Spice Starter Sites

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in spicethemes Spice Starter Sites allows Reflected XSS.This issue affects Spice Starter Sites: from n/a through 1.2.5.

6.1
2024-09-17 CVE-2024-44007 Sktthemes Cross-site Scripting vulnerability in Sktthemes SKT Templates

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Templates – Elementor & Gutenberg templates allows Reflected XSS.This issue affects SKT Templates – Elementor & Gutenberg templates: from n/a through 6.14.

6.1
2024-09-17 CVE-2024-44009 Wclovers Cross-site Scripting vulnerability in Wclovers Wcfm Marketplace

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WC Lovers WCFM Marketplace allows Reflected XSS.This issue affects WCFM Marketplace: from n/a through 3.6.10.

6.1
2024-09-17 CVE-2024-44064 Likebtn Cross-Site Request Forgery (CSRF) vulnerability in Likebtn Like Button Rating

Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54.

6.1
2024-09-17 CVE-2024-8907 Google Cross-site Scripting vulnerability in Google Chrome

Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures.

6.1
2024-09-17 CVE-2024-8951 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Resort Reservation System 1.0

A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0.

6.1
2024-09-17 CVE-2024-8897 Mozilla Open Redirect vulnerability in Mozilla Firefox

Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents.

6.1
2024-09-17 CVE-2024-8761 WP Unit Open Redirect vulnerability in Wp-Unit Share This Image

The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03.

6.1
2024-09-17 CVE-2024-8052 MOC Cross-Site Request Forgery (CSRF) vulnerability in MOC Review Ratings

The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

6.1
2024-09-17 CVE-2024-40797 Apple Unspecified vulnerability in Apple Macos

This issue was addressed through improved state management.

6.1
2024-09-17 CVE-2024-40826 Apple Unspecified vulnerability in Apple Iphone OS and Macos

A privacy issue was addressed with improved handling of files.

6.1
2024-09-17 CVE-2024-40857 Apple Cross-site Scripting vulnerability in Apple products

This issue was addressed through improved state management.

6.1
2024-09-16 CVE-2024-4283 Gitlab Open Redirect vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2.

6.1
2024-09-16 CVE-2024-46970 Jetbrains Cross-site Scripting vulnerability in Jetbrains Intellij Idea

In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible

6.1
2024-09-16 CVE-2024-8776 Intumit Cross-site Scripting vulnerability in Intumit Smartrobot Firmware 6.0.0202012Tw

SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks.

6.1
2024-09-21 CVE-2024-6787 Moxa Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Moxa Mxview ONE

This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU).

5.9
2024-09-16 CVE-2024-32940 Intel Unspecified vulnerability in Intel Raid web Console

Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via adjacent access.

5.7
2024-09-16 CVE-2024-34545 Intel Unspecified vulnerability in Intel Raid web Console

Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access.

5.7
2024-09-16 CVE-2024-36247 Intel Unspecified vulnerability in Intel Raid web Console

Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable denial of service via adjacent access.

5.7
2024-09-16 CVE-2024-36261 Intel Unspecified vulnerability in Intel Raid web Console

Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access.

5.7
2024-09-17 CVE-2024-37985 Microsoft Unspecified vulnerability in Microsoft Windows 11 22H2 and Windows 11 23H2

Windows Kernel Information Disclosure Vulnerability

5.6
2024-09-22 CVE-2024-40703 IBM Insufficiently Protected Credentials vulnerability in IBM Cognos Analytics and Cognos Analytics Reports

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key.

5.5
2024-09-21 CVE-2024-8680 Ibericode Cross-site Scripting vulnerability in Ibericode Mailchimp

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping.

5.5
2024-09-20 CVE-2024-9040 Code Projects Cleartext Storage of Sensitive Information vulnerability in Code-Projects Blood Bank Management System 1.0

A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0.

5.5
2024-09-19 CVE-2024-8354 Redhat
Qemu
Reachable Assertion vulnerability in multiple products

A flaw was found in QEMU.

