Weekly Vulnerabilities Reports > November 4 to 10, 2024

Overview

517 new vulnerabilities reported during this period, including 48 critical vulnerabilities and 148 high severity vulnerabilities. This weekly summary report vulnerabilities in 580 products from 152 vendors including Linux, Qualcomm, Huawei, Samsung, and Codezips. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "NULL Pointer Dereference", "Use After Free", and "Unrestricted Upload of File with Dangerous Type".

  • 273 reported vulnerabilities are remotely exploitables.
  • 172 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 142 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 160 reported vulnerabilities.
  • Codezips has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

48 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-11-10 CVE-2024-46613 Weechat Integer Overflow or Wraparound vulnerability in Weechat

WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list.

9.8
2024-11-10 CVE-2024-11057 Codezips SQL Injection vulnerability in Codezips Hospital Appointment System 1.0

A vulnerability has been found in Codezips Hospital Appointment System 1.0 and classified as critical.

9.8
2024-11-10 CVE-2024-11055 1000Projects SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0

A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0.

9.8
2024-11-10 CVE-2024-11054 Oretnom23 Unrestricted Upload of File with Dangerous Type vulnerability in Oretnom23 Simple Music Cloud Community System 1.0

A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0.

9.8
2024-11-10 CVE-2024-11047 Dlink Stack-based Buffer Overflow vulnerability in Dlink Di-8003 Firmware 16.07.16A1

A vulnerability was found in D-Link DI-8003 16.07.16A1.

9.8
2024-11-10 CVE-2024-11048 Dlink Stack-based Buffer Overflow vulnerability in Dlink Di-8003 Firmware 16.07.16A1

A vulnerability was found in D-Link DI-8003 16.07.16A1.

9.8
2024-11-10 CVE-2024-11046 Dlink Command Injection vulnerability in Dlink Di-8003 Firmware 16.07.16A1

A vulnerability was found in D-Link DI-8003 16.07.16A1.

9.8
2024-11-09 CVE-2024-10508 The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6.
9.8
2024-11-09 CVE-2024-10547 The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2.
9.8
2024-11-09 CVE-2024-10589 The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1.
9.8
2024-11-09 CVE-2024-10871 The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.2 via the 'params[caf-post-layout]' parameter.
9.8
2024-11-09 CVE-2024-10470 The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962.
9.8
2024-11-09 CVE-2024-10625 The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7.
9.8
2024-11-09 CVE-2024-10627 The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7.
9.8
2024-11-09 CVE-2024-10285 The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0.
9.8
2024-11-09 CVE-2024-10586 The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2.
9.8
2024-11-08 CVE-2024-45764 Dell Unspecified vulnerability in Dell Enterprise Sonic Distribution

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability.

9.8
2024-11-08 CVE-2024-10998 Bookstore Management System Project SQL Injection vulnerability in Bookstore Management System Project Bookstore Management System 1.0

A vulnerability was found in 1000 Projects Bookstore Management System 1.0.

9.8
2024-11-08 CVE-2024-10995 Codezips SQL Injection vulnerability in Codezips Hospital Appointment System 1.0

A vulnerability was found in Codezips Hospital Appointment System 1.0 and classified as critical.

9.8
2024-11-08 CVE-2024-10996 Bookstore Management System Project SQL Injection vulnerability in Bookstore Management System Project Bookstore Management System 1.0

A vulnerability was found in 1000 Projects Bookstore Management System 1.0.

9.8
2024-11-08 CVE-2024-10997 Bookstore Management System Project SQL Injection vulnerability in Bookstore Management System Project Bookstore Management System 1.0

A vulnerability was found in 1000 Projects Bookstore Management System 1.0.

9.8
2024-11-08 CVE-2024-10991 Codezips SQL Injection vulnerability in Codezips Hospital Appointment System 1.0

A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0.

9.8
2024-11-07 CVE-2024-10964 Emqx Classic Buffer Overflow vulnerability in Emqx Neuron

A vulnerability classified as critical has been found in emqx neuron up to 2.10.0.

9.8
2024-11-06 CVE-2024-10919 Didi OS Command Injection vulnerability in Didi Super-Jacoco 1.0

A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical.

9.8
2024-11-06 CVE-2024-10914 Dlink Unspecified vulnerability in Dlink products

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028.

9.8
2024-11-06 CVE-2024-10915 Dlink OS Command Injection vulnerability in Dlink products

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028.

9.8
2024-11-06 CVE-2024-8615 Eyecix Unrestricted Upload of File with Dangerous Type vulnerability in Eyecix Jobsearch WP JOB Board

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7.

9.8
2024-11-05 CVE-2024-10844 Bookstore Management System Project SQL Injection vulnerability in Bookstore Management System Project Bookstore Management System 1.0

A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0.

9.8
2024-11-05 CVE-2024-10845 Bookstore Management System Project SQL Injection vulnerability in Bookstore Management System Project Bookstore Management System 1.0

A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as critical.

9.8
2024-11-05 CVE-2024-10687 Contest Gallery SQL Injection vulnerability in Contest-Gallery Contest Gallery

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

9.8
2024-11-04 CVE-2024-10791 Codezips SQL Injection vulnerability in Codezips Hospital Appointment System 1.0

A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0.

9.8
2024-11-04 CVE-2024-10766 Codezips Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Free Exam Hall Seating Management System 1.0

A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0.

9.8
2024-11-04 CVE-2024-51327 Projectworlds SQL Injection vulnerability in Projectworlds Travel Management System 1.0

SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.

9.8
2024-11-04 CVE-2024-51136 Openimaj XXE vulnerability in Openimaj 1.3.10

An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file.

9.8
2024-11-04 CVE-2024-10764 Codezips Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Institute Management System 1.0

A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0.

9.8
2024-11-04 CVE-2024-10765 Codezips Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Institute Management System 1.0

A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0.

9.8
2024-11-04 CVE-2024-50523 Rainbow Link Unrestricted Upload of File with Dangerous Type vulnerability in Rainbow-Link ALL Post Contact Form

Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc.

