Weekly Vulnerabilities Reports > September 16 to 22, 2024
Overview
447 new vulnerabilities reported during this period, including 53 critical vulnerabilities and 164 high severity vulnerabilities. This weekly summary report vulnerabilities in 186 products from 130 vendors including Apple, Linux, Opennetworking, Draytek, and Intel. Vulnerabilities are notably categorized as "Cross-site Scripting", "Classic Buffer Overflow", "Out-of-bounds Read", "NULL Pointer Dereference", and "SQL Injection".
- 305 reported vulnerabilities are remotely exploitables.
- 120 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 244 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 74 reported vulnerabilities.
- Code Projects has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
53 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-09-17 | CVE-2024-44146 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved file handling. | 10.0 |
2024-09-17 | CVE-2024-44148 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved validation of file attributes. | 10.0 |
2024-09-18 | CVE-2024-46986 | Tuzitio | Path Traversal vulnerability in Tuzitio Camaleon CMS Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. | 9.9 |
2024-09-22 | CVE-2024-9087 | Vehicle Management Project | SQL Injection vulnerability in Vehicle Management Project Vehicle Management 1.0 A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. | 9.8 |
2024-09-22 | CVE-2024-9088 | Razormist | Classic Buffer Overflow vulnerability in Razormist Telecom Billing Management System 1.0 A vulnerability has been found in SourceCodester Telecom Billing Management System 1.0 and classified as critical. | 9.8 |
2024-09-22 | CVE-2024-9086 | Code Projects | SQL Injection vulnerability in Code-Projects Restaurant Reservation System 1.0 A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. | 9.8 |
2024-09-22 | CVE-2024-9082 | Oretnom23 | Incorrect Authorization vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. | 9.8 |
2024-09-22 | CVE-2024-9085 | Code Projects | SQL Injection vulnerability in Code-Projects Restaurant Reservation System 1.0 A vulnerability was found in code-projects Restaurant Reservation System 1.0. | 9.8 |
2024-09-22 | CVE-2024-9080 | Code Projects | SQL Injection vulnerability in Code-Projects Student Record System 1.0 A vulnerability was found in code-projects Student Record System 1.0. | 9.8 |
2024-09-22 | CVE-2024-9079 | Code Projects | SQL Injection vulnerability in Code-Projects Student Record System 1.0 A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. | 9.8 |
2024-09-22 | CVE-2024-9078 | Code Projects | SQL Injection vulnerability in Code-Projects Student Record System 1.0 A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical. | 9.8 |
2024-09-20 | CVE-2024-9038 | Codezips | Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Shopping Portal 1.0 A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. | 9.8 |
2024-09-20 | CVE-2024-9039 | Mayurik | SQL Injection vulnerability in Mayurik Best House Rental Management System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. | 9.8 |
2024-09-20 | CVE-2024-9043 | Cellopoint | Out-of-bounds Write vulnerability in Cellopoint Secure Email Gateway Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. | 9.8 |
2024-09-20 | CVE-2024-8853 | Medialibs | Unspecified vulnerability in Medialibs Webo-Facto The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. | 9.8 |
2024-09-20 | CVE-2024-9011 | Code Projects | SQL Injection vulnerability in Code-Projects Crud Operation System 1.0 A vulnerability, which was classified as critical, was found in code-projects Crud Operation System 1.0. | 9.8 |
2024-09-20 | CVE-2024-9009 | Fabianros | SQL Injection vulnerability in Fabianros Online Quiz Site 1.0 A vulnerability, which was classified as critical, has been found in code-projects Online Quiz Site 1.0. | 9.8 |
2024-09-19 | CVE-2023-27584 | D7Y | Use of Hard-coded Credentials vulnerability in D7Y Dragonfly Dragonfly is an open source P2P-based file distribution and image acceleration system. | 9.8 |
2024-09-19 | CVE-2024-46983 | Antfin | Unspecified vulnerability in Antfin Sofa-Hessian sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. | 9.8 |
2024-09-19 | CVE-2024-46984 | Gematik | XXE vulnerability in Gematik Reference Validator The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. | 9.8 |
2024-09-19 | CVE-2024-9008 | Best Online News Portal Project | SQL Injection vulnerability in Best Online News Portal Project Best Online News Portal 1.0 A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. | 9.8 |
2024-09-19 | CVE-2024-9004 | Dlink | OS Command Injection vulnerability in Dlink Dar-7000 Firmware A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. | 9.8 |
2024-09-19 | CVE-2024-33109 | Ergophone Yealink | Path Traversal vulnerability in multiple products Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. | 9.8 |
2024-09-19 | CVE-2024-40125 | Closed Loop | Unrestricted Upload of File with Dangerous Type vulnerability in Closed-Loop Cless Server 4.5.2 An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint. | 9.8 |
2024-09-19 | CVE-2024-31570 | Freeimage Project | Out-of-bounds Write vulnerability in Freeimage Project Freeimage libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. | 9.8 |
2024-09-19 | CVE-2024-47088 | Apexsoftcell | Improper Restriction of Excessive Authentication Attempts vulnerability in Apexsoftcell LD DP Back Office and LD GEO This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. | 9.8 |
2024-09-18 | CVE-2024-34026 | Openplcproject | Out-of-bounds Write vulnerability in Openplcproject Openplc V3 Firmware 20240404 A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. | 9.8 |
2024-09-18 | CVE-2024-5960 | Elizsoftware | Unprotected Storage of Credentials vulnerability in Elizsoftware Panel Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24. | 9.8 |
2024-09-17 | CVE-2024-43976 | Superstorefinder | SQL Injection vulnerability in Superstorefinder Super Store Finder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7. | 9.8 |
2024-09-17 | CVE-2024-43978 | Superstorefinder | SQL Injection vulnerability in Superstorefinder Super Store Finder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8. | 9.8 |
2024-09-17 | CVE-2024-44004 | Wptaskforce | SQL Injection vulnerability in Wptaskforce Track & Trace Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6. | 9.8 |
2024-09-17 | CVE-2024-8957 | Ptzoptics | OS Command Injection vulnerability in Ptzoptics Pt30X-Ndi-Xx-G2 Firmware and Pt30X-Sdi Firmware PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. | 9.8 |
2024-09-17 | CVE-2024-38812 | Vmware | Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0 The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | 9.8 |
2024-09-17 | CVE-2024-38813 | Vmware | Improper Check for Dropped Privileges vulnerability in VMWare Vcenter Server 7.0/8.0 The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | 9.8 |
2024-09-17 | CVE-2024-45682 | Millbeck | OS Command Injection vulnerability in Millbeck Proroute H685T-W Firmware 3.2.334 There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. | 9.8 |
2024-09-17 | CVE-2024-8944 | Fabianros | SQL Injection vulnerability in Fabianros Hospital Management System 1.0 A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. | 9.8 |
2024-09-16 | CVE-2024-44623 | SPX | Code Injection vulnerability in SPX Graphics Controller An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. | 9.8 |
2024-09-16 | CVE-2024-6401 | SFS | SQL Injection vulnerability in SFS Insuree GL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2. | 9.8 |
2024-09-16 | CVE-2024-7098 | SFS | XXE vulnerability in SFS Winsure Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2. | 9.8 |
2024-09-16 | CVE-2024-7104 | SFS | Code Injection vulnerability in SFS Winsure Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2. | 9.8 |
2024-09-16 | CVE-2024-46419 | Totolink | Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220 TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. | 9.8 |
2024-09-16 | CVE-2024-46451 | Totolink | Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220 TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. | 9.8 |
2024-09-16 | CVE-2024-22399 | Apache | Deserialization of Untrusted Data vulnerability in Apache Seata Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue. | 9.8 |
2024-09-16 | CVE-2024-45694 | Dlink | Stack-based Buffer Overflow vulnerability in Dlink Dir-X4860 Firmware and Dir-X5460 Firmware The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | 9.8 |
2024-09-16 | CVE-2024-45695 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04 The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | 9.8 |
2024-09-16 | CVE-2024-45697 | Dlink | Hidden Functionality vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04 Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. | 9.8 |
2024-09-16 | CVE-2024-45698 | Dlink | Use of Hard-coded Credentials vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04 Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. | 9.8 |
2024-09-16 | CVE-2024-8880 | Playsms | Code Injection vulnerability in Playsms A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. | 9.8 |
2024-09-20 | CVE-2024-45806 | Envoyproxy | Authorization Bypass Through User-Controlled Key vulnerability in Envoyproxy Envoy Envoy is a cloud-native high-performance edge/middle/service proxy. | 9.1 |
2024-09-19 | CVE-2024-8963 | Ivanti | Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.6 Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | 9.1 |
2024-09-17 | CVE-2024-8956 | Ptzoptics | Improper Authentication vulnerability in Ptzoptics Pt30X-Ndi-Xx-G2 Firmware and Pt30X-Sdi Firmware PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. | 9.1 |
2024-09-16 | CVE-2024-46958 | Nextcloud | Unspecified vulnerability in Nextcloud Desktop 3.13.1/3.13.2/3.13.3 In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. | 9.1 |
2024-09-17 | CVE-2021-27915 | Acquia | Cross-site Scripting vulnerability in Acquia Mautic Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system. | 9.0 |
164 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-09-22 | CVE-2024-9076 | Dedecms | OS Command Injection vulnerability in Dedecms A vulnerability was found in DedeCMS up to 5.7.115. | 8.8 |
2024-09-20 | CVE-2024-9041 | Mayurik | SQL Injection vulnerability in Mayurik Best House Rental Management System 1.0 A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. | 8.8 |
2024-09-20 | CVE-2024-9032 | Oretnom23 | Path Traversal vulnerability in Oretnom23 Simple Forum/Discussion System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. | 8.8 |
2024-09-19 | CVE-2024-9006 | Jeanmarc77 | Code Injection vulnerability in Jeanmarc77 123Solar 1.8.4.5 A vulnerability was found in jeanmarc77 123solar 1.8.4.5. | 8.8 |
2024-09-19 | CVE-2024-43489 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 8.8 |
2024-09-19 | CVE-2024-43496 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 8.8 |