5.5
2024-09-19 CVE-2024-45769 A vulnerability was found in Performance Co-Pilot (PCP).  This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.
5.5
2024-09-18 CVE-2024-46735 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() When two UBLK_CMD_START_USER_RECOVERY commands are submitted, the first one sets 'ubq->ubq_daemon' to NULL, and the second one triggers WARN in ublk_queue_reinit() and subsequently a NULL pointer dereference issue. Fix it by adding the check in ublk_ctrl_start_recovery() and return immediately in case of zero 'ub->nr_queues_ready'. BUG: kernel NULL pointer dereference, address: 0000000000000028 RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180 Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x75/0x170 ? exc_page_fault+0x64/0x140 ? asm_exc_page_fault+0x22/0x30 ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180 ublk_ctrl_uring_cmd+0x4f7/0x6c0 ? pick_next_task_idle+0x26/0x40 io_uring_cmd+0x9a/0x1b0 io_issue_sqe+0x193/0x3f0 io_wq_submit_work+0x9b/0x390 io_worker_handle_work+0x165/0x360 io_wq_worker+0xcb/0x2f0 ? finish_task_switch.isra.0+0x203/0x290 ? finish_task_switch.isra.0+0x203/0x290 ? __pfx_io_wq_worker+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_io_wq_worker+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK>

5.5
2024-09-18 CVE-2024-46737 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_release_queue_work() because of a NULL pointer dereference. nvmet: failed to install queue 0 cntlid 1 ret 6 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Fix the bug by setting queue->nr_cmds to zero in case nvmet_tcp_alloc_cmd() fails.

5.5
2024-09-18 CVE-2024-46739 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL.

5.5
2024-09-18 CVE-2024-46742 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return NULL. Fix this by check if 'lease_ctx_info' is NULL. Additionally, remove the redundant parentheses in parse_durable_handle_context().

5.5
2024-09-18 CVE-2024-46749 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() This adds a check before freeing the rx->skb in flush and close functions to handle the kernel crash seen while removing driver after FW download fails or before FW download completes. dmesg log: [ 54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080 [ 54.643398] Mem abort info: [ 54.646204] ESR = 0x0000000096000004 [ 54.649964] EC = 0x25: DABT (current EL), IL = 32 bits [ 54.655286] SET = 0, FnV = 0 [ 54.658348] EA = 0, S1PTW = 0 [ 54.661498] FSC = 0x04: level 0 translation fault [ 54.666391] Data abort info: [ 54.669273] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 54.674768] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 54.674771] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000 [ 54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000 [ 54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse [ 54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2 [ 54.744364] Hardware name: FSL i.MX8MM EVK board (DT) [ 54.744368] Workqueue: hci0 hci_power_on [ 54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 54.757249] pc : kfree_skb_reason+0x18/0xb0 [ 54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart] [ 54.782921] sp : ffff8000805ebca0 [ 54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000 [ 54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230 [ 54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92 [ 54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff [ 54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857 [ 54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642 [ 54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688 [ 54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000 [ 54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000 [ 54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac [ 54.857599] Call trace: [ 54.857601] kfree_skb_reason+0x18/0xb0 [ 54.863878] btnxpuart_flush+0x40/0x58 [btnxpuart] [ 54.863888] hci_dev_open_sync+0x3a8/0xa04 [ 54.872773] hci_power_on+0x54/0x2e4 [ 54.881832] process_one_work+0x138/0x260 [ 54.881842] worker_thread+0x32c/0x438 [ 54.881847] kthread+0x118/0x11c [ 54.881853] ret_from_fork+0x10/0x20 [ 54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400) [ 54.896410] ---[ end trace 0000000000000000 ]---

5.5
2024-09-18 CVE-2024-46750 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() One of the true positives that the cfg_access_lock lockdep effort identified is this sequence: WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70 RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70 Call Trace: <TASK> ? __warn+0x8c/0x190 ? pci_bridge_secondary_bus_reset+0x5d/0x70 ? report_bug+0x1f8/0x200 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? pci_bridge_secondary_bus_reset+0x5d/0x70 pci_reset_bus+0x1d8/0x270 vmd_probe+0x778/0xa10 pci_device_probe+0x95/0x120 Where pci_reset_bus() users are triggering unlocked secondary bus resets. Ironically pci_bus_reset(), several calls down from pci_reset_bus(), uses pci_bus_lock() before issuing the reset which locks everything *but* the bridge itself. For the same motivation as adding: bridge = pci_upstream_bridge(dev); if (bridge) pci_dev_lock(bridge); to pci_reset_function() for the "bus" and "cxl_bus" reset cases, add pci_dev_lock() for @bus->self to pci_bus_lock(). [bhelgaas: squash in recursive locking deadlock fix from Keith Busch: https://lore.kernel.org/r/[email protected]]

5.5
2024-09-18 CVE-2024-46751 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and logging an error message.

5.5
2024-09-18 CVE-2024-46755 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() mwifiex_get_priv_by_id() returns the priv pointer corresponding to the bss_num and bss_type, but without checking if the priv is actually currently in use. Unused priv pointers do not have a wiphy attached to them which can lead to NULL pointer dereferences further down the callstack.