9.8
2024-11-04 CVE-2024-50525 Helloprint Unrestricted Upload of File with Dangerous Type vulnerability in Helloprint

Unrestricted Upload of File with Dangerous Type vulnerability in Helloprint Plug your WooCommerce into the largest catalog of customized print products from Helloprint allows Upload a Web Shell to a Web Server.This issue affects Plug your WooCommerce into the largest catalog of customized print products from Helloprint: from n/a through 2.0.2.

9.8
2024-11-04 CVE-2024-50526 Lindeni Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Multi Purpose Mail Form

Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2.

9.8
2024-11-04 CVE-2024-50527 Stacksmarket Unrestricted Upload of File with Dangerous Type vulnerability in Stacksmarket Stacks Mobile APP Builder

Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.

9.8
2024-11-04 CVE-2024-50531 Carrcommunications Unrestricted Upload of File with Dangerous Type vulnerability in Carrcommunications Rsvpmaker

Unrestricted Upload of File with Dangerous Type vulnerability in David F.

9.8
2024-11-04 CVE-2024-51558 63Moons Improper Restriction of Excessive Authentication Attempts vulnerability in 63Moons Aero and Wave 2.0

This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login.

9.8
2024-11-04 CVE-2024-10035 BG TEK Code Injection vulnerability in Bg-Tek Coslat

Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection.This issue affects CoslatV3: through 3.1069.

9.8
2024-11-04 CVE-2024-10758 Code Projects
Anirbandutta9
SQL Injection vulnerability in multiple products

A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0.

9.8
2024-11-04 CVE-2024-10751 Codezips SQL Injection vulnerability in Codezips ISP Management System 1.0

A vulnerability was found in Codezips ISP Management System 1.0 and classified as critical.

9.8
2024-11-04 CVE-2024-10752 Codezips SQL Injection vulnerability in Codezips PET Shop Management System 1.0

A vulnerability was found in Codezips Pet Shop Management System 1.0.

9.8
2024-11-08 CVE-2024-10988 Anisha SQL Injection vulnerability in Anisha E-Health Care System 1.0

A vulnerability was found in code-projects E-Health Care System 1.0.

9.1
2024-11-04 CVE-2024-38408 Qualcomm Unspecified vulnerability in Qualcomm products

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

9.1

148 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-11-10 CVE-2024-11056 Tenda Stack-based Buffer Overflow vulnerability in Tenda Ac10 Firmware 16.03.10.13

A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13.

8.8
2024-11-10 CVE-2024-11051 Amttgroup SQL Injection vulnerability in Amttgroup Hotel Broadband Operating System

A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204.

8.8
2024-11-09 CVE-2024-51606 Blrt SQL Injection vulnerability in Blrt WP Embed

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Blrt Blrt WP Embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through 1.6.9.

8.8
2024-11-09 CVE-2024-51608 Pluginhandy SQL Injection vulnerability in Pluginhandy Amadiscount 1.0

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pluginhandy AmaDiscount allows SQL Injection.This issue affects AmaDiscount: from n/a through 1.0.

8.8
2024-11-09 CVE-2024-10626 The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up to, and including, 17.7.
8.8
2024-11-09 CVE-2024-10673 The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4.
8.8
2024-11-09 CVE-2024-10674 The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9.
8.8
2024-11-08 CVE-2024-50634 Sbond Unspecified vulnerability in Sbond Watcharr

A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token.

8.8
2024-11-08 CVE-2024-24409 Zohocorp Unspecified vulnerability in Zohocorp Manageengine Admanager Plus

Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.

8.8
2024-11-08 CVE-2024-10993 Codezips Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Institute Management System 1.0

A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0.

8.8
2024-11-08 CVE-2024-10994 Codezips Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Institute Management System 1.0

A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical.

8.8
2024-11-08 CVE-2024-10990 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Veterinary Appointment System 1.0

A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0.

8.8
2024-11-06 CVE-2024-8614 Eyecix Unrestricted Upload of File with Dangerous Type vulnerability in Eyecix Jobsearch WP JOB Board

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7.

8.8
2024-11-06 CVE-2024-9307 Themelooks Unrestricted Upload of File with Dangerous Type vulnerability in Themelooks Mfolio

The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1.

8.8
2024-11-05 CVE-2024-49772 Salesagility SQL Injection vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application.

8.8
2024-11-05 CVE-2024-50332 Salesagility SQL Injection vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application.

8.8
2024-11-05 CVE-2024-50333 Salesagility Unspecified vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application.

8.8
2024-11-05 CVE-2024-51740 Combodo Server-Side Request Forgery (SSRF) vulnerability in Combodo Itop

Combodo iTop is a simple, web based IT Service Management tool.

8.8
2024-11-05 CVE-2023-29117 Enelx Improper Authentication vulnerability in Enelx Waybox PRO Firmware

Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.

8.8
2024-11-05 CVE-2023-29118 Enelx SQL Injection vulnerability in Enelx Waybox PRO Firmware

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php.

8.8
2024-11-05 CVE-2023-29119 Enelx SQL Injection vulnerability in Enelx Waybox PRO Firmware

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php.

8.8
2024-11-05 CVE-2023-29120 Enelx OS Command Injection vulnerability in Enelx Waybox PRO Firmware

Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.

8.8
2024-11-05 CVE-2023-29121 Enelx Unspecified vulnerability in Enelx Waybox PRO Firmware

Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system.

8.8
2024-11-05 CVE-2023-29126 Enelx Unspecified vulnerability in Enelx Waybox PRO Firmware

The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication.

8.8
2024-11-05 CVE-2024-10711 Ithemelandco Cross-Site Request Forgery (CSRF) vulnerability in Ithemelandco Woocommerce Report

The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1.

8.8
2024-11-05 CVE-2024-9459 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Exchange Reporter Plus

Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.

8.8
2024-11-05 CVE-2024-31998 Combodo Cross-Site Request Forgery (CSRF) vulnerability in Combodo Itop

Combodo iTop is a simple, web based IT Service Management tool.

8.8
2024-11-04 CVE-2024-10805 Anisha SQL Injection vulnerability in Anisha University Event Management System 1.0

A vulnerability was found in code-projects University Event Management System 1.0.