2024-09-19 | CVE-2024-9001 | Totolink | OS Command Injection vulnerability in Totolink T10 Firmware 4.1.8Cu.5207 A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. | 8.8 |
2024-09-19 | CVE-2024-46394 | Frogcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Frogcms Project Frogcms 0.9.5 FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add | 8.8 |
2024-09-18 | CVE-2024-46086 | Frogcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Frogcms Project Frogcms 0.9.5 FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/123 | 8.8 |
2024-09-18 | CVE-2024-5958 | Elizsoftware | SQL Injection vulnerability in Elizsoftware Panel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection.This issue affects Panel: before v2.3.24. | 8.8 |
2024-09-18 | CVE-2024-8890 | Circutor | Unspecified vulnerability in Circutor Q-Smt Firmware 1.0.4 An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. | 8.8 |
2024-09-17 | CVE-2024-45398 | Contao | Unrestricted Upload of File with Dangerous Type vulnerability in Contao Contao is an Open Source CMS. | 8.8 |
2024-09-17 | CVE-2024-38183 | Microsoft | Unspecified vulnerability in Microsoft Groupme An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | 8.8 |
2024-09-17 | CVE-2024-43460 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 Business Central Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network. | 8.8 |
2024-09-17 | CVE-2024-8949 | Oretnom23 | Improper Ownership Management vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. | 8.8 |
2024-09-17 | CVE-2024-8945 | Fairsketch | SQL Injection vulnerability in Fairsketch Rise Ultimate Project Manager 3.7.0 A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. | 8.8 |
2024-09-16 | CVE-2024-45696 | Dlink | Hidden Functionality vulnerability in Dlink Covr-X1870 Firmware and Dir-X4860 Firmware Certain models of D-Link wireless routers contain hidden functionality. | 8.8 |
2024-09-16 | CVE-2024-8779 | Syscomgo | Unspecified vulnerability in Syscomgo Omflow OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server. | 8.8 |
2024-09-18 | CVE-2024-8887 | Circutor | Improper Validation of Specified Quantity in Input vulnerability in Circutor Q-Smt Firmware 1.0.4 CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device. | 8.6 |
2024-09-17 | CVE-2024-47049 | Czim | Server-Side Request Forgery (SSRF) vulnerability in Czim File-Handling The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files. | 8.2 |
2024-09-17 | CVE-2024-8947 | Micropython | Use After Free vulnerability in Micropython 1.22.2 A vulnerability was found in MicroPython 1.22.2. | 8.1 |
2024-09-17 | CVE-2021-27916 | Acquia | Path Traversal vulnerability in Acquia Mautic Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. | 8.1 |
2024-09-19 | CVE-2024-38016 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 |
2024-09-18 | CVE-2024-46738 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_table in vmci_resource_remove(), the search is performed using the resource handle by comparing context and resource fields. It is possible though to create two resources with different types but same handle (same context and resource fields). When trying to remove one of the resources, vmci_resource_remove() may not remove the intended one, but the object will still be freed as in the case of the datagram type in vmci_datagram_destroy_handle(). vmci_resource_table will still hold a pointer to this freed resource leading to a use-after-free vulnerability. BUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline] BUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 Read of size 4 at addr ffff88801c16d800 by task syz-executor197/1592 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106 print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239 __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425 kasan_report+0x38/0x51 mm/kasan/report.c:442 vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline] vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182 ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444 kref_put include/linux/kref.h:65 [inline] vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline] vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195 vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143 __fput+0x261/0xa34 fs/file_table.c:282 task_work_run+0xf0/0x194 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187 exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220 __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline] syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313 do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x6e/0x0 This change ensures the type is also checked when removing the resource from vmci_resource_table in vmci_resource_remove(). | 7.8 |
2024-09-18 | CVE-2024-46740 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. | 7.8 |
2024-09-18 | CVE-2024-46741 | Linux | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix double free of 'buf' in error path smatch warning: drivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf' In fastrpc_req_mmap() error path, the fastrpc buffer is freed in fastrpc_req_munmap_impl() if unmap is successful. But in the end, there is an unconditional call to fastrpc_buf_free(). So the above case triggers the double free of fastrpc buf. | 7.8 |
2024-09-18 | CVE-2024-46744 | Linux | Link Following vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason why the corrupted symlink size causes an uninitialised page is due to the following sequence of events: 1. | 7.8 |
2024-09-18 | CVE-2024-46746 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: free driver_data after destroying hid device HID driver callbacks aren't called anymore once hid_destroy_device() has been called. | 7.8 |
2024-09-18 | CVE-2024-46756 | Linux | Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. | 7.8 |
2024-09-18 | CVE-2024-46757 | Linux | Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. | 7.8 |
2024-09-18 | CVE-2024-46758 | Linux | Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm95234) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. | 7.8 |
2024-09-18 | CVE-2024-46759 | Linux | Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. | 7.8 |
2024-09-18 | CVE-2024-46766 | Linux | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ice: move netif_queue_set_napi to rtnl-protected sections Currently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is not rtnl-locked when called from the reset. | 7.8 |
2024-09-18 | CVE-2024-46782 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ila: call nf_unregister_net_hooks() sooner syzbot found an use-after-free Read in ila_nf_input [1] Issue here is that ila_xlat_exit_net() frees the rhashtable, then call nf_unregister_net_hooks(). It should be done in the reverse way, with a synchronize_rcu(). This is a good match for a pre_exit() method. [1] BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline] BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline] BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 Read of size 4 at addr ffff888064620008 by task ksoftirqd/0/16 CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 rht_key_hashfn include/linux/rhashtable.h:159 [inline] __rhashtable_lookup include/linux/rhashtable.h:604 [inline] rhashtable_lookup include/linux/rhashtable.h:646 [inline] rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline] ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline] ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312 __netif_receive_skb_one_core net/core/dev.c:5661 [inline] __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775 process_backlog+0x662/0x15b0 net/core/dev.c:6108 __napi_poll+0xcb/0x490 net/core/dev.c:6772 napi_poll net/core/dev.c:6841 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:6963 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:928 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) page_type: 0xbfffffff(buddy) raw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000 raw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as freed page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493 prep_new_page mm/page_alloc.c:1501 [inline] get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline] alloc_pages_node_noprof include/linux/gfp.h:296 [inline] ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103 __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130 __do_kmalloc_node mm/slub.c:4146 [inline] __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164 __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650 bucket_table_alloc lib/rhashtable.c:186 [inline] rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071 ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613 ops_ini ---truncated--- | 7.8 |
2024-09-18 | CVE-2024-46786 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF The fscache_cookie_lru_timer is initialized when the fscache module is inserted, but is not deleted when the fscache module is removed. If timer_reduce() is called before removing the fscache module, the fscache_cookie_lru_timer will be added to the timer list of the current cpu. | 7.8 |
2024-09-18 | CVE-2024-46796 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_set_path_size() If smb2_compound_op() is called with a valid @cfile and returned -EINVAL, we need to call cifs_get_writable_path() before retrying it as the reference of @cfile was already dropped by previous call. This fixes the following KASAN splat when running fstests generic/013 against Windows Server 2022: CIFS: Attempting to mount //w22-fs0/scratch run fstests generic/013 at 2024-09-02 19:48:59 ================================================================== BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200 Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176 CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 Workqueue: cifsoplockd cifs_oplock_break [cifs] Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 ? detach_if_pending+0xab/0x200 print_report+0x156/0x4d9 ? detach_if_pending+0xab/0x200 ? __virt_addr_valid+0x145/0x300 ? __phys_addr+0x46/0x90 ? detach_if_pending+0xab/0x200 kasan_report+0xda/0x110 ? detach_if_pending+0xab/0x200 detach_if_pending+0xab/0x200 timer_delete+0x96/0xe0 ? __pfx_timer_delete+0x10/0x10 ? rcu_is_watching+0x20/0x50 try_to_grab_pending+0x46/0x3b0 __cancel_work+0x89/0x1b0 ? __pfx___cancel_work+0x10/0x10 ? kasan_save_track+0x14/0x30 cifs_close_deferred_file+0x110/0x2c0 [cifs] ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs] ? __pfx_down_read+0x10/0x10 cifs_oplock_break+0x4c1/0xa50 [cifs] ? __pfx_cifs_oplock_break+0x10/0x10 [cifs] ? lock_is_held_type+0x85/0xf0 ? mark_held_locks+0x1a/0x90 process_one_work+0x4c6/0x9f0 ? find_held_lock+0x8a/0xa0 ? __pfx_process_one_work+0x10/0x10 ? lock_acquired+0x220/0x550 ? __list_add_valid_or_report+0x37/0x100 worker_thread+0x2e4/0x570 ? __kthread_parkme+0xd1/0xf0 ? __pfx_worker_thread+0x10/0x10 kthread+0x17f/0x1c0 ? kthread+0xda/0x1c0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x60 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 1118: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 cifs_new_fileinfo+0xc8/0x9d0 [cifs] cifs_atomic_open+0x467/0x770 [cifs] lookup_open.isra.0+0x665/0x8b0 path_openat+0x4c3/0x1380 do_filp_open+0x167/0x270 do_sys_openat2+0x129/0x160 __x64_sys_creat+0xad/0xe0 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 83: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x70 poison_slab_object+0xe9/0x160 __kasan_slab_free+0x32/0x50 kfree+0xf2/0x300 process_one_work+0x4c6/0x9f0 worker_thread+0x2e4/0x570 kthread+0x17f/0x1c0 ret_from_fork+0x31/0x60 ret_from_fork_asm+0x1a/0x30 Last potentially related work creation: kasan_save_stack+0x30/0x50 __kasan_record_aux_stack+0xad/0xc0 insert_work+0x29/0xe0 __queue_work+0x5ea/0x760 queue_work_on+0x6d/0x90 _cifsFileInfo_put+0x3f6/0x770 [cifs] smb2_compound_op+0x911/0x3940 [cifs] smb2_set_path_size+0x228/0x270 [cifs] cifs_set_file_size+0x197/0x460 [cifs] cifs_setattr+0xd9c/0x14b0 [cifs] notify_change+0x4e3/0x740 do_truncate+0xfa/0x180 vfs_truncate+0x195/0x200 __x64_sys_truncate+0x109/0x150 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f | 7.8 |