5.5
2024-09-18 CVE-2024-46760 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after everything is set up Right now it's possible to hit NULL pointer dereference in rtw_rx_fill_rx_status on hw object and/or its fields because initialization routine can start getting USB replies before rtw_dev is fully setup. The stack trace looks like this: rtw_rx_fill_rx_status rtw8821c_query_rx_desc rtw_usb_rx_handler ... queue_work rtw_usb_read_port_complete ... usb_submit_urb rtw_usb_rx_resubmit rtw_usb_init_rx rtw_usb_probe So while we do the async stuff rtw_usb_probe continues and calls rtw_register_hw, which does all kinds of initialization (e.g. via ieee80211_register_hw) that rtw_rx_fill_rx_status relies on. Fix this by moving the first usb_submit_urb after everything is set up. For me, this bug manifested as: [ 8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped [ 8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status because I'm using Larry's backport of rtw88 driver with the NULL checks in rtw_rx_fill_rx_status.

5.5
2024-09-18 CVE-2024-46761 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because although the MSI data structure has been released during disable/hot-unplug path and it has been assigned with NULL, still during unregistration the code was again trying to explicitly disable the MSI which causes the NULL pointer dereference and kernel crash. The patch fixes the check during unregistration path to prevent invoking pci_disable_msi/msix() since its data structure is already freed.

5.5
2024-09-18 CVE-2024-46762 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and privcmd_irqfd_deassign().

5.5
2024-09-18 CVE-2024-46763 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fou: Fix null-ptr-deref in GRO. We observed a null-ptr-deref in fou_gro_receive() while shutting down a host.

5.5
2024-09-18 CVE-2024-46765 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ice: protect XDP configuration with a mutex The main threat to data consistency in ice_xdp() is a possible asynchronous PF reset.

5.5
2024-09-18 CVE-2024-46769 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: spi: intel: Add check devm_kasprintf() returned value intel_spi_populate_chip() use devm_kasprintf() to set pdata->name. This can return a NULL pointer on failure but this returned value is not checked.

5.5
2024-09-18 CVE-2024-46770 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ice: Add netif_device_attach/detach into PF reset flow Ethtool callbacks can be executed while reset is in progress and try to access deleted resources, e.g.

5.5
2024-09-18 CVE-2024-46772 Linux Divide By Zero vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check denominator crb_pipes before used [WHAT & HOW] A denominator cannot be 0, and is checked before used. This fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.

5.5
2024-09-18 CVE-2024-46773 Linux Divide By Zero vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check denominator pbn_div before used [WHAT & HOW] A denominator cannot be 0, and is checked before used. This fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.

5.5
2024-09-18 CVE-2024-46779 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Free pvr_vm_gpuva after unlink This caused a measurable memory leak.

5.5
2024-09-18 CVE-2024-46781 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix missing cleanup on rollforward recovery error In an error injection test of a routine for mount-time recovery, KASAN found a use-after-free bug. It turned out that if data recovery was performed using partial logs created by dsync writes, but an error occurred before starting the log writer to create a recovered checkpoint, the inodes whose data had been recovered were left in the ns_dirty_files list of the nilfs object and were not freed. Fix this issue by cleaning up inodes that have read the recovery data if the recovery routine fails midway before the log writer starts.

5.5
2024-09-18 CVE-2024-46784 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized.

5.5
2024-09-18 CVE-2024-46791 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open The mcp251x_hw_wake() function is called with the mpc_lock mutex held and disables the interrupt handler so that no interrupts can be processed while waking the device.

5.5
2024-09-18 CVE-2024-46793 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder Since commit 13f58267cda3 ("ASoC: soc.h: don't create dummy Component via COMP_DUMMY()") dummy codecs declared like this: SND_SOC_DAILINK_DEF(dummy, DAILINK_COMP_ARRAY(COMP_DUMMY())); expand to: static struct snd_soc_dai_link_component dummy[] = { }; Which means that dummy is a zero sized array and thus dais[i].codecs should not be dereferenced *at all* since it points to the address of the next variable stored in the data section as the "dummy" variable has an address but no size, so even dereferencing dais[0] is already an out of bounds array reference. Which means that the if (dais[i].codecs->name) check added in commit 7d99a70b6595 ("ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards") relies on that the part of the next variable which the name member maps to just happens to be NULL. Which apparently so far it usually is, except when it isn't and then it results in crashes like this one: [ 28.795659] BUG: unable to handle page fault for address: 0000000000030011 ... [ 28.795780] Call Trace: [ 28.795787] <TASK> ... [ 28.795862] ? strcmp+0x18/0x40 [ 28.795872] 0xffffffffc150c605 [ 28.795887] platform_probe+0x40/0xa0 ... [ 28.795979] ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102] Really fix things this time around by checking dais.num_codecs != 0.