8.8
2024-11-04 CVE-2024-51329 Idrsdev Code Injection vulnerability in Idrsdev Agile-Board 1.0

A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.

8.8
2024-11-04 CVE-2024-51626 Mansurahamed SQL Injection vulnerability in Mansurahamed Woocommerce Quote Calculator

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through 1.1.

8.8
2024-11-04 CVE-2024-50529 Rudrainnovative Unrestricted Upload of File with Dangerous Type vulnerability in Rudrainnovative Training - Courses

Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1.

8.8
2024-11-04 CVE-2024-50530 Myriadsolutionz Unrestricted Upload of File with Dangerous Type vulnerability in Myriadsolutionz Stars Smtp Mailer

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through 1.7.

8.8
2024-11-04 CVE-2024-51582 Thimpress Path Traversal vulnerability in Thimpress WP Hotel Booking

Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through 2.1.4.

8.8
2024-11-04 CVE-2024-36485 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.

8.8
2024-11-04 CVE-2024-48878 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Admanager Plus

Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.

8.8
2024-11-04 CVE-2024-10759 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez Farm Management System 1.0

A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical.

8.8
2024-11-08 CVE-2024-10839 Zohocorp XXE vulnerability in Zohocorp Manageengine Sharepoint Manager Plus

Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.

8.1
2024-11-06 CVE-2024-10020 Heateor Unspecified vulnerability in Heateor Social Login

The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35.

8.1
2024-11-06 CVE-2024-9946 Heateor Unspecified vulnerability in Heateor Super Socializer

The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68.

8.1
2024-11-05 CVE-2024-10114 Wpwebelite Unspecified vulnerability in Wpwebelite Woocommerce - Social Login

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7.

8.1
2024-11-05 CVE-2024-10097 Loginizer Unspecified vulnerability in Loginizer

The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2.

8.1
2024-11-04 CVE-2024-10749 Thinkadmin Deserialization of Untrusted Data vulnerability in Thinkadmin

A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67.

8.1
2024-11-05 CVE-2023-29125 Enelx Out-of-bounds Write vulnerability in Enelx Waybox PRO Firmware

A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.

8.0
2024-11-05 CVE-2024-10841 Romadebrian SQL Injection vulnerability in Romadebrian Web-Sekolah 1.0

A vulnerability classified as critical was found in romadebrian WEB-Sekolah 1.0.

8.0
2024-11-10 CVE-2024-46952 Artifex
Debian
Classic Buffer Overflow vulnerability in multiple products

An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0.

7.8
2024-11-10 CVE-2024-46953 Artifex
Debian
Suse
Integer Overflow or Wraparound vulnerability in multiple products

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0.

7.8
2024-11-10 CVE-2024-46954 Artifex Path Traversal vulnerability in Artifex Ghostscript

An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0.

7.8
2024-11-10 CVE-2024-46956 Artifex
Debian
Suse
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0.

7.8
2024-11-10 CVE-2024-46951 Artifex
Debian
Suse
Access of Uninitialized Pointer vulnerability in multiple products

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0.

7.8
2024-11-09 CVE-2024-50215 Linux Double Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dh_key to NULL after kfree_sensitive ctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup() for the same controller.

7.8
2024-11-09 CVE-2024-50217 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids() Mounting btrfs from two images (which have the same one fsid and two different dev_uuids) in certain executing order may trigger an UAF for variable 'device->bdev_file' in __btrfs_free_extra_devids().

7.8
2024-11-09 CVE-2024-50221 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Vangogh: Fix kernel memory out of bounds write KASAN reports that the GPU metrics table allocated in vangogh_tables_init() is not large enough for the memset done in smu_cmn_init_soft_gpu_metrics().

7.8
2024-11-09 CVE-2024-50222 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP generic/077 on x86_32 CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP=y with highmem, on huge=always tmpfs, issues a warning and then hangs (interruptibly): WARNING: CPU: 5 PID: 3517 at mm/highmem.c:622 kunmap_local_indexed+0x62/0xc9 CPU: 5 UID: 0 PID: 3517 Comm: cp Not tainted 6.12.0-rc4 #2 ... copy_page_from_iter_atomic+0xa6/0x5ec generic_perform_write+0xf6/0x1b4 shmem_file_write_iter+0x54/0x67 Fix copy_page_from_iter_atomic() by limiting it in that case (include/linux/skbuff.h skb_frag_must_loop() does similar). But going forward, perhaps CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP is too surprising, has outlived its usefulness, and should just be removed?

7.8
2024-11-09 CVE-2024-50226 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown In support of investigating an initialization failure report [1], cxl_test was updated to register mock memory-devices after the mock root-port/bus device had been registered.

7.8
2024-11-09 CVE-2024-50230 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of checked flag Syzbot reported that in directory operations after nilfs2 detects filesystem corruption and degrades to read-only, __block_write_begin_int(), which is called to prepare block writes, may fail the BUG_ON check for accesses exceeding the folio/page size, triggering a kernel bug. This was found to be because the "checked" flag of a page/folio was not cleared when it was discarded by nilfs2's own routine, which causes the sanity check of directory entries to be skipped when the directory page/folio is reloaded.

7.8
2024-11-09 CVE-2024-50235 Linux Double Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear wdev->cqm_config pointer on free When we free wdev->cqm_config when unregistering, we also need to clear out the pointer since the same wdev/netdev may get re-registered in another network namespace, then destroyed later, running this code again, which results in a double-free.

7.8
2024-11-09 CVE-2024-50242 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional check in ntfs_file_release

7.8
2024-11-09 CVE-2024-50246 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add rough attr alloc_size check

7.8
2024-11-09 CVE-2024-50257 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: Fix use-after-free in get_info() ip6table_nat module unload has refcnt warning for UAF.

7.8
2024-11-09 CVE-2024-50261 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF.

7.8
2024-11-09 CVE-2024-50262 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths from the root to leaves.

7.8
2024-11-08 CVE-2024-25431 Bytecodealliance Out-of-bounds Read vulnerability in Bytecodealliance Webassembly Micro Runtime

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function.