2024-09-18 | CVE-2024-46798 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object When using kernel with the following extra config, - CONFIG_KASAN=y - CONFIG_KASAN_GENERIC=y - CONFIG_KASAN_INLINE=y - CONFIG_KASAN_VMALLOC=y - CONFIG_FRAME_WARN=4096 kernel detects that snd_pcm_suspend_all() access a freed 'snd_soc_pcm_runtime' object when the system is suspended, which leads to a use-after-free bug: [ 52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270 [ 52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330 [ 52.047785] Call trace: [ 52.047787] dump_backtrace+0x0/0x3c0 [ 52.047794] show_stack+0x34/0x50 [ 52.047797] dump_stack_lvl+0x68/0x8c [ 52.047802] print_address_description.constprop.0+0x74/0x2c0 [ 52.047809] kasan_report+0x210/0x230 [ 52.047815] __asan_report_load1_noabort+0x3c/0x50 [ 52.047820] snd_pcm_suspend_all+0x1a8/0x270 [ 52.047824] snd_soc_suspend+0x19c/0x4e0 The snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before making any access. | 7.8 |
2024-09-18 | CVE-2024-46800 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN. | 7.8 |
2024-09-18 | CVE-2024-46725 | Linux | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds write warning Check the ring type value to fix the out-of-bounds write warning | 7.8 |
2024-09-17 | CVE-2024-7788 | Libreoffice | Improper Verification of Cryptographic Signature vulnerability in Libreoffice Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5. | 7.8 |
2024-09-17 | CVE-2024-44162 | Apple | Unspecified vulnerability in Apple Xcode This issue was addressed by enabling hardened runtime. | 7.8 |
2024-09-16 | CVE-2024-34153 | Intel | Uncontrolled Search Path Element vulnerability in Intel Raid web Console Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2024-09-16 | CVE-2024-34543 | Intel | Unspecified vulnerability in Intel Raid web Console Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2024-09-16 | CVE-2024-39613 | Mattermost | Uncontrolled Search Path Element vulnerability in Mattermost Desktop Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine. | 7.8 |
2024-09-19 | CVE-2024-8698 | A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. | 7.7 | |
2024-09-18 | CVE-2024-46987 | Tuzitio | Path Traversal vulnerability in Tuzitio Camaleon CMS Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. | 7.7 |
2024-09-22 | CVE-2024-9081 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. | 7.5 |
2024-09-22 | CVE-2024-47221 | Rapidscada | Weak Password Requirements vulnerability in Rapidscada Rapid Scada CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password. | 7.5 |
2024-09-20 | CVE-2024-45807 | Envoyproxy | Unspecified vulnerability in Envoyproxy Envoy 1.31.0/1.31.1 Envoy is a cloud-native high-performance edge/middle/service proxy. | 7.5 |
2024-09-20 | CVE-2024-45809 | Envoyproxy | NULL Pointer Dereference vulnerability in Envoyproxy Envoy Envoy is a cloud-native high-performance edge/middle/service proxy. | 7.5 |
2024-09-20 | CVE-2024-45810 | Envoyproxy | Unspecified vulnerability in Envoyproxy Envoy Envoy is a cloud-native high-performance edge/middle/service proxy. | 7.5 |
2024-09-20 | CVE-2024-47000 | Zitadel | Unspecified vulnerability in Zitadel Zitadel is an open source identity management platform. | 7.5 |
2024-09-19 | CVE-2024-45410 | Traefik | Insufficient Verification of Data Authenticity vulnerability in Traefik Traefik is a golang, Cloud Native Application Proxy. | 7.5 |
2024-09-19 | CVE-2024-45861 | Kastle | Use of Hard-coded Credentials vulnerability in Kastle Access Control System Firmware Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information. | 7.5 |
2024-09-19 | CVE-2024-45862 | Kastle | Cleartext Storage of Sensitive Information vulnerability in Kastle Access Control System Firmware Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information. | 7.5 |
2024-09-19 | CVE-2024-46382 | Linlinjava | SQL Injection vulnerability in Linlinjava Litemall 1.8.0 A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminGoodscontroller.java. | 7.5 |
2024-09-18 | CVE-2024-34057 | Trianglemicroworks Siemens | Classic Buffer Overflow vulnerability in multiple products Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. | 7.5 |
2024-09-18 | CVE-2024-8287 | Canonical | Improper Certificate Validation vulnerability in Canonical Anbox Cloud Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. | 7.5 |
2024-09-18 | CVE-2023-28452 | Coredns IO | Unspecified vulnerability in Coredns.Io Coredns An issue was discovered in CoreDNS through 1.10.1. | 7.5 |
2024-09-18 | CVE-2024-36980 | Openplcproject | Out-of-bounds Read vulnerability in Openplcproject Openplc V3 Firmware 20240404 An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. | 7.5 |
2024-09-18 | CVE-2024-36981 | Openplcproject | Out-of-bounds Read vulnerability in Openplcproject Openplc V3 Firmware 20240404 An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. | 7.5 |
2024-09-18 | CVE-2024-39589 | Openplcproject | Incorrect Type Conversion or Cast vulnerability in Openplcproject Openplc V3 Firmware 20240528 Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. | 7.5 |
2024-09-18 | CVE-2024-39590 | Openplcproject | Incorrect Type Conversion or Cast vulnerability in Openplcproject Openplc V3 Firmware 20240528 Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. | 7.5 |
2024-09-18 | CVE-2024-46550 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. | 7.5 |
2024-09-18 | CVE-2024-46551 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. | 7.5 |
2024-09-18 | CVE-2024-46552 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. | 7.5 |
2024-09-18 | CVE-2024-46553 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46554 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46555 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46556 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46557 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46558 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46559 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. | 7.5 |
2024-09-18 | CVE-2024-46560 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46561 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46564 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi. | 7.5 |
2024-09-18 | CVE-2024-46565 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. | 7.5 |
2024-09-18 | CVE-2024-46566 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at sslapp.cgi. | 7.5 |
2024-09-18 | CVE-2024-46567 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46568 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. | 7.5 |
2024-09-18 | CVE-2024-46571 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. | 7.5 |
2024-09-18 | CVE-2024-46580 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46581 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfName parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46582 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvAddr parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46583 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. | 7.5 |
2024-09-18 | CVE-2024-46584 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. | 7.5 |
2024-09-18 | CVE-2024-46585 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at usergrp.cgi. | 7.5 |
2024-09-18 | CVE-2024-46586 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sCloudPass parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46588 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at wizfw.cgi. | 7.5 |
2024-09-18 | CVE-2024-46589 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sIpv6AiccuUser parameter at inetipv6.cgi. | 7.5 |
2024-09-18 | CVE-2024-46590 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46591 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46592 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46593 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at cgiswm.cgi. | 7.5 |
2024-09-18 | CVE-2024-46594 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46595 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi. | 7.5 |
2024-09-18 | CVE-2024-46596 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi. | 7.5 |
2024-09-18 | CVE-2024-46597 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. | 7.5 |
2024-09-18 | CVE-2024-46598 | Draytek | Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi. | 7.5 |
2024-09-18 | CVE-2024-23915 | Opennetworking | NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0 Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-23916 | Opennetworking | NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0 Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31164 | Opennetworking | NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0 Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31165 | Opennetworking | NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0 Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31166 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31167 | Opennetworking | NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0 Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31168 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31169 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31170 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31171 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31172 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31173 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31174 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31175 | Opennetworking | NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0 Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31176 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31177 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg modules). | 7.5 |