5.5
2024-09-18 CVE-2024-46795 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding session, conn->binding can still remain true and generate_preauth_hash() will not set sess->Preauth_HashValue and it will be NULL. It is used as a material to create an encryption key in ksmbd_gen_smb311_encryptionkey.

5.5
2024-09-18 CVE-2024-46797 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: powerpc/qspinlock: Fix deadlock in MCS queue If an interrupt occurs in queued_spin_lock_slowpath() after we increment qnodesp->count and before node->lock is initialized, another CPU might see stale lock values in get_tail_qnode().

5.5
2024-09-18 CVE-2024-46799 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX If number of TX queues are set to 1 we get a NULL pointer dereference during XDP_TX. ~# ethtool -L eth0 tx 1 ~# ./xdp-trafficgen udp -A <ipv6-src> -a <ipv6-dst> eth0 -t 2 Transmitting on eth0 (ifindex 2) [ 241.135257] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030 Fix this by using actual TX queues instead of max TX queues when picking the TX channel in am65_cpsw_ndo_xdp_xmit().

5.5
2024-09-18 CVE-2024-46801 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: libfs: fix get_stashed_dentry() get_stashed_dentry() tries to optimistically retrieve a stashed dentry from a provided location.

5.5
2024-09-18 CVE-2024-46714 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Callers can pass null in filter (i.e.

5.5
2024-09-18 CVE-2024-46719 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix null pointer dereference in trace ucsi_register_altmode checks IS_ERR for the alt pointer and treats NULL as valid.

5.5
2024-09-18 CVE-2024-46720 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix dereference after null check check the pointer hive before use.

5.5
2024-09-18 CVE-2024-46721 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? find_vma+0x34/0x60 ? bad_area_nosemaphore+0x16/0x30 ? do_user_addr_fault+0x2a2/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 policy_update+0xe3/0x180 profile_load+0xbc/0x150 ? rw_verify_area+0x47/0x140 vfs_write+0x100/0x480 ? __x64_sys_openat+0x55/0xa0 ? syscall_exit_to_user_mode+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 </TASK> Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ end trace 0000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000 ---truncated---

5.5
2024-09-18 CVE-2024-46726 Linux Integer Overflow or Wraparound vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure index calculation will not overflow [WHY & HOW] Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will never overflow and exceess array size. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.

5.5
2024-09-18 CVE-2024-46727 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update [Why] Coverity reports NULL_RETURN warning. [How] Add otg_master NULL check.

5.5
2024-09-18 CVE-2024-46728 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check index for aux_rd_interval before using aux_rd_interval has size of 7 and should be checked. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.

5.5
2024-09-18 CVE-2024-46730 Linux Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure array index tg_inst won't be -1 [WHY & HOW] tg_inst will be a negative if timing_generator_count equals 0, which should be checked before used. This fixes 2 OVERRUN issues reported by Coverity.

5.5
2024-09-18 CVE-2024-46732 Linux Divide By Zero vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linear_pitch_alignment even for VM [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments

5.5
2024-09-17 CVE-2024-23237 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved memory handling.

5.5
2024-09-17 CVE-2024-27858 Apple Improper Preservation of Permissions vulnerability in Apple Macos

A permissions issue was addressed with additional restrictions.

5.5
2024-09-17 CVE-2024-27860 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved memory handling.

5.5
2024-09-17 CVE-2024-27875 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.

5.5
2024-09-17 CVE-2024-27880 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read issue was addressed with improved input validation.

5.5
2024-09-17 CVE-2024-40790 Apple Unspecified vulnerability in Apple Visionos

The issue was addressed with improved handling of caches.

5.5
2024-09-17 CVE-2024-40801 Apple Unspecified vulnerability in Apple Macos

A permissions issue was addressed with additional restrictions.

5.5
2024-09-17 CVE-2024-40831 Apple Improper Preservation of Permissions vulnerability in Apple Macos

A permissions issue was addressed with additional restrictions.

5.5
2024-09-17 CVE-2024-40837 Apple Unspecified vulnerability in Apple Macos

A permissions issue was addressed with additional restrictions.

5.5
2024-09-17 CVE-2024-40842 Apple Unspecified vulnerability in Apple Macos

An issue was addressed with improved validation of environment variables.