7.8
2024-11-08 CVE-2024-50180 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fix strbuf array overflow The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains non-digit characters. Then, when executing sprintf(strbuf, "%ux%ux8", xres, yres); more than 16 bytes will be written to strbuf. It is suggested to increase the size of the strbuf array to 24. Found by Linux Verification Center (linuxtesting.org) with SVACE.

7.8
2024-11-08 CVE-2024-50203 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix address emission with tag-based KASAN enabled When BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_image struct on the stack is passed during the size calculation pass and an address on the heap is passed during code generation.

7.8
2024-11-08 CVE-2024-50209 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add a check for memory allocation __alloc_pbl() can return error when memory allocation fails. Driver is not checking the status on one of the instances.

7.8
2024-11-07 CVE-2024-50143 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2]. [1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000

7.8
2024-11-07 CVE-2024-50150 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmode should keep reference to parent The altmode device release refers to its parent device, but without keeping a reference to it. When registering the altmode, get a reference to the parent and put it in the release function. Before this fix, when using CONFIG_DEBUG_KOBJECT_RELEASE, we see issues like this: [ 43.572860] kobject: 'port0.0' (ffff8880057ba008): kobject_release, parent 0000000000000000 (delayed 3000) [ 43.573532] kobject: 'port0.1' (ffff8880057bd008): kobject_release, parent 0000000000000000 (delayed 1000) [ 43.574407] kobject: 'port0' (ffff8880057b9008): kobject_release, parent 0000000000000000 (delayed 3000) [ 43.575059] kobject: 'port1.0' (ffff8880057ca008): kobject_release, parent 0000000000000000 (delayed 4000) [ 43.575908] kobject: 'port1.1' (ffff8880057c9008): kobject_release, parent 0000000000000000 (delayed 4000) [ 43.576908] kobject: 'typec' (ffff8880062dbc00): kobject_release, parent 0000000000000000 (delayed 4000) [ 43.577769] kobject: 'port1' (ffff8880057bf008): kobject_release, parent 0000000000000000 (delayed 3000) [ 46.612867] ================================================================== [ 46.613402] BUG: KASAN: slab-use-after-free in typec_altmode_release+0x38/0x129 [ 46.614003] Read of size 8 at addr ffff8880057b9118 by task kworker/2:1/48 [ 46.614538] [ 46.614668] CPU: 2 UID: 0 PID: 48 Comm: kworker/2:1 Not tainted 6.12.0-rc1-00138-gedbae730ad31 #535 [ 46.615391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 46.616042] Workqueue: events kobject_delayed_cleanup [ 46.616446] Call Trace: [ 46.616648] <TASK> [ 46.616820] dump_stack_lvl+0x5b/0x7c [ 46.617112] ? typec_altmode_release+0x38/0x129 [ 46.617470] print_report+0x14c/0x49e [ 46.617769] ? rcu_read_unlock_sched+0x56/0x69 [ 46.618117] ? __virt_addr_valid+0x19a/0x1ab [ 46.618456] ? kmem_cache_debug_flags+0xc/0x1d [ 46.618807] ? typec_altmode_release+0x38/0x129 [ 46.619161] kasan_report+0x8d/0xb4 [ 46.619447] ? typec_altmode_release+0x38/0x129 [ 46.619809] ? process_scheduled_works+0x3cb/0x85f [ 46.620185] typec_altmode_release+0x38/0x129 [ 46.620537] ? process_scheduled_works+0x3cb/0x85f [ 46.620907] device_release+0xaf/0xf2 [ 46.621206] kobject_delayed_cleanup+0x13b/0x17a [ 46.621584] process_scheduled_works+0x4f6/0x85f [ 46.621955] ? __pfx_process_scheduled_works+0x10/0x10 [ 46.622353] ? hlock_class+0x31/0x9a [ 46.622647] ? lock_acquired+0x361/0x3c3 [ 46.622956] ? move_linked_works+0x46/0x7d [ 46.623277] worker_thread+0x1ce/0x291 [ 46.623582] ? __kthread_parkme+0xc8/0xdf [ 46.623900] ? __pfx_worker_thread+0x10/0x10 [ 46.624236] kthread+0x17e/0x190 [ 46.624501] ? kthread+0xfb/0x190 [ 46.624756] ? __pfx_kthread+0x10/0x10 [ 46.625015] ret_from_fork+0x20/0x40 [ 46.625268] ? __pfx_kthread+0x10/0x10 [ 46.625532] ret_from_fork_asm+0x1a/0x30 [ 46.625805] </TASK> [ 46.625953] [ 46.626056] Allocated by task 678: [ 46.626287] kasan_save_stack+0x24/0x44 [ 46.626555] kasan_save_track+0x14/0x2d [ 46.626811] __kasan_kmalloc+0x3f/0x4d [ 46.627049] __kmalloc_noprof+0x1bf/0x1f0 [ 46.627362] typec_register_port+0x23/0x491 [ 46.627698] cros_typec_probe+0x634/0xbb6 [ 46.628026] platform_probe+0x47/0x8c [ 46.628311] really_probe+0x20a/0x47d [ 46.628605] device_driver_attach+0x39/0x72 [ 46.628940] bind_store+0x87/0xd7 [ 46.629213] kernfs_fop_write_iter+0x1aa/0x218 [ 46.629574] vfs_write+0x1d6/0x29b [ 46.629856] ksys_write+0xcd/0x13b [ 46.630128] do_syscall_64+0xd4/0x139 [ 46.630420] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 46.630820] [ 46.630946] Freed by task 48: [ 46.631182] kasan_save_stack+0x24/0x44 [ 46.631493] kasan_save_track+0x14/0x2d [ 46.631799] kasan_save_free_info+0x3f/0x4d [ 46.632144] __kasan_slab_free+0x37/0x45 [ 46.632474] ---truncated---