2024-09-18 | CVE-2024-31178 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31179 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31180 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31181 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31182 | Opennetworking | NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0 Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31183 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31184 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31185 | Opennetworking | NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0 Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31186 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31187 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31188 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31189 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31190 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31191 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31192 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31193 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31194 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31195 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31196 | Opennetworking | NULL Pointer Dereference vulnerability in Opennetworking Libfluid MSG 0.1.0 Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31197 | Opennetworking | Unspecified vulnerability in Opennetworking Libfluid MSG 0.1.0 Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-31198 | Opennetworking | Out-of-bounds Read vulnerability in Opennetworking Libfluid MSG 0.1.0 Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). | 7.5 |
2024-09-18 | CVE-2024-8888 | Circutor | Insufficient Session Expiration vulnerability in Circutor Q-Smt Firmware 1.0.4 An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. | 7.5 |
2024-09-17 | CVE-2024-8900 | Mozilla | Unspecified vulnerability in Mozilla Firefox An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. | 7.5 |
2024-09-17 | CVE-2024-8946 | Micropython | Out-of-bounds Write vulnerability in Micropython 1.23.0 A vulnerability was found in MicroPython 1.23.0. | 7.5 |
2024-09-17 | CVE-2024-8948 | Micropython | Out-of-bounds Write vulnerability in Micropython 1.23.0 A vulnerability was found in MicroPython 1.23.0. | 7.5 |
2024-09-17 | CVE-2024-47047 | In2Code | Authorization Bypass Through User-Controlled Key vulnerability in In2Code Powermail An issue was discovered in the powermail extension through 12.4.0 for TYPO3. | 7.5 |
2024-09-17 | CVE-2024-27795 | Apple | Improper Preservation of Permissions vulnerability in Apple Macos A permissions issue was addressed with additional restrictions. | 7.5 |
2024-09-17 | CVE-2024-27861 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved memory handling. | 7.5 |
2024-09-17 | CVE-2024-40770 | Apple | Improper Preservation of Permissions vulnerability in Apple Macos A permissions issue was addressed with additional restrictions. | 7.5 |
2024-09-17 | CVE-2024-40848 | Apple | Unspecified vulnerability in Apple Macos A downgrade issue was addressed with additional code-signing restrictions. | 7.5 |
2024-09-17 | CVE-2024-40856 | Apple | Unspecified vulnerability in Apple Iphone OS and Macos An integrity issue was addressed with Beacon Protection. | 7.5 |
2024-09-17 | CVE-2024-44149 | Apple | Improper Preservation of Permissions vulnerability in Apple Macos A permissions issue was addressed with additional restrictions. | 7.5 |
2024-09-17 | CVE-2024-44152 | Apple | Unspecified vulnerability in Apple Macos A privacy issue was addressed with improved private data redaction for log entries. | 7.5 |
2024-09-17 | CVE-2024-44165 | Apple | Unspecified vulnerability in Apple products A logic issue was addressed with improved checks. | 7.5 |
2024-09-17 | CVE-2024-44189 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved checks. | 7.5 |
2024-09-16 | CVE-2024-8752 | Smart HMI | Path Traversal vulnerability in Smart-Hmi Webiq 2.15.9 The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. | 7.5 |
2024-09-16 | CVE-2024-46424 | Totolink | Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220 TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter. | 7.5 |
2024-09-16 | CVE-2024-46937 | Mfasoft | Authorization Bypass Through User-Controlled Key vulnerability in Mfasoft Secure Authentication Server An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. | 7.5 |
2024-09-16 | CVE-2024-8777 | Syscomgo | Insufficiently Protected Credentials vulnerability in Syscomgo Omflow OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. | 7.5 |
2024-09-19 | CVE-2024-45752 | Pixlone | Unspecified vulnerability in Pixlone Logiops logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. | 7.3 |
2024-09-18 | CVE-2022-25775 | Acquia | SQL Injection vulnerability in Acquia Mautic Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems. | 7.2 |
2024-09-21 | CVE-2024-6785 | Moxa | Cleartext Storage of Sensitive Information vulnerability in Moxa Mxview ONE and Mxview ONE Central Manager The configuration file stores credentials in cleartext. | 7.1 |
2024-09-18 | CVE-2024-46743 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ================================================================== BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0 Read of size 4 at addr ffffff81beca5608 by task bash/764 CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1 Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Call trace: dump_backtrace+0xdc/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0x6c/0x84 print_report+0x150/0x448 kasan_report+0x98/0x140 __asan_load4+0x78/0xa0 of_irq_parse_raw+0x2b8/0x8d0 of_irq_parse_one+0x24c/0x270 parse_interrupts+0xc0/0x120 of_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 device_add+0xb38/0xc30 of_device_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... The buggy address belongs to the object at ffffff81beca5600 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 8 bytes inside of 128-byte region [ffffff81beca5600, ffffff81beca5680) The buggy address belongs to the physical page: page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4 head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0 flags: 0x8000000000010200(slab|head|zone=2) raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300 raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ================================================================== OF: -> got it ! Prevent the out-of-bounds read by copying the device address into a buffer of sufficient size. | 7.1 |
2024-09-18 | CVE-2024-46747 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup report_fixup for the Cougar 500k Gaming Keyboard was not verifying that the report descriptor size was correct before accessing it | 7.1 |
2024-09-18 | CVE-2024-46722 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mc_data out-of-bounds read warning Clear warning that read mc_data[i-1] may out-of-bounds. | 7.1 |
2024-09-18 | CVE-2024-46723 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning Clear warning that read ucode[] may out-of-bounds. | 7.1 |
2024-09-18 | CVE-2024-46724 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Check the fb_channel_number range to avoid the array out-of-bounds read error | 7.1 |
2024-09-18 | CVE-2024-46731 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. | 7.1 |
2024-09-17 | CVE-2024-44164 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved checks. | 7.1 |
224 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-09-21 | CVE-2024-6786 | Moxa | Path Traversal vulnerability in Moxa Mxview ONE The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. | 6.5 |
2024-09-20 | CVE-2024-45808 | Envoyproxy | Improper Encoding or Escaping of Output vulnerability in Envoyproxy Envoy Envoy is a cloud-native high-performance edge/middle/service proxy. | 6.5 |
2024-09-20 | CVE-2024-46999 | Zitadel | Unspecified vulnerability in Zitadel Zitadel is an open source identity management platform. | 6.5 |
2024-09-20 | CVE-2024-47060 | Zitadel | Incorrect Authorization vulnerability in Zitadel Zitadel is an open source identity management platform. | 6.5 |
2024-09-19 | CVE-2024-47087 | Apexsoftcell | Unspecified vulnerability in Apexsoftcell LD DP Back Office and LD GEO This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint. | 6.5 |
2024-09-19 | CVE-2024-47089 | Apexsoftcell | Improper Validation of Integrity Check Value vulnerability in Apexsoftcell LD DP Back Office and LD GEO This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. | 6.5 |
2024-09-19 | CVE-2024-47085 | Apexsoftcell | Unspecified vulnerability in Apexsoftcell LD DP Back Office and LD GEO This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. | 6.5 |
2024-09-19 | CVE-2024-47086 | Apexsoftcell | Unspecified vulnerability in Apexsoftcell LD DP Back Office and LD GEO This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. | 6.5 |
2024-09-18 | CVE-2022-25776 | Acquia | Incorrect Default Permissions vulnerability in Acquia Mautic Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names. | 6.5 |
2024-09-18 | CVE-2024-8969 | OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. | 6.5 | |
2024-09-18 | CVE-2022-39068 | ZTE | Out-of-bounds Write vulnerability in ZTE Mf296R Firmware Mf296Rnordic1B06 There is a buffer overflow vulnerability in ZTE MF296R. | 6.5 |
2024-09-17 | CVE-2024-45815 | Backstage | Unspecified vulnerability in Backstage Backstage is an open framework for building developer portals. | 6.5 |
2024-09-17 | CVE-2024-45816 | Backstage | Path Traversal vulnerability in Backstage Backstage is an open framework for building developer portals. | 6.5 |
2024-09-17 | CVE-2024-45537 | Apache | Unspecified vulnerability in Apache Druid Apache Druid allows users with certain permissions to read data from other database systems using JDBC. | 6.5 |
2024-09-17 | CVE-2024-8490 | WP Property Hive | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Property-Hive Propertyhive The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. | 6.5 |
2024-09-17 | CVE-2024-8044 | Rubayathasan | Cross-Site Request Forgery (CSRF) vulnerability in Rubayathasan Infolinks AD Wrap 1.0.2 The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 6.5 |
2024-09-17 | CVE-2024-8047 | Gowildchild | Cross-Site Request Forgery (CSRF) vulnerability in Gowildchild Visual Sound The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 6.5 |
2024-09-17 | CVE-2024-8091 | Jakesnyder | Cross-Site Request Forgery (CSRF) vulnerability in Jakesnyder Enhanced Search BOX The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 6.5 |
2024-09-17 | CVE-2024-8093 | Lucasgarcia | Cross-Site Request Forgery (CSRF) vulnerability in Lucasgarcia Posts Reminder The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 6.5 |
2024-09-17 | CVE-2024-40866 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved UI. | 6.5 |
2024-09-17 | CVE-2024-44124 | Apple | Unspecified vulnerability in Apple Iphone OS This issue was addressed through improved state management. | 6.5 |
2024-09-17 | CVE-2024-44187 | Apple | Origin Validation Error vulnerability in Apple products A cross-origin issue existed with "iframe" elements. | 6.5 |