5.5
2024-09-17 CVE-2024-40843 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved checks.

5.5
2024-09-17 CVE-2024-40844 Apple Unspecified vulnerability in Apple Macos

A privacy issue was addressed with improved handling of temporary files.

5.5
2024-09-17 CVE-2024-40845 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved memory handling.

5.5
2024-09-17 CVE-2024-40846 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved memory handling.

5.5
2024-09-17 CVE-2024-40847 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with additional code-signing restrictions.

5.5
2024-09-17 CVE-2024-40850 Apple Unspecified vulnerability in Apple products

A file access issue was addressed with improved input validation.

5.5
2024-09-17 CVE-2024-40859 Apple Improper Preservation of Permissions vulnerability in Apple Macos

A permissions issue was addressed with additional restrictions.

5.5
2024-09-17 CVE-2024-40860 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved checks.

5.5
2024-09-17 CVE-2024-40863 Apple Unspecified vulnerability in Apple Iphone OS

This issue was addressed with improved data protection.

5.5
2024-09-17 CVE-2024-44125 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved checks.

5.5
2024-09-17 CVE-2024-44128 Apple Unspecified vulnerability in Apple Macos

This issue was addressed by adding an additional prompt for user consent.

5.5
2024-09-17 CVE-2024-44129 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved checks.

5.5
2024-09-17 CVE-2024-44131 Apple Link Following vulnerability in Apple Macos

This issue was addressed with improved validation of symlinks.

5.5
2024-09-17 CVE-2024-44133 Apple Unspecified vulnerability in Apple Macos

This issue was addressed by removing the vulnerable code.

5.5
2024-09-17 CVE-2024-44134 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved redaction of sensitive information.

5.5
2024-09-17 CVE-2024-44135 Apple Unspecified vulnerability in Apple Macos

A permissions issue was addressed with additional restrictions.

5.5
2024-09-17 CVE-2024-44151 Apple Unspecified vulnerability in Apple Macos

A permissions issue was addressed with additional restrictions.

5.5
2024-09-17 CVE-2024-44153 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved permissions logic.

5.5
2024-09-17 CVE-2024-44154 Apple Unspecified vulnerability in Apple Macos

A memory initialization issue was addressed with improved memory handling.

5.5
2024-09-17 CVE-2024-44158 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved redaction of sensitive information.

5.5
2024-09-17 CVE-2024-44161 Apple Out-of-bounds Read vulnerability in Apple Macos

An out-of-bounds read was addressed with improved bounds checking.

5.5
2024-09-17 CVE-2024-44163 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved checks.

5.5
2024-09-17 CVE-2024-44166 Apple Information Exposure Through Log Files vulnerability in Apple Macos

A privacy issue was addressed with improved private data redaction for log entries.

5.5
2024-09-17 CVE-2024-44168 Apple Uncontrolled Search Path Element vulnerability in Apple Macos

A library injection issue was addressed with additional restrictions.

5.5
2024-09-17 CVE-2024-44170 Apple Unspecified vulnerability in Apple products

A privacy issue was addressed by moving sensitive data to a more secure location.

5.5
2024-09-17 CVE-2024-44176 Apple Unspecified vulnerability in Apple products

An out-of-bounds access issue was addressed with improved bounds checking.

5.5
2024-09-17 CVE-2024-44177 Apple Unspecified vulnerability in Apple Macos

A privacy issue was addressed by removing sensitive data.

5.5
2024-09-17 CVE-2024-44178 Apple Link Following vulnerability in Apple Macos

This issue was addressed with improved validation of symlinks.

5.5
2024-09-17 CVE-2024-44181 Apple Unspecified vulnerability in Apple Macos

An issue was addressed with improved handling of temporary files.

5.5
2024-09-17 CVE-2024-44182 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved redaction of sensitive information.

5.5
2024-09-17 CVE-2024-44183 Apple Unspecified vulnerability in Apple products

A logic error was addressed with improved error handling.

5.5
2024-09-17 CVE-2024-44184 Apple Unspecified vulnerability in Apple Macos

A permissions issue was addressed with additional restrictions.

5.5
2024-09-17 CVE-2024-44186 Apple Unspecified vulnerability in Apple Macos

An access issue was addressed with additional sandbox restrictions.

5.5
2024-09-17 CVE-2024-44188 Apple Improper Preservation of Permissions vulnerability in Apple Macos

A permissions issue was addressed with additional restrictions.