7.8
2024-11-07 CVE-2024-50151 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2_IOCTL request When using encryption, either enforced by the server or when using 'seal' mount option, the client will squash all compound request buffers down for encryption into a single iov in smb2_set_next_command(). SMB2_ioctl_init() allocates a small buffer (448 bytes) to hold the SMB2_IOCTL request in the first iov, and if the user passes an input buffer that is greater than 328 bytes, smb2_set_next_command() will end up writing off the end of @rqst->iov[0].iov_base as shown below: mount.cifs //srv/share /mnt -o ...,seal ln -s $(perl -e "print('a')for 1..1024") /mnt/link BUG: KASAN: slab-out-of-bounds in smb2_set_next_command.cold+0x1d6/0x24c [cifs] Write of size 4116 at addr ffff8881148fcab8 by task ln/859 CPU: 1 UID: 0 PID: 859 Comm: ln Not tainted 6.12.0-rc3 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 ? smb2_set_next_command.cold+0x1d6/0x24c [cifs] print_report+0x156/0x4d9 ? smb2_set_next_command.cold+0x1d6/0x24c [cifs] ? __virt_addr_valid+0x145/0x310 ? __phys_addr+0x46/0x90 ? smb2_set_next_command.cold+0x1d6/0x24c [cifs] kasan_report+0xda/0x110 ? smb2_set_next_command.cold+0x1d6/0x24c [cifs] kasan_check_range+0x10f/0x1f0 __asan_memcpy+0x3c/0x60 smb2_set_next_command.cold+0x1d6/0x24c [cifs] smb2_compound_op+0x238c/0x3840 [cifs] ? kasan_save_track+0x14/0x30 ? kasan_save_free_info+0x3b/0x70 ? vfs_symlink+0x1a1/0x2c0 ? do_symlinkat+0x108/0x1c0 ? __pfx_smb2_compound_op+0x10/0x10 [cifs] ? kmem_cache_free+0x118/0x3e0 ? cifs_get_writable_path+0xeb/0x1a0 [cifs] smb2_get_reparse_inode+0x423/0x540 [cifs] ? __pfx_smb2_get_reparse_inode+0x10/0x10 [cifs] ? rcu_is_watching+0x20/0x50 ? __kmalloc_noprof+0x37c/0x480 ? smb2_create_reparse_symlink+0x257/0x490 [cifs] ? smb2_create_reparse_symlink+0x38f/0x490 [cifs] smb2_create_reparse_symlink+0x38f/0x490 [cifs] ? __pfx_smb2_create_reparse_symlink+0x10/0x10 [cifs] ? find_held_lock+0x8a/0xa0 ? hlock_class+0x32/0xb0 ? __build_path_from_dentry_optional_prefix+0x19d/0x2e0 [cifs] cifs_symlink+0x24f/0x960 [cifs] ? __pfx_make_vfsuid+0x10/0x10 ? __pfx_cifs_symlink+0x10/0x10 [cifs] ? make_vfsgid+0x6b/0xc0 ? generic_permission+0x96/0x2d0 vfs_symlink+0x1a1/0x2c0 do_symlinkat+0x108/0x1c0 ? __pfx_do_symlinkat+0x10/0x10 ? strncpy_from_user+0xaa/0x160 __x64_sys_symlinkat+0xb9/0xf0 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f08d75c13bb

7.8
2024-11-07 CVE-2024-50155 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netdevsim: use cond_resched() in nsim_dev_trap_report_work() I am still seeing many syzbot reports hinting that syzbot might fool nsim_dev_trap_report_work() with hundreds of ports [1] Lets use cond_resched(), and system_unbound_wq instead of implicit system_wq. [1] INFO: task syz-executor:20633 blocked for more than 143 seconds. Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor state:D stack:25856 pid:20633 tgid:20633 ppid:1 flags:0x00004006 ... NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events nsim_dev_trap_report_work RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210 Code: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0 RSP: 0018:ffffc90000a187e8 EFLAGS: 00000246 RAX: 0000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00 RDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577 R10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000 R13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00 FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Call Trace: <NMI> </NMI> <TASK> __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382 spin_unlock_bh include/linux/spinlock.h:396 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline] nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK>

7.8
2024-11-07 CVE-2024-50158 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix out of bound check Driver exports pacing stats only on GenP5 and P7 adapters.

7.8
2024-11-07 CVE-2024-50159 Linux Double Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() Clang static checker(scan-build) throws below warning: | drivers/firmware/arm_scmi/driver.c:line 2915, column 2 | Attempt to free released memory. When devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup() will run twice which causes double free of 'dbg->name'. Remove the redundant scmi_debugfs_common_cleanup() to fix this problem.

7.8
2024-11-06 CVE-2024-34678 Samsung Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0/14.0

Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.

7.8
2024-11-05 CVE-2024-50112 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: x86/lam: Disable ADDRESS_MASKING in most cases Linear Address Masking (LAM) has a weakness related to transient execution as described in the SLAM paper[1].

7.8
2024-11-05 CVE-2024-50114 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller has managed to trigger a use-after-free when tearing down a VM: BUG: KASAN: slab-use-after-free in kvm_put_kvm+0x300/0xe68 virt/kvm/kvm_main.c:5769 Read of size 8 at addr ffffff801c6890d0 by task syz.3.2219/10758 CPU: 3 UID: 0 PID: 10758 Comm: syz.3.2219 Not tainted 6.11.0-rc6-dirty #64 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x17c/0x1a8 arch/arm64/kernel/stacktrace.c:317 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:324 __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x94/0xc0 lib/dump_stack.c:119 print_report+0x144/0x7a4 mm/kasan/report.c:377 kasan_report+0xcc/0x128 mm/kasan/report.c:601 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381 kvm_put_kvm+0x300/0xe68 virt/kvm/kvm_main.c:5769 kvm_vm_release+0x4c/0x60 virt/kvm/kvm_main.c:1409 __fput+0x198/0x71c fs/file_table.c:422 ____fput+0x20/0x30 fs/file_table.c:450 task_work_run+0x1cc/0x23c kernel/task_work.c:228 do_notify_resume+0x144/0x1a0 include/linux/resume_user_mode.h:50 el0_svc+0x64/0x68 arch/arm64/kernel/entry-common.c:169 el0t_64_sync_handler+0x90/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Upon closer inspection, it appears that we do not properly tear down the MMIO registration for a vCPU that fails creation late in the game, e.g. a vCPU w/ the same ID already exists in the VM. It is important to consider the context of commit that introduced this bug by moving the unregistration out of __kvm_vgic_vcpu_destroy().