2024-09-16 | CVE-2024-38315 | IBM | Insufficient Session Expiration vulnerability in IBM Aspera Shares 1.10.0/1.9.14 IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. | 6.5 |
2024-09-16 | CVE-2024-45835 | Mattermost | Unspecified vulnerability in Mattermost Server Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access. | 6.5 |
2024-09-16 | CVE-2024-45833 | Mattermost | Unspecified vulnerability in Mattermost Mobile 1.26.0/1.29.0/1.30.0 Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character.. | 6.5 |
2024-09-16 | CVE-2024-8778 | Syscomgo | Path Traversal vulnerability in Syscomgo Omflow OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files. | 6.5 |
2024-09-16 | CVE-2024-8780 | Syscomgo | Unspecified vulnerability in Syscomgo Omflow OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users. | 6.5 |
2024-09-21 | CVE-2024-9048 | Ruoyi | Cross-site Scripting vulnerability in Ruoyi A vulnerability was found in y_project RuoYi up to 4.7.9. | 6.1 |
2024-09-19 | CVE-2024-25673 | Couchbase | Injection vulnerability in Couchbase Server Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection. | 6.1 |
2024-09-19 | CVE-2024-8652 | Netcat | Cross-site Scripting vulnerability in Netcat Content Management System A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. | 6.1 |
2024-09-19 | CVE-2024-8653 | Netcat | Cross-site Scripting vulnerability in Netcat Content Management System A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. | 6.1 |
2024-09-19 | CVE-2024-8883 | Redhat | Open Redirect vulnerability in Redhat products A misconfiguration flaw was found in Keycloak. | 6.1 |
2024-09-19 | CVE-2024-8850 | Ibericode | Cross-site Scripting vulnerability in Ibericode Mailchimp The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as {email} is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. | 6.1 |
2024-09-18 | CVE-2024-46372 | Dedecms | Cross-site Scripting vulnerability in Dedecms 5.7.115 DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. | 6.1 |
2024-09-18 | CVE-2024-47050 | Acquia | Cross-site Scripting vulnerability in Acquia Mautic Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. | 6.1 |
2024-09-18 | CVE-2024-43024 | RWS | Cross-site Scripting vulnerability in RWS Multitrans Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
2024-09-18 | CVE-2024-43025 | RWS | Cross-site Scripting vulnerability in RWS Multitrans An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail. | 6.1 |
2024-09-18 | CVE-2024-6877 | Elizsoftware | Cross-site Scripting vulnerability in Elizsoftware Panel Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Reflected XSS.This issue affects Panel: before v2.3.24. | 6.1 |
2024-09-18 | CVE-2024-43970 | Surecart | Cross-site Scripting vulnerability in Surecart Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3. | 6.1 |
2024-09-18 | CVE-2024-43971 | Sunshinephotocart | Cross-site Scripting vulnerability in Sunshinephotocart Sunshine Photo Cart Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.2.5. | 6.1 |
2024-09-18 | CVE-2024-43975 | Superstorefinder | Cross-site Scripting vulnerability in Superstorefinder Super Store Finder Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7. | 6.1 |
2024-09-18 | CVE-2024-44002 | Pickplugins | Cross-site Scripting vulnerability in Pickplugins Team Showcase Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Reflected XSS.This issue affects Team Showcase: from n/a through 1.22.25. | 6.1 |
2024-09-18 | CVE-2024-44003 | Spicethemes | Cross-site Scripting vulnerability in Spicethemes Spice Starter Sites Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in spicethemes Spice Starter Sites allows Reflected XSS.This issue affects Spice Starter Sites: from n/a through 1.2.5. | 6.1 |
2024-09-17 | CVE-2024-44007 | Sktthemes | Cross-site Scripting vulnerability in Sktthemes SKT Templates Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Templates – Elementor & Gutenberg templates allows Reflected XSS.This issue affects SKT Templates – Elementor & Gutenberg templates: from n/a through 6.14. | 6.1 |
2024-09-17 | CVE-2024-44009 | Wclovers | Cross-site Scripting vulnerability in Wclovers Wcfm Marketplace Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WC Lovers WCFM Marketplace allows Reflected XSS.This issue affects WCFM Marketplace: from n/a through 3.6.10. | 6.1 |
2024-09-17 | CVE-2024-44064 | Likebtn | Cross-Site Request Forgery (CSRF) vulnerability in Likebtn Like Button Rating Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54. | 6.1 |
2024-09-17 | CVE-2024-8907 | Cross-site Scripting vulnerability in Google Chrome Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. | 6.1 | |
2024-09-17 | CVE-2024-8951 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Resort Reservation System 1.0 A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. | 6.1 |
2024-09-17 | CVE-2024-8897 | Mozilla | Open Redirect vulnerability in Mozilla Firefox Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. | 6.1 |
2024-09-17 | CVE-2024-8761 | WP Unit | Open Redirect vulnerability in Wp-Unit Share This Image The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. | 6.1 |
2024-09-17 | CVE-2024-8052 | MOC | Cross-Site Request Forgery (CSRF) vulnerability in MOC Review Ratings The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 6.1 |
2024-09-17 | CVE-2024-40797 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed through improved state management. | 6.1 |
2024-09-17 | CVE-2024-40826 | Apple | Unspecified vulnerability in Apple Iphone OS and Macos A privacy issue was addressed with improved handling of files. | 6.1 |
2024-09-17 | CVE-2024-40857 | Apple | Cross-site Scripting vulnerability in Apple products This issue was addressed through improved state management. | 6.1 |
2024-09-16 | CVE-2024-4283 | Gitlab | Open Redirect vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. | 6.1 |
2024-09-16 | CVE-2024-46970 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible | 6.1 |
2024-09-16 | CVE-2024-8776 | Intumit | Cross-site Scripting vulnerability in Intumit Smartrobot Firmware 6.0.0202012Tw SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks. | 6.1 |
2024-09-21 | CVE-2024-6787 | Moxa | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Moxa Mxview ONE This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). | 5.9 |
2024-09-16 | CVE-2024-32940 | Intel | Unspecified vulnerability in Intel Raid web Console Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via adjacent access. | 5.7 |
2024-09-16 | CVE-2024-34545 | Intel | Unspecified vulnerability in Intel Raid web Console Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access. | 5.7 |
2024-09-16 | CVE-2024-36247 | Intel | Unspecified vulnerability in Intel Raid web Console Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable denial of service via adjacent access. | 5.7 |
2024-09-16 | CVE-2024-36261 | Intel | Unspecified vulnerability in Intel Raid web Console Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access. | 5.7 |
2024-09-17 | CVE-2024-37985 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 22H2 and Windows 11 23H2 Windows Kernel Information Disclosure Vulnerability | 5.6 |
2024-09-22 | CVE-2024-40703 | IBM | Insufficiently Protected Credentials vulnerability in IBM Cognos Analytics and Cognos Analytics Reports IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. | 5.5 |
2024-09-21 | CVE-2024-8680 | Ibericode | Cross-site Scripting vulnerability in Ibericode Mailchimp The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. | 5.5 |
2024-09-20 | CVE-2024-9040 | Code Projects | Cleartext Storage of Sensitive Information vulnerability in Code-Projects Blood Bank Management System 1.0 A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. | 5.5 |
2024-09-19 | CVE-2024-8354 | Redhat Qemu | Reachable Assertion vulnerability in multiple products A flaw was found in QEMU. | 5.5 |
2024-09-19 | CVE-2024-45769 | A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash. | 5.5 | |
2024-09-18 | CVE-2024-46735 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() When two UBLK_CMD_START_USER_RECOVERY commands are submitted, the first one sets 'ubq->ubq_daemon' to NULL, and the second one triggers WARN in ublk_queue_reinit() and subsequently a NULL pointer dereference issue. Fix it by adding the check in ublk_ctrl_start_recovery() and return immediately in case of zero 'ub->nr_queues_ready'. BUG: kernel NULL pointer dereference, address: 0000000000000028 RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180 Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x75/0x170 ? exc_page_fault+0x64/0x140 ? asm_exc_page_fault+0x22/0x30 ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180 ublk_ctrl_uring_cmd+0x4f7/0x6c0 ? pick_next_task_idle+0x26/0x40 io_uring_cmd+0x9a/0x1b0 io_issue_sqe+0x193/0x3f0 io_wq_submit_work+0x9b/0x390 io_worker_handle_work+0x165/0x360 io_wq_worker+0xcb/0x2f0 ? finish_task_switch.isra.0+0x203/0x290 ? finish_task_switch.isra.0+0x203/0x290 ? __pfx_io_wq_worker+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_io_wq_worker+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> | 5.5 |
2024-09-18 | CVE-2024-46737 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_release_queue_work() because of a NULL pointer dereference. nvmet: failed to install queue 0 cntlid 1 ret 6 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Fix the bug by setting queue->nr_cmds to zero in case nvmet_tcp_alloc_cmd() fails. | 5.5 |
2024-09-18 | CVE-2024-46739 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. | 5.5 |
2024-09-18 | CVE-2024-46742 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return NULL. Fix this by check if 'lease_ctx_info' is NULL. Additionally, remove the redundant parentheses in parse_durable_handle_context(). | 5.5 |
2024-09-18 | CVE-2024-46749 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() This adds a check before freeing the rx->skb in flush and close functions to handle the kernel crash seen while removing driver after FW download fails or before FW download completes. dmesg log: [ 54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080 [ 54.643398] Mem abort info: [ 54.646204] ESR = 0x0000000096000004 [ 54.649964] EC = 0x25: DABT (current EL), IL = 32 bits [ 54.655286] SET = 0, FnV = 0 [ 54.658348] EA = 0, S1PTW = 0 [ 54.661498] FSC = 0x04: level 0 translation fault [ 54.666391] Data abort info: [ 54.669273] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 54.674768] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 54.674771] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000 [ 54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000 [ 54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse [ 54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2 [ 54.744364] Hardware name: FSL i.MX8MM EVK board (DT) [ 54.744368] Workqueue: hci0 hci_power_on [ 54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 54.757249] pc : kfree_skb_reason+0x18/0xb0 [ 54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart] [ 54.782921] sp : ffff8000805ebca0 [ 54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000 [ 54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230 [ 54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92 [ 54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff [ 54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857 [ 54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642 [ 54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688 [ 54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000 [ 54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000 [ 54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac [ 54.857599] Call trace: [ 54.857601] kfree_skb_reason+0x18/0xb0 [ 54.863878] btnxpuart_flush+0x40/0x58 [btnxpuart] [ 54.863888] hci_dev_open_sync+0x3a8/0xa04 [ 54.872773] hci_power_on+0x54/0x2e4 [ 54.881832] process_one_work+0x138/0x260 [ 54.881842] worker_thread+0x32c/0x438 [ 54.881847] kthread+0x118/0x11c [ 54.881853] ret_from_fork+0x10/0x20 [ 54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400) [ 54.896410] ---[ end trace 0000000000000000 ]--- | 5.5 |