5.5
2024-09-17 CVE-2024-44190 Apple Path Traversal vulnerability in Apple Macos

A path handling issue was addressed with improved validation.

5.5
2024-09-17 CVE-2024-44191 Apple Unspecified vulnerability in Apple products

This issue was addressed through improved state management.

5.5
2024-09-17 CVE-2024-44198 Apple Integer Overflow or Wraparound vulnerability in Apple products

An integer overflow was addressed through improved input validation.

5.5
2024-09-16 CVE-2024-28170 Intel Unspecified vulnerability in Intel Raid web Console

Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2024-09-16 CVE-2024-32666 Intel NULL Pointer Dereference vulnerability in Intel Raid web Console

NULL pointer dereference in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via local access.

5.5
2024-09-16 CVE-2024-33848 Intel Unspecified vulnerability in Intel Raid web Console

Uncaught exception in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via local access.

5.5
2024-09-22 CVE-2024-9084 Code Projects Cross-site Scripting vulnerability in Code-Projects Blood Bank System 1.0

A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0.

5.4
2024-09-22 CVE-2024-9077 Gitapp Cross-site Scripting vulnerability in Gitapp Dingfanzu

A vulnerability classified as problematic has been found in dingfangzu up to 29d67d9044f6f93378e6eb6ff92272217ff7225c.

5.4
2024-09-21 CVE-2024-9075 Stirlingpdf Cross-site Scripting vulnerability in Stirlingpdf Stirling PDF

A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3.

5.4
2024-09-20 CVE-2024-9033 Mayurik Cross-site Scripting vulnerability in Mayurik Best House Rental Management System 1.0

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic.

5.4
2024-09-20 CVE-2024-9030 Workdo Cross-site Scripting vulnerability in Workdo Crmgo Saas 7.2

A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2.

5.4
2024-09-20 CVE-2024-9031 Workdo Cross-site Scripting vulnerability in Workdo Crmgo Saas

A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2.

5.4
2024-09-19 CVE-2024-45614 Puma HTTP Request Smuggling vulnerability in Puma

Puma is a Ruby/Rack web server built for parallelism.

5.4
2024-09-19 CVE-2024-9007 Jeanmarc77 Cross-site Scripting vulnerability in Jeanmarc77 123Solar 1.8.4.5

A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5.

5.4
2024-09-19 CVE-2024-8364 Webhammer Cross-site Scripting vulnerability in Webhammer WP Custom Fields Search

The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-18 CVE-2021-27917 Acquia Cross-site Scripting vulnerability in Acquia Mautic

Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.

5.4
2024-09-18 CVE-2022-25774 Acquia Cross-site Scripting vulnerability in Acquia Mautic

Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards.

5.4
2024-09-18 CVE-2024-5959 Elizsoftware Cross-site Scripting vulnerability in Elizsoftware Panel

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Stored XSS.This issue affects Panel: before v2.3.24.

5.4
2024-09-18 CVE-2024-43983 Podlove Cross-site Scripting vulnerability in Podlove Podcast Publisher

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.

5.4
2024-09-18 CVE-2024-43987 Wayneconnor Cross-site Scripting vulnerability in Wayneconnor Sliding Door

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wayneconnor Sliding Door allows Stored XSS.This issue affects Sliding Door: from n/a through 3.6.

5.4
2024-09-18 CVE-2024-43988 Digitalnature Cross-site Scripting vulnerability in Digitalnature Mystique

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in digitalnature Mystique allows Stored XSS.This issue affects Mystique: from n/a through 2.5.7.

5.4
2024-09-18 CVE-2024-43991 Webdzier Cross-site Scripting vulnerability in Webdzier Hotel Galaxy

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in webdzier Hotel Galaxy allows Stored XSS.This issue affects Hotel Galaxy: from n/a through 4.4.24.

5.4
2024-09-18 CVE-2024-43992 Latepoint Cross-site Scripting vulnerability in Latepoint

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Latepoint LatePoint allows Stored XSS.This issue affects LatePoint: from n/a through 4.9.91.

5.4
2024-09-18 CVE-2024-43993 Cryoutcreations Cross-site Scripting vulnerability in Cryoutcreations Liquido

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Liquido allows Stored XSS.This issue affects Liquido: from n/a through 1.0.1.2.

5.4
2024-09-18 CVE-2024-43994 Cryoutcreations Cross-site Scripting vulnerability in Cryoutcreations Kahuna

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Kahuna allows Stored XSS.This issue affects Kahuna: from n/a through 1.7.0.