7.8
2024-11-05 CVE-2024-50121 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the normal case, when we excute `echo 0 > /proc/fs/nfsd/threads`, the function `nfs4_state_destroy_net` in `nfs4_state_shutdown_net` will release all resources related to the hashed `nfs4_client`.

7.8
2024-11-05 CVE-2024-50124 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list.

7.8
2024-11-05 CVE-2024-50125 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list.

7.8
2024-11-05 CVE-2024-50126 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: sched: use RCU read-side critical section in taprio_dump() Fix possible use-after-free in 'taprio_dump()' by adding RCU read-side critical section there.

7.8
2024-11-05 CVE-2024-50127 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->current_entry_lock' is too small to prevent from such a scenario (which causes use-after-free detected by KASAN).

7.8
2024-11-05 CVE-2024-50129 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: pse-pd: Fix out of bound for loop Adjust the loop limit to prevent out-of-bounds access when iterating over PI structures.

7.8
2024-11-05 CVE-2024-50130 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: must hold reference on net namespace BUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0 Read of size 8 at addr ffff8880106fe400 by task repro/72= bpf_nf_link_release+0xda/0x1e0 bpf_link_free+0x139/0x2d0 bpf_link_release+0x68/0x80 __fput+0x414/0xb60 Eric says: It seems that bpf was able to defer the __nf_unregister_net_hook() after exit()/close() time. Perhaps a netns reference is missing, because the netns has been dismantled/freed already. bpf_nf_link_attach() does : link->net = net; But I do not see a reference being taken on net. Add such a reference and release it after hook unreg. Note that I was unable to get syzbot reproducer to work, so I do not know if this resolves this splat.

7.8
2024-11-05 CVE-2024-50131 Linux Classic Buffer Overflow vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte.

7.8
2024-11-05 CVE-2024-49522 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-05 CVE-2024-47255 2N Unspecified vulnerability in 2N Access Commander

In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution with root permissions.

7.8
2024-11-05 CVE-2024-47137 Openatom Out-of-bounds Write vulnerability in Openatom Openharmony

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.

7.8
2024-11-05 CVE-2024-47404 Openatom Double Free vulnerability in Openatom Openharmony

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.

7.8
2024-11-05 CVE-2024-47797 Openatom Out-of-bounds Write vulnerability in Openatom Openharmony

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.

7.8
2024-11-04 CVE-2024-33033 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption while processing IOCTL calls to unmap the buffers.

7.8
2024-11-04 CVE-2024-38409 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption while station LL statistic handling.

7.8
2024-11-04 CVE-2024-38410 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.

7.8
2024-11-04 CVE-2024-38415 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption while handling session errors from firmware.

7.8
2024-11-04 CVE-2024-38419 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

7.8
2024-11-04 CVE-2024-38421 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption while processing GPU commands.

7.8
2024-11-04 CVE-2024-38422 Qualcomm Unspecified vulnerability in Qualcomm products

Memory corruption while processing voice packet with arbitrary data received from ADSP.

7.8
2024-11-04 CVE-2024-38423 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption while processing GPU page table switch.

7.8
2024-11-04 CVE-2024-38424 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption during GNSS HAL process initialization.

7.8
2024-11-07 CVE-2024-10967 Anisha SQL Injection vulnerability in Anisha E-Health Care System 1.0

A vulnerability was found in code-projects E-Health Care System 1.0.

7.5
2024-11-07 CVE-2023-1973 A flaw was found in Undertow package.
7.5
2024-11-06 CVE-2024-6861 A disclosure of sensitive information flaw was found in foreman via the GraphQL API.
7.5
2024-11-06 CVE-2024-10028 Everestthemes Insecure Storage of Sensitive Information vulnerability in Everestthemes Everest Backup

The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process.

7.5
2024-11-05 CVE-2024-9579 HP Command Injection vulnerability in HP products

A potential vulnerability was discovered in certain Poly video conferencing devices.

7.5
2024-11-05 CVE-2024-51518 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful exploitation of this vulnerability may affect availability.

7.5
2024-11-05 CVE-2024-51523 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

7.5
2024-11-05 CVE-2024-10808 Anisha SQL Injection vulnerability in Anisha E-Health Care System 1.0

A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical.

7.5
2024-11-05 CVE-2024-10809 Anisha SQL Injection vulnerability in Anisha E-Health Care System 1.0

A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical.

7.5
2024-11-05 CVE-2024-10810 Anisha SQL Injection vulnerability in Anisha E-Health Care System 1.0

A vulnerability was found in code-projects E-Health Care System 1.0.

7.5
2024-11-04 CVE-2024-51326 Projectworlds SQL Injection vulnerability in Projectworlds Travel Management System 1.0

SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php.

7.5
2024-11-04 CVE-2024-48809 Aetherproject Allocation of Resources Without Limits or Throttling vulnerability in Aetherproject Onos-A1T and Sdran-In-A-Box

An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specifically the DeleteWatcher function.

7.5
2024-11-04 CVE-2024-50528 Stacksmarket Unspecified vulnerability in Stacksmarket Stacks Mobile APP Builder

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.

7.5
2024-11-04 CVE-2024-51561 63Moons Unspecified vulnerability in 63Moons Aero and Wave 2.0

This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints.

7.5
2024-11-04 CVE-2024-10760 Anisha SQL Injection vulnerability in Anisha University Event Management System 1.0

A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical.

7.5
2024-11-08 CVE-2024-11026 Free NOW Use of Hard-coded Credentials vulnerability in Free-Now Freenow 12.10.0

A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android.

7.4
2024-11-07 CVE-2024-10963 A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames.
7.4
2024-11-10 CVE-2024-10958 Wppa Code Injection vulnerability in Wppa WP Photo Album Plus

The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 .

7.3
2024-11-09 CVE-2024-10261 The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0.
7.3
2024-11-09 CVE-2024-10640 The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2.
7.3
2024-11-08 CVE-2024-45759 Dell Unspecified vulnerability in Dell Data Domain Operating System

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability.