2024-09-18 | CVE-2024-46750 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() One of the true positives that the cfg_access_lock lockdep effort identified is this sequence: WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70 RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70 Call Trace: <TASK> ? __warn+0x8c/0x190 ? pci_bridge_secondary_bus_reset+0x5d/0x70 ? report_bug+0x1f8/0x200 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? pci_bridge_secondary_bus_reset+0x5d/0x70 pci_reset_bus+0x1d8/0x270 vmd_probe+0x778/0xa10 pci_device_probe+0x95/0x120 Where pci_reset_bus() users are triggering unlocked secondary bus resets. Ironically pci_bus_reset(), several calls down from pci_reset_bus(), uses pci_bus_lock() before issuing the reset which locks everything *but* the bridge itself. For the same motivation as adding: bridge = pci_upstream_bridge(dev); if (bridge) pci_dev_lock(bridge); to pci_reset_function() for the "bus" and "cxl_bus" reset cases, add pci_dev_lock() for @bus->self to pci_bus_lock(). [bhelgaas: squash in recursive locking deadlock fix from Keith Busch: https://lore.kernel.org/r/[email protected]] | 5.5 |
2024-09-18 | CVE-2024-46751 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and logging an error message. | 5.5 |
2024-09-18 | CVE-2024-46755 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() mwifiex_get_priv_by_id() returns the priv pointer corresponding to the bss_num and bss_type, but without checking if the priv is actually currently in use. Unused priv pointers do not have a wiphy attached to them which can lead to NULL pointer dereferences further down the callstack. | 5.5 |
2024-09-18 | CVE-2024-46760 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after everything is set up Right now it's possible to hit NULL pointer dereference in rtw_rx_fill_rx_status on hw object and/or its fields because initialization routine can start getting USB replies before rtw_dev is fully setup. The stack trace looks like this: rtw_rx_fill_rx_status rtw8821c_query_rx_desc rtw_usb_rx_handler ... queue_work rtw_usb_read_port_complete ... usb_submit_urb rtw_usb_rx_resubmit rtw_usb_init_rx rtw_usb_probe So while we do the async stuff rtw_usb_probe continues and calls rtw_register_hw, which does all kinds of initialization (e.g. via ieee80211_register_hw) that rtw_rx_fill_rx_status relies on. Fix this by moving the first usb_submit_urb after everything is set up. For me, this bug manifested as: [ 8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped [ 8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status because I'm using Larry's backport of rtw88 driver with the NULL checks in rtw_rx_fill_rx_status. | 5.5 |
2024-09-18 | CVE-2024-46761 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because although the MSI data structure has been released during disable/hot-unplug path and it has been assigned with NULL, still during unregistration the code was again trying to explicitly disable the MSI which causes the NULL pointer dereference and kernel crash. The patch fixes the check during unregistration path to prevent invoking pci_disable_msi/msix() since its data structure is already freed. | 5.5 |
2024-09-18 | CVE-2024-46762 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and privcmd_irqfd_deassign(). | 5.5 |
2024-09-18 | CVE-2024-46763 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: fou: Fix null-ptr-deref in GRO. We observed a null-ptr-deref in fou_gro_receive() while shutting down a host. | 5.5 |
2024-09-18 | CVE-2024-46765 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ice: protect XDP configuration with a mutex The main threat to data consistency in ice_xdp() is a possible asynchronous PF reset. | 5.5 |
2024-09-18 | CVE-2024-46769 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: spi: intel: Add check devm_kasprintf() returned value intel_spi_populate_chip() use devm_kasprintf() to set pdata->name. This can return a NULL pointer on failure but this returned value is not checked. | 5.5 |
2024-09-18 | CVE-2024-46770 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ice: Add netif_device_attach/detach into PF reset flow Ethtool callbacks can be executed while reset is in progress and try to access deleted resources, e.g. | 5.5 |
2024-09-18 | CVE-2024-46772 | Linux | Divide By Zero vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check denominator crb_pipes before used [WHAT & HOW] A denominator cannot be 0, and is checked before used. This fixes 2 DIVIDE_BY_ZERO issues reported by Coverity. | 5.5 |
2024-09-18 | CVE-2024-46773 | Linux | Divide By Zero vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check denominator pbn_div before used [WHAT & HOW] A denominator cannot be 0, and is checked before used. This fixes 1 DIVIDE_BY_ZERO issue reported by Coverity. | 5.5 |
2024-09-18 | CVE-2024-46779 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Free pvr_vm_gpuva after unlink This caused a measurable memory leak. | 5.5 |
2024-09-18 | CVE-2024-46781 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix missing cleanup on rollforward recovery error In an error injection test of a routine for mount-time recovery, KASAN found a use-after-free bug. It turned out that if data recovery was performed using partial logs created by dsync writes, but an error occurred before starting the log writer to create a recovered checkpoint, the inodes whose data had been recovered were left in the ns_dirty_files list of the nilfs object and were not freed. Fix this issue by cleaning up inodes that have read the recovery data if the recovery routine fails midway before the log writer starts. | 5.5 |
2024-09-18 | CVE-2024-46784 | Linux | Use of Uninitialized Resource vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. | 5.5 |
2024-09-18 | CVE-2024-46791 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open The mcp251x_hw_wake() function is called with the mpc_lock mutex held and disables the interrupt handler so that no interrupts can be processed while waking the device. | 5.5 |
2024-09-18 | CVE-2024-46793 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder Since commit 13f58267cda3 ("ASoC: soc.h: don't create dummy Component via COMP_DUMMY()") dummy codecs declared like this: SND_SOC_DAILINK_DEF(dummy, DAILINK_COMP_ARRAY(COMP_DUMMY())); expand to: static struct snd_soc_dai_link_component dummy[] = { }; Which means that dummy is a zero sized array and thus dais[i].codecs should not be dereferenced *at all* since it points to the address of the next variable stored in the data section as the "dummy" variable has an address but no size, so even dereferencing dais[0] is already an out of bounds array reference. Which means that the if (dais[i].codecs->name) check added in commit 7d99a70b6595 ("ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards") relies on that the part of the next variable which the name member maps to just happens to be NULL. Which apparently so far it usually is, except when it isn't and then it results in crashes like this one: [ 28.795659] BUG: unable to handle page fault for address: 0000000000030011 ... [ 28.795780] Call Trace: [ 28.795787] <TASK> ... [ 28.795862] ? strcmp+0x18/0x40 [ 28.795872] 0xffffffffc150c605 [ 28.795887] platform_probe+0x40/0xa0 ... [ 28.795979] ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102] Really fix things this time around by checking dais.num_codecs != 0. | 5.5 |
2024-09-18 | CVE-2024-46795 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding session, conn->binding can still remain true and generate_preauth_hash() will not set sess->Preauth_HashValue and it will be NULL. It is used as a material to create an encryption key in ksmbd_gen_smb311_encryptionkey. | 5.5 |
2024-09-18 | CVE-2024-46797 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: powerpc/qspinlock: Fix deadlock in MCS queue If an interrupt occurs in queued_spin_lock_slowpath() after we increment qnodesp->count and before node->lock is initialized, another CPU might see stale lock values in get_tail_qnode(). | 5.5 |
2024-09-18 | CVE-2024-46799 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX If number of TX queues are set to 1 we get a NULL pointer dereference during XDP_TX. ~# ethtool -L eth0 tx 1 ~# ./xdp-trafficgen udp -A <ipv6-src> -a <ipv6-dst> eth0 -t 2 Transmitting on eth0 (ifindex 2) [ 241.135257] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030 Fix this by using actual TX queues instead of max TX queues when picking the TX channel in am65_cpsw_ndo_xdp_xmit(). | 5.5 |
2024-09-18 | CVE-2024-46801 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: libfs: fix get_stashed_dentry() get_stashed_dentry() tries to optimistically retrieve a stashed dentry from a provided location. | 5.5 |
2024-09-18 | CVE-2024-46714 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Callers can pass null in filter (i.e. | 5.5 |
2024-09-18 | CVE-2024-46719 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix null pointer dereference in trace ucsi_register_altmode checks IS_ERR for the alt pointer and treats NULL as valid. | 5.5 |
2024-09-18 | CVE-2024-46720 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix dereference after null check check the pointer hive before use. | 5.5 |
2024-09-18 | CVE-2024-46721 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? find_vma+0x34/0x60 ? bad_area_nosemaphore+0x16/0x30 ? do_user_addr_fault+0x2a2/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 policy_update+0xe3/0x180 profile_load+0xbc/0x150 ? rw_verify_area+0x47/0x140 vfs_write+0x100/0x480 ? __x64_sys_openat+0x55/0xa0 ? syscall_exit_to_user_mode+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 </TASK> Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ end trace 0000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000 ---truncated--- | 5.5 |
2024-09-18 | CVE-2024-46726 | Linux | Integer Overflow or Wraparound vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure index calculation will not overflow [WHY & HOW] Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will never overflow and exceess array size. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity. | 5.5 |