5.4
2024-09-18 CVE-2024-43995 Sktthemes Cross-site Scripting vulnerability in Sktthemes Posterity

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sonalsinha21 Posterity allows Stored XSS.This issue affects Posterity: from n/a through 3.6.

5.4
2024-09-18 CVE-2024-44001 Royal Elementor Addons Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.982.

5.4
2024-09-18 CVE-2024-44005 Greenshiftwp Cross-site Scripting vulnerability in Greenshiftwp Greenshift - Animation and Page Builder Blocks

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.3.7.

5.4
2024-09-17 CVE-2024-43977 Posimyth Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.2.

5.4
2024-09-17 CVE-2024-44008 Cyberhobo Cross-site Scripting vulnerability in Cyberhobo GEO Mashup

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS.This issue affects Geo Mashup: from n/a through 1.13.12.

5.4
2024-09-17 CVE-2024-44047 Idxbroker Cross-site Scripting vulnerability in Idxbroker Impress for IDX Broker

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in IDX Broker IMPress for IDX Broker allows Stored XSS.This issue affects IMPress for IDX Broker: from n/a through 3.2.2.

5.4
2024-09-17 CVE-2024-44049 Themehunk Cross-site Scripting vulnerability in Themehunk Gutenberg Blocks

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks – Unlimited blocks For Gutenberg allows Stored XSS.This issue affects Gutenberg Blocks – Unlimited blocks For Gutenberg: from n/a through 1.2.7.

5.4
2024-09-17 CVE-2024-44050 Cryoutcreations Cross-site Scripting vulnerability in Cryoutcreations Verbosa

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Verbosa allows Stored XSS.This issue affects Verbosa: from n/a through 1.2.3.

5.4
2024-09-17 CVE-2024-44051 Vanderwijk Cross-site Scripting vulnerability in Vanderwijk Content Blocks

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.5.

5.4
2024-09-17 CVE-2024-45451 Cryoutcreations Cross-site Scripting vulnerability in Cryoutcreations Roseta

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Roseta allows Stored XSS.This issue affects Roseta: from n/a through 1.3.0.

5.4
2024-09-17 CVE-2024-45452 Cryoutcreations Cross-site Scripting vulnerability in Cryoutcreations Septera

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Septera septera allows Stored XSS.This issue affects Septera: from n/a through 1.5.1.

5.4
2024-09-17 CVE-2024-46976 Backstage Cross-site Scripting vulnerability in Backstage

Backstage is an open framework for building developer portals.

5.4
2024-09-17 CVE-2024-38380 Millbeckcommunications Cross-site Scripting vulnerability in Millbeckcommunications Proroute H685T-W Firmware 3.2.334

This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session.

5.4
2024-09-17 CVE-2024-8043 Seanschulte Cross-Site Request Forgery (CSRF) vulnerability in Seanschulte Vikinghammer Tweet

The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

5.4
2024-09-17 CVE-2024-8051 MOC Cross-Site Request Forgery (CSRF) vulnerability in MOC Special Feed Items

The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

5.4
2024-09-17 CVE-2024-8092 Alaingonzalez Cross-Site Request Forgery (CSRF) vulnerability in Alaingonzalez Accordion Image Menu

The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

5.4
2024-09-19 CVE-2024-9003 Jflow Project Unspecified vulnerability in Jflow Project Jflow 2.0.0

A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0.

5.3
2024-09-19 CVE-2024-47160 Jetbrains Incorrect Authorization vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible

5.3
2024-09-19 CVE-2024-47162 Jetbrains Insufficiently Protected Credentials vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page

5.3
2024-09-19 CVE-2024-8651 Netcat Information Exposure Through Discrepancy vulnerability in Netcat Content Management System

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v.

5.3
2024-09-19 CVE-2022-4533 Felixmoira Insufficient Verification of Data Authenticity vulnerability in Felixmoira Limit Login Attempts Plus

The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0.

5.3
2024-09-18 CVE-2024-8891 Circutor Unspecified vulnerability in Circutor Q-Smt Firmware 1.0.4

An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4.

5.3
2024-09-18 CVE-2024-6641 Getastra Incorrect Comparison vulnerability in Getastra WP Hardening

The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6.

5.3
2024-09-17 CVE-2024-45384 Apache Unspecified vulnerability in Apache Druid

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability. While we are not aware of a way to meaningfully exploit this flaw, we nevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue and ensuring you have a strong druid.auth.pac4j.cookiePassphrase as a precaution.

5.3
2024-09-17 CVE-2024-45612 Contao Injection vulnerability in Contao

Contao is an Open Source CMS.