7.3
2024-11-06 CVE-2024-34676 Samsung Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0/14.0

Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.

7.3
2024-11-05 CVE-2024-10263 Tickera Code Injection vulnerability in Tickera

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4.

7.3
2024-11-10 CVE-2024-11058 Surajkumarvishwakarma Injection vulnerability in Surajkumarvishwakarma Real Estate Management System

A vulnerability was found in CodeAstro Real Estate Management System up to 1.0.

7.2
2024-11-08 CVE-2024-51152 Alexstack Unrestricted Upload of File with Dangerous Type vulnerability in Alexstack Laravel CMS

File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component.

7.2
2024-11-08 CVE-2024-45763 Dell OS Command Injection vulnerability in Dell Enterprise Sonic Distribution

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability.

7.2
2024-11-08 CVE-2024-45765 Dell OS Command Injection vulnerability in Dell Enterprise Sonic Distribution

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability.

7.2
2024-11-08 CVE-2024-10999 Surajkumarvishwakarma Unrestricted Upload of File with Dangerous Type vulnerability in Surajkumarvishwakarma Real Estate Management System 1.0

A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0.

7.2
2024-11-08 CVE-2024-11000 Surajkumarvishwakarma Unrestricted Upload of File with Dangerous Type vulnerability in Surajkumarvishwakarma Real Estate Management System 1.0

A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0.

7.2
2024-11-08 CVE-2024-48010 Dell Unspecified vulnerability in Dell Data Domain Operating System

Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability.

7.2
2024-11-05 CVE-2024-49774 Salesagility Unspecified vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application.

7.2
2024-11-05 CVE-2024-47253 2N Path Traversal vulnerability in 2N Access Commander

In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution.

7.2
2024-11-05 CVE-2024-47254 2N Unspecified vulnerability in 2N Access Commander

In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system.

7.2
2024-11-04 CVE-2024-51672 Wpdeveloper SQL Injection vulnerability in Wpdeveloper Betterlinks

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPDeveloper BetterLinks allows SQL Injection.This issue affects BetterLinks: from n/a through 2.1.7.

7.2
2024-11-04 CVE-2024-51661 Davidlingren OS Command Injection vulnerability in Davidlingren Media Library Assistant

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19.

7.2
2024-11-09 CVE-2024-50227 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix KASAN reported stack out-of-bounds read in tb_retimer_scan() KASAN reported following issue: BUG: KASAN: stack-out-of-bounds in tb_retimer_scan+0xffe/0x1550 [thunderbolt] Read of size 4 at addr ffff88810111fc1c by task kworker/u56:0/11 CPU: 0 UID: 0 PID: 11 Comm: kworker/u56:0 Tainted: G U 6.11.0+ #1387 Tainted: [U]=USER Workqueue: thunderbolt0 tb_handle_hotplug [thunderbolt] Call Trace: <TASK> dump_stack_lvl+0x6c/0x90 print_report+0xd1/0x630 kasan_report+0xdb/0x110 __asan_report_load4_noabort+0x14/0x20 tb_retimer_scan+0xffe/0x1550 [thunderbolt] tb_scan_port+0xa6f/0x2060 [thunderbolt] tb_handle_hotplug+0x17b1/0x3080 [thunderbolt] process_one_work+0x626/0x1100 worker_thread+0x6c8/0xfa0 kthread+0x2c8/0x3a0 ret_from_fork+0x3a/0x80 ret_from_fork_asm+0x1a/0x30 This happens because the loop variable still gets incremented by one so max becomes 3 instead of 2, and this makes the second loop read past the the array declared on the stack. Fix this by assigning to max directly in the loop body.

7.1
2024-11-09 CVE-2024-50247 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check if more than chunk-size bytes are written A incorrectly formatted chunk may decompress into more than LZNT_CHUNK_SIZE bytes and a index out of bounds will occur in s_max_off.

7.1
2024-11-09 CVE-2024-50250 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fsdax: dax_unshare_iter needs to copy entire blocks The code that copies data from srcmap to iomap in dax_unshare_iter is very very broken, which bfoster's recent fsx changes have exposed. If the pos and len passed to dax_file_unshare are not aligned to an fsblock boundary, the iter pos and length in the _iter function will reflect this unalignment. dax_iomap_direct_access always returns a pointer to the start of the kmapped fsdax page, even if its pos argument is in the middle of that page.

7.1
2024-11-08 CVE-2024-50193 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: x86/entry_32: Clear CPU buffers after register restore in NMI return CPU buffers are currently cleared after call to exc_nmi, but before register state is restored.

7.1
2024-11-07 CVE-2024-50164 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEM_UNINIT's meaning Lonial reported an issue in the BPF verifier where check_mem_size_reg() has the following code: if (!tnum_is_const(reg->var_off)) /* For unprivileged variable accesses, disable raw * mode so that the program is required to * initialize all the memory that the helper could * just partially fill up. */ meta = NULL; This means that writes are not checked when the register containing the size of the passed buffer has not a fixed size.

7.1
2024-11-06 CVE-2024-34679 Samsung Incorrect Default Permissions vulnerability in Samsung Android 14.0

Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.

7.1
2024-11-06 CVE-2024-49401 Samsung Unspecified vulnerability in Samsung Android 13.0/14.0

Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.

7.1
2024-11-05 CVE-2024-50115 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforce 32-byte alignment of nCR3. In the absolute worst case scenario, failure to ignore bits 4:0 can result in an out-of-bounds read, e.g.

7.1
2024-11-05 CVE-2024-50123 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPF_LINK_TYPE invocation for sockmap There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap link fd.

7.1
2024-11-05 CVE-2024-50128 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: wwan: fix global oob in wwan_rtnl_policy The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes.

7.1
2024-11-04 CVE-2024-51127 Redhat Unspecified vulnerability in Redhat Hornetq

An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information.

7.1
2024-11-04 CVE-2024-45164 Akamai Incorrect Authorization vulnerability in Akamai Secure Internet Access Enterprise Threatavert 19.2.0.2

Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page.