2024-09-18 | CVE-2024-46727 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update [Why] Coverity reports NULL_RETURN warning. [How] Add otg_master NULL check. | 5.5 |
2024-09-18 | CVE-2024-46728 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check index for aux_rd_interval before using aux_rd_interval has size of 7 and should be checked. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity. | 5.5 |
2024-09-18 | CVE-2024-46730 | Linux | Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure array index tg_inst won't be -1 [WHY & HOW] tg_inst will be a negative if timing_generator_count equals 0, which should be checked before used. This fixes 2 OVERRUN issues reported by Coverity. | 5.5 |
2024-09-18 | CVE-2024-46732 | Linux | Divide By Zero vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linear_pitch_alignment even for VM [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments | 5.5 |
2024-09-17 | CVE-2024-23237 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved memory handling. | 5.5 |
2024-09-17 | CVE-2024-27858 | Apple | Improper Preservation of Permissions vulnerability in Apple Macos A permissions issue was addressed with additional restrictions. | 5.5 |
2024-09-17 | CVE-2024-27860 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved memory handling. | 5.5 |
2024-09-17 | CVE-2024-27875 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved state management. | 5.5 |
2024-09-17 | CVE-2024-27880 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read issue was addressed with improved input validation. | 5.5 |
2024-09-17 | CVE-2024-40790 | Apple | Unspecified vulnerability in Apple Visionos The issue was addressed with improved handling of caches. | 5.5 |
2024-09-17 | CVE-2024-40801 | Apple | Unspecified vulnerability in Apple Macos A permissions issue was addressed with additional restrictions. | 5.5 |
2024-09-17 | CVE-2024-40831 | Apple | Improper Preservation of Permissions vulnerability in Apple Macos A permissions issue was addressed with additional restrictions. | 5.5 |
2024-09-17 | CVE-2024-40837 | Apple | Unspecified vulnerability in Apple Macos A permissions issue was addressed with additional restrictions. | 5.5 |
2024-09-17 | CVE-2024-40842 | Apple | Unspecified vulnerability in Apple Macos An issue was addressed with improved validation of environment variables. | 5.5 |
2024-09-17 | CVE-2024-40843 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved checks. | 5.5 |
2024-09-17 | CVE-2024-40844 | Apple | Unspecified vulnerability in Apple Macos A privacy issue was addressed with improved handling of temporary files. | 5.5 |
2024-09-17 | CVE-2024-40845 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved memory handling. | 5.5 |
2024-09-17 | CVE-2024-40846 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved memory handling. | 5.5 |
2024-09-17 | CVE-2024-40847 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with additional code-signing restrictions. | 5.5 |
2024-09-17 | CVE-2024-40850 | Apple | Unspecified vulnerability in Apple products A file access issue was addressed with improved input validation. | 5.5 |
2024-09-17 | CVE-2024-40859 | Apple | Improper Preservation of Permissions vulnerability in Apple Macos A permissions issue was addressed with additional restrictions. | 5.5 |
2024-09-17 | CVE-2024-40860 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved checks. | 5.5 |
2024-09-17 | CVE-2024-40863 | Apple | Unspecified vulnerability in Apple Iphone OS This issue was addressed with improved data protection. | 5.5 |
2024-09-17 | CVE-2024-44125 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved checks. | 5.5 |
2024-09-17 | CVE-2024-44128 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed by adding an additional prompt for user consent. | 5.5 |
2024-09-17 | CVE-2024-44129 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved checks. | 5.5 |
2024-09-17 | CVE-2024-44131 | Apple | Link Following vulnerability in Apple Macos This issue was addressed with improved validation of symlinks. | 5.5 |
2024-09-17 | CVE-2024-44133 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed by removing the vulnerable code. | 5.5 |
2024-09-17 | CVE-2024-44134 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved redaction of sensitive information. | 5.5 |
2024-09-17 | CVE-2024-44135 | Apple | Unspecified vulnerability in Apple Macos A permissions issue was addressed with additional restrictions. | 5.5 |
2024-09-17 | CVE-2024-44151 | Apple | Unspecified vulnerability in Apple Macos A permissions issue was addressed with additional restrictions. | 5.5 |
2024-09-17 | CVE-2024-44153 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved permissions logic. | 5.5 |
2024-09-17 | CVE-2024-44154 | Apple | Unspecified vulnerability in Apple Macos A memory initialization issue was addressed with improved memory handling. | 5.5 |
2024-09-17 | CVE-2024-44158 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved redaction of sensitive information. | 5.5 |
2024-09-17 | CVE-2024-44161 | Apple | Out-of-bounds Read vulnerability in Apple Macos An out-of-bounds read was addressed with improved bounds checking. | 5.5 |
2024-09-17 | CVE-2024-44163 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved checks. | 5.5 |
2024-09-17 | CVE-2024-44166 | Apple | Information Exposure Through Log Files vulnerability in Apple Macos A privacy issue was addressed with improved private data redaction for log entries. | 5.5 |
2024-09-17 | CVE-2024-44168 | Apple | Uncontrolled Search Path Element vulnerability in Apple Macos A library injection issue was addressed with additional restrictions. | 5.5 |
2024-09-17 | CVE-2024-44170 | Apple | Unspecified vulnerability in Apple products A privacy issue was addressed by moving sensitive data to a more secure location. | 5.5 |
2024-09-17 | CVE-2024-44176 | Apple | Unspecified vulnerability in Apple products An out-of-bounds access issue was addressed with improved bounds checking. | 5.5 |
2024-09-17 | CVE-2024-44177 | Apple | Unspecified vulnerability in Apple Macos A privacy issue was addressed by removing sensitive data. | 5.5 |
2024-09-17 | CVE-2024-44178 | Apple | Link Following vulnerability in Apple Macos This issue was addressed with improved validation of symlinks. | 5.5 |
2024-09-17 | CVE-2024-44181 | Apple | Unspecified vulnerability in Apple Macos An issue was addressed with improved handling of temporary files. | 5.5 |
2024-09-17 | CVE-2024-44182 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved redaction of sensitive information. | 5.5 |
2024-09-17 | CVE-2024-44183 | Apple | Unspecified vulnerability in Apple products A logic error was addressed with improved error handling. | 5.5 |
2024-09-17 | CVE-2024-44184 | Apple | Unspecified vulnerability in Apple Macos A permissions issue was addressed with additional restrictions. | 5.5 |
2024-09-17 | CVE-2024-44186 | Apple | Unspecified vulnerability in Apple Macos An access issue was addressed with additional sandbox restrictions. | 5.5 |
2024-09-17 | CVE-2024-44188 | Apple | Improper Preservation of Permissions vulnerability in Apple Macos A permissions issue was addressed with additional restrictions. | 5.5 |
2024-09-17 | CVE-2024-44190 | Apple | Path Traversal vulnerability in Apple Macos A path handling issue was addressed with improved validation. | 5.5 |
2024-09-17 | CVE-2024-44191 | Apple | Unspecified vulnerability in Apple products This issue was addressed through improved state management. | 5.5 |
2024-09-17 | CVE-2024-44198 | Apple | Integer Overflow or Wraparound vulnerability in Apple products An integer overflow was addressed through improved input validation. | 5.5 |
2024-09-16 | CVE-2024-28170 | Intel | Unspecified vulnerability in Intel Raid web Console Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2024-09-16 | CVE-2024-32666 | Intel | NULL Pointer Dereference vulnerability in Intel Raid web Console NULL pointer dereference in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2024-09-16 | CVE-2024-33848 | Intel | Unspecified vulnerability in Intel Raid web Console Uncaught exception in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2024-09-22 | CVE-2024-9084 | Code Projects | Cross-site Scripting vulnerability in Code-Projects Blood Bank System 1.0 A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. | 5.4 |
2024-09-22 | CVE-2024-9077 | Gitapp | Cross-site Scripting vulnerability in Gitapp Dingfanzu A vulnerability classified as problematic has been found in dingfangzu up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. | 5.4 |
2024-09-21 | CVE-2024-9075 | Stirlingpdf | Cross-site Scripting vulnerability in Stirlingpdf Stirling PDF A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. | 5.4 |
2024-09-20 | CVE-2024-9033 | Mayurik | Cross-site Scripting vulnerability in Mayurik Best House Rental Management System 1.0 A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. | 5.4 |
2024-09-20 | CVE-2024-9030 | Workdo | Cross-site Scripting vulnerability in Workdo Crmgo Saas 7.2 A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. | 5.4 |
2024-09-20 | CVE-2024-9031 | Workdo | Cross-site Scripting vulnerability in Workdo Crmgo Saas A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. | 5.4 |
2024-09-19 | CVE-2024-45614 | Puma | HTTP Request Smuggling vulnerability in Puma Puma is a Ruby/Rack web server built for parallelism. | 5.4 |
2024-09-19 | CVE-2024-9007 | Jeanmarc77 | Cross-site Scripting vulnerability in Jeanmarc77 123Solar 1.8.4.5 A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. | 5.4 |
2024-09-19 | CVE-2024-8364 | Webhammer | Cross-site Scripting vulnerability in Webhammer WP Custom Fields Search The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-09-18 | CVE-2021-27917 | Acquia | Cross-site Scripting vulnerability in Acquia Mautic Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. | 5.4 |
2024-09-18 | CVE-2022-25774 | Acquia | Cross-site Scripting vulnerability in Acquia Mautic Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards. | 5.4 |
2024-09-18 | CVE-2024-5959 | Elizsoftware | Cross-site Scripting vulnerability in Elizsoftware Panel Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Stored XSS.This issue affects Panel: before v2.3.24. | 5.4 |
2024-09-18 | CVE-2024-43983 | Podlove | Cross-site Scripting vulnerability in Podlove Podcast Publisher Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13. | 5.4 |
2024-09-18 | CVE-2024-43987 | Wayneconnor | Cross-site Scripting vulnerability in Wayneconnor Sliding Door Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wayneconnor Sliding Door allows Stored XSS.This issue affects Sliding Door: from n/a through 3.6. | 5.4 |
2024-09-18 | CVE-2024-43988 | Digitalnature | Cross-site Scripting vulnerability in Digitalnature Mystique Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in digitalnature Mystique allows Stored XSS.This issue affects Mystique: from n/a through 2.5.7. | 5.4 |