5.3
2024-09-17 CVE-2024-8796 Tinfoilsecurity Insufficient Entropy vulnerability in Tinfoilsecurity Devise-Two-Factor

Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226.

5.3
2024-09-16 CVE-2024-39772 Mattermost Unspecified vulnerability in Mattermost Server

Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.

5.3
2024-09-16 CVE-2024-1578 Rfideas Unspecified vulnerability in Rfideas Micard Plus BLE Firmware and Micard Plus CI Firmware

The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users.

5.3
2024-09-18 CVE-2024-43188 IBM Unspecified vulnerability in IBM Business Automation Workflow

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation.

4.9
2024-09-22 CVE-2024-9083 Razormist Cross-site Scripting vulnerability in Razormist Employee Management System 1.0

A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0.

4.8
2024-09-18 CVE-2024-47058 Acquia Cross-site Scripting vulnerability in Acquia Mautic

With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed.

4.8
2024-09-18 CVE-2024-43972 Pagelayer Cross-site Scripting vulnerability in Pagelayer

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagelayer Team PageLayer allows Stored XSS.This issue affects PageLayer: from n/a through 1.8.7.

4.8
2024-09-18 CVE-2024-43999 Ninjaforms Cross-site Scripting vulnerability in Ninjaforms Ninja Forms

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11.

4.8
2024-09-17 CVE-2024-43985 Mage People Cross-site Scripting vulnerability in Mage-People BUS Ticket Booking With Seat Reservation

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Stored XSS.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through 5.3.5.

4.8
2024-09-17 CVE-2024-8660 Concretecms Cross-site Scripting vulnerability in Concretecms Concrete CMS

Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N .

4.8
2024-09-17 CVE-2024-5170 WP Master Cross-site Scripting vulnerability in Wp-Master Logo Manager for Enamad

The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2024-09-16 CVE-2024-32034 Decidim Cross-site Scripting vulnerability in Decidim

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations.

4.8
2024-09-16 CVE-2024-39910 Decidim Cross-site Scripting vulnerability in Decidim

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations.

4.8
2024-09-17 CVE-2024-40840 Apple Unspecified vulnerability in Apple Iphone OS

This issue was addressed through improved state management.

4.6
2024-09-17 CVE-2024-44171 Apple Unspecified vulnerability in Apple Ipados

This issue was addressed through improved state management.

4.6
2024-09-19 CVE-2024-45770 A vulnerability was found in Performance Co-Pilot (PCP).
4.4
2024-09-17 CVE-2024-44130 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved data protection.

4.4
2024-09-19 CVE-2024-38221 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.3
2024-09-19 CVE-2024-47159 Jetbrains Incorrect Authorization vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project

4.3
2024-09-17 CVE-2024-8906 Google Unspecified vulnerability in Google Chrome

Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

4.3
2024-09-17 CVE-2024-8908 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

4.3
2024-09-17 CVE-2024-8909 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

4.3
2024-09-17 CVE-2024-45604 Contao Path Traversal vulnerability in Contao

Contao is an Open Source CMS.

4.3
2024-09-17 CVE-2024-45605 Sentry Authorization Bypass Through User-Controlled Key vulnerability in Sentry 24.1.2

Sentry is a developer-first error tracking and performance monitoring platform.

4.3
2024-09-17 CVE-2024-45606 Sentry Authorization Bypass Through User-Controlled Key vulnerability in Sentry

Sentry is a developer-first error tracking and performance monitoring platform.

4.3
2024-09-16 CVE-2024-6685 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.

4.3
2024-09-18 CVE-2024-39081 Jktyre Authentication Bypass by Capture-replay vulnerability in Jktyre Smart Tyre CAR & Bike 4.2.0

An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications.

4.2

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-20 CVE-2024-8612 A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices.
3.8
2024-09-17 CVE-2024-40791 Apple Information Exposure Through Log Files vulnerability in Apple Macos

A privacy issue was addressed with improved private data redaction for log entries.

3.3
2024-09-17 CVE-2024-40830 Apple Unspecified vulnerability in Apple Iphone OS

This issue was addressed with improved data protection.

3.3
2024-09-17 CVE-2024-40838 Apple Unspecified vulnerability in Apple Macos

A privacy issue was addressed by moving sensitive data to a protected location.

3.3
2024-09-17 CVE-2024-44139 Apple Unspecified vulnerability in Apple Iphone OS

The issue was addressed with improved checks.

2.4
2024-09-17 CVE-2024-44180 Apple Unspecified vulnerability in Apple Iphone OS

The issue was addressed with improved checks.

2.4