2024-09-18 | CVE-2024-43991 | Webdzier | Cross-site Scripting vulnerability in Webdzier Hotel Galaxy Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in webdzier Hotel Galaxy allows Stored XSS.This issue affects Hotel Galaxy: from n/a through 4.4.24. | 5.4 |
2024-09-18 | CVE-2024-43992 | Latepoint | Cross-site Scripting vulnerability in Latepoint Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Latepoint LatePoint allows Stored XSS.This issue affects LatePoint: from n/a through 4.9.91. | 5.4 |
2024-09-18 | CVE-2024-43993 | Cryoutcreations | Cross-site Scripting vulnerability in Cryoutcreations Liquido Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Liquido allows Stored XSS.This issue affects Liquido: from n/a through 1.0.1.2. | 5.4 |
2024-09-18 | CVE-2024-43994 | Cryoutcreations | Cross-site Scripting vulnerability in Cryoutcreations Kahuna Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Kahuna allows Stored XSS.This issue affects Kahuna: from n/a through 1.7.0. | 5.4 |
2024-09-18 | CVE-2024-43995 | Sktthemes | Cross-site Scripting vulnerability in Sktthemes Posterity Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sonalsinha21 Posterity allows Stored XSS.This issue affects Posterity: from n/a through 3.6. | 5.4 |
2024-09-18 | CVE-2024-44001 | Royal Elementor Addons | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.982. | 5.4 |
2024-09-18 | CVE-2024-44005 | Greenshiftwp | Cross-site Scripting vulnerability in Greenshiftwp Greenshift - Animation and Page Builder Blocks Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.3.7. | 5.4 |
2024-09-17 | CVE-2024-43977 | Posimyth | Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.2. | 5.4 |
2024-09-17 | CVE-2024-44008 | Cyberhobo | Cross-site Scripting vulnerability in Cyberhobo GEO Mashup Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS.This issue affects Geo Mashup: from n/a through 1.13.12. | 5.4 |
2024-09-17 | CVE-2024-44047 | Idxbroker | Cross-site Scripting vulnerability in Idxbroker Impress for IDX Broker Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in IDX Broker IMPress for IDX Broker allows Stored XSS.This issue affects IMPress for IDX Broker: from n/a through 3.2.2. | 5.4 |
2024-09-17 | CVE-2024-44049 | Themehunk | Cross-site Scripting vulnerability in Themehunk Gutenberg Blocks Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks – Unlimited blocks For Gutenberg allows Stored XSS.This issue affects Gutenberg Blocks – Unlimited blocks For Gutenberg: from n/a through 1.2.7. | 5.4 |
2024-09-17 | CVE-2024-44050 | Cryoutcreations | Cross-site Scripting vulnerability in Cryoutcreations Verbosa Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Verbosa allows Stored XSS.This issue affects Verbosa: from n/a through 1.2.3. | 5.4 |
2024-09-17 | CVE-2024-44051 | Vanderwijk | Cross-site Scripting vulnerability in Vanderwijk Content Blocks Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.5. | 5.4 |
2024-09-17 | CVE-2024-45451 | Cryoutcreations | Cross-site Scripting vulnerability in Cryoutcreations Roseta Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Roseta allows Stored XSS.This issue affects Roseta: from n/a through 1.3.0. | 5.4 |
2024-09-17 | CVE-2024-45452 | Cryoutcreations | Cross-site Scripting vulnerability in Cryoutcreations Septera Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Septera septera allows Stored XSS.This issue affects Septera: from n/a through 1.5.1. | 5.4 |
2024-09-17 | CVE-2024-46976 | Backstage | Cross-site Scripting vulnerability in Backstage Backstage is an open framework for building developer portals. | 5.4 |
2024-09-17 | CVE-2024-38380 | Millbeckcommunications | Cross-site Scripting vulnerability in Millbeckcommunications Proroute H685T-W Firmware 3.2.334 This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session. | 5.4 |
2024-09-17 | CVE-2024-8043 | Seanschulte | Cross-Site Request Forgery (CSRF) vulnerability in Seanschulte Vikinghammer Tweet The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 5.4 |
2024-09-17 | CVE-2024-8051 | MOC | Cross-Site Request Forgery (CSRF) vulnerability in MOC Special Feed Items The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 5.4 |
2024-09-17 | CVE-2024-8092 | Alaingonzalez | Cross-Site Request Forgery (CSRF) vulnerability in Alaingonzalez Accordion Image Menu The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 5.4 |
2024-09-19 | CVE-2024-9003 | Jflow Project | Unspecified vulnerability in Jflow Project Jflow 2.0.0 A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. | 5.3 |
2024-09-19 | CVE-2024-47160 | Jetbrains | Incorrect Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible | 5.3 |
2024-09-19 | CVE-2024-47162 | Jetbrains | Insufficiently Protected Credentials vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page | 5.3 |
2024-09-19 | CVE-2024-8651 | Netcat | Information Exposure Through Discrepancy vulnerability in Netcat Content Management System A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. | 5.3 |
2024-09-19 | CVE-2022-4533 | Felixmoira | Insufficient Verification of Data Authenticity vulnerability in Felixmoira Limit Login Attempts Plus The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. | 5.3 |
2024-09-18 | CVE-2024-8891 | Circutor | Unspecified vulnerability in Circutor Q-Smt Firmware 1.0.4 An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4. | 5.3 |
2024-09-18 | CVE-2024-6641 | Getastra | Incorrect Comparison vulnerability in Getastra WP Hardening The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. | 5.3 |
2024-09-17 | CVE-2024-45384 | Apache | Unspecified vulnerability in Apache Druid Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability. While we are not aware of a way to meaningfully exploit this flaw, we nevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue and ensuring you have a strong druid.auth.pac4j.cookiePassphrase as a precaution. | 5.3 |
2024-09-17 | CVE-2024-45612 | Contao | Injection vulnerability in Contao Contao is an Open Source CMS. | 5.3 |
2024-09-17 | CVE-2024-8796 | Tinfoilsecurity | Insufficient Entropy vulnerability in Tinfoilsecurity Devise-Two-Factor Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. | 5.3 |
2024-09-16 | CVE-2024-39772 | Mattermost | Unspecified vulnerability in Mattermost Server Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs. | 5.3 |
2024-09-16 | CVE-2024-1578 | Rfideas | Unspecified vulnerability in Rfideas Micard Plus BLE Firmware and Micard Plus CI Firmware The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. | 5.3 |
2024-09-18 | CVE-2024-43188 | IBM | Unspecified vulnerability in IBM Business Automation Workflow IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation. | 4.9 |
2024-09-22 | CVE-2024-9083 | Razormist | Cross-site Scripting vulnerability in Razormist Employee Management System 1.0 A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. | 4.8 |
2024-09-18 | CVE-2024-47058 | Acquia | Cross-site Scripting vulnerability in Acquia Mautic With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. | 4.8 |
2024-09-18 | CVE-2024-43972 | Pagelayer | Cross-site Scripting vulnerability in Pagelayer Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagelayer Team PageLayer allows Stored XSS.This issue affects PageLayer: from n/a through 1.8.7. | 4.8 |
2024-09-18 | CVE-2024-43999 | Ninjaforms | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11. | 4.8 |
2024-09-17 | CVE-2024-43985 | Mage People | Cross-site Scripting vulnerability in Mage-People BUS Ticket Booking With Seat Reservation Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Stored XSS.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through 5.3.5. | 4.8 |
2024-09-17 | CVE-2024-8660 | Concretecms | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . | 4.8 |
2024-09-17 | CVE-2024-5170 | WP Master | Cross-site Scripting vulnerability in Wp-Master Logo Manager for Enamad The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2024-09-16 | CVE-2024-32034 | Decidim | Cross-site Scripting vulnerability in Decidim decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. | 4.8 |
2024-09-16 | CVE-2024-39910 | Decidim | Cross-site Scripting vulnerability in Decidim decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. | 4.8 |
2024-09-17 | CVE-2024-40840 | Apple | Unspecified vulnerability in Apple Iphone OS This issue was addressed through improved state management. | 4.6 |
2024-09-17 | CVE-2024-44171 | Apple | Unspecified vulnerability in Apple Ipados This issue was addressed through improved state management. | 4.6 |
2024-09-19 | CVE-2024-45770 | A vulnerability was found in Performance Co-Pilot (PCP). | 4.4 | |
2024-09-17 | CVE-2024-44130 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved data protection. | 4.4 |
2024-09-19 | CVE-2024-38221 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 |
2024-09-19 | CVE-2024-47159 | Jetbrains | Incorrect Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project | 4.3 |
2024-09-17 | CVE-2024-8906 | Unspecified vulnerability in Google Chrome Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. | 4.3 | |
2024-09-17 | CVE-2024-8908 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 | |
2024-09-17 | CVE-2024-8909 | Unspecified vulnerability in Google Chrome Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 | |
2024-09-17 | CVE-2024-45604 | Contao | Path Traversal vulnerability in Contao Contao is an Open Source CMS. | 4.3 |
2024-09-17 | CVE-2024-45605 | Sentry | Authorization Bypass Through User-Controlled Key vulnerability in Sentry 24.1.2 Sentry is a developer-first error tracking and performance monitoring platform. | 4.3 |
2024-09-17 | CVE-2024-45606 | Sentry | Authorization Bypass Through User-Controlled Key vulnerability in Sentry Sentry is a developer-first error tracking and performance monitoring platform. | 4.3 |
2024-09-16 | CVE-2024-6685 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members. | 4.3 |
2024-09-18 | CVE-2024-39081 | Jktyre | Authentication Bypass by Capture-replay vulnerability in Jktyre Smart Tyre CAR & Bike 4.2.0 An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications. | 4.2 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-09-20 | CVE-2024-8612 | A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. | 3.8 | |
2024-09-17 | CVE-2024-40791 | Apple | Information Exposure Through Log Files vulnerability in Apple Macos A privacy issue was addressed with improved private data redaction for log entries. | 3.3 |
2024-09-17 | CVE-2024-40830 | Apple | Unspecified vulnerability in Apple Iphone OS This issue was addressed with improved data protection. | 3.3 |
2024-09-17 | CVE-2024-40838 | Apple | Unspecified vulnerability in Apple Macos A privacy issue was addressed by moving sensitive data to a protected location. | 3.3 |
2024-09-17 | CVE-2024-44139 | Apple | Unspecified vulnerability in Apple Iphone OS The issue was addressed with improved checks. | 2.4 |
2024-09-17 | CVE-2024-44180 | Apple | Unspecified vulnerability in Apple Iphone OS The issue was addressed with improved checks. | 2.4 |