7.1
2024-11-09 CVE-2024-50234 Linux Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlegacy: Clear stale interrupts before resuming device iwl4965 fails upon resume from hibernation on my laptop.

7.0
2024-11-07 CVE-2024-50154 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Martin KaFai Lau reported use-after-free [0] in reqsk_timer_handler(). """ We are seeing a use-after-free from a bpf prog attached to trace_tcp_retransmit_synack.

7.0
2024-11-05 CVE-2024-50106 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client sending free_stateid operation.

7.0
2024-11-04 CVE-2024-38406 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Memory corruption while handling IOCTL calls in JPEG Encoder driver.

7.0
2024-11-04 CVE-2024-38407 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.

7.0

315 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-11-08 CVE-2024-40239 Hitbytes Unspecified vulnerability in Hitbytes Life 17.5.0

An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function.

6.8
2024-11-08 CVE-2024-40240 Homeserve Unspecified vulnerability in Homeserve 3.3.4

An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function.

6.8
2024-11-06 CVE-2024-49408 Samsung Out-of-bounds Write vulnerability in Samsung Galaxy S24 Firmware

Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory.

6.7
2024-11-06 CVE-2024-49409 Samsung Out-of-bounds Write vulnerability in Samsung Galaxy S24 Firmware

Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory.

6.7
2024-11-04 CVE-2024-23377 Qualcomm Unspecified vulnerability in Qualcomm products

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

6.7
2024-11-04 CVE-2024-23386 Qualcomm Unspecified vulnerability in Qualcomm products

memory corruption when WiFi display APIs are invoked with large random inputs.

6.7
2024-11-04 CVE-2024-33029 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption while handling the PDR in driver for getting the remote heap maps.

6.7
2024-11-04 CVE-2024-33030 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than expected size.

6.7
2024-11-04 CVE-2024-33031 Qualcomm Unspecified vulnerability in Qualcomm products

Memory corruption while processing the update SIM PB records request.

6.7
2024-11-04 CVE-2024-33032 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

6.7
2024-11-04 CVE-2024-20114 Google Out-of-bounds Write vulnerability in Google Android

In ccu, there is a possible out of bounds write due to a missing bounds check.

6.7
2024-11-09 CVE-2024-10294 The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0.
6.5
2024-11-09 CVE-2024-9262 The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1 via the getUser() due to missing validation on a user controlled key.
6.5
2024-11-08 CVE-2024-51030 Oretnom23 SQL Injection vulnerability in Oretnom23 CAB Management System 1.0

A SQL injection vulnerability in manage_client.php and view_cab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sensitive data within the database.

6.5
2024-11-08 CVE-2024-10987 Anisha SQL Injection vulnerability in Anisha E-Health Care System 1.0

A vulnerability was found in code-projects E-Health Care System 1.0.

6.5
2024-11-08 CVE-2024-10989 Anisha SQL Injection vulnerability in Anisha E-Health Care System 1.0

A vulnerability classified as critical has been found in code-projects E-Health Care System 1.0.

6.5
2024-11-08 CVE-2024-48011 Dell Unspecified vulnerability in Dell Data Domain Operating System

Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability.

6.5
2024-11-07 CVE-2024-10965 Emqx Unspecified vulnerability in Emqx Neuron

A vulnerability classified as problematic was found in emqx neuron up to 2.10.0.

6.5
2024-11-06 CVE-2024-20531 Cisco Server-Side Request Forgery (SSRF) vulnerability in Cisco Identity Services Engine

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device.

6.5
2024-11-06 CVE-2024-20537 Cisco Incorrect Authorization vulnerability in Cisco Identity Services Engine

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions.

6.5
2024-11-06 CVE-2024-9681 Haxx Incorrect Comparison vulnerability in Haxx Curl

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where the first host is a subdomain of the second host. (The HSTS cache either needs to have been populated manually or there needs to have been previous HTTPS accesses done as the cache needs to have entries for the domains involved to trigger this problem.) When `x.example.com` responds with `Strict-Transport-Security:` headers, this bug can make the subdomain's expiry timeout *bleed over* and get set for the parent domain `example.com` in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to `example.com` get converted to HTTPS for a different period of time than what was asked for by the origin server.

6.5
2024-11-05 CVE-2024-49773 Salesagility SQL Injection vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application.

6.5
2024-11-05 CVE-2023-29115 Enelx Unspecified vulnerability in Enelx Waybox PRO Firmware

In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g.

6.5
2024-11-04 CVE-2024-51408 Appsmith Server-Side Request Forgery (SSRF) vulnerability in Appsmith

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.

6.5
2024-11-04 CVE-2024-51556 63Moons Use of a Broken or Risky Cryptographic Algorithm vulnerability in 63Moons Aero and Wave 2.0

This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response.

6.5
2024-11-04 CVE-2024-51557 63Moons Allocation of Resources Without Limits or Throttling vulnerability in 63Moons Aero and Wave 2.0

This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint.

6.5
2024-11-04 CVE-2024-51559 63Moons Unspecified vulnerability in 63Moons Aero and Wave 2.0

This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints.

6.5
2024-11-04 CVE-2024-23385 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

6.5
2024-11-04 CVE-2024-33068 Qualcomm Use After Free vulnerability in Qualcomm products

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

6.5
2024-11-04 CVE-2024-38403 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS while parsing BTM ML IE when per STA profile is not included.

6.5
2024-11-04 CVE-2024-38405 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS while processing the CU information from RNR IE.

6.5
2024-11-04 CVE-2024-10750 Tenda NULL Pointer Dereference vulnerability in Tenda I22 Firmware 1.0.0.3(4687)

A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic.

6.5
2024-11-09 CVE-2024-10814 The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the ce_get_file() function.
6.4
2024-11-09 CVE-2024-8960 The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping.
6.4
2024-11-09 CVE-2024-9270 The Lenxel Core for Lenxel(LNX) LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping.
6.4
2024-11-08 CVE-2024-10621 The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pw_map shortcode in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-11-07 CVE-2024-8442 The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Blog widget in all versions up to, and including, 3.15.18 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-11-05 CVE-2024-10340 The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-11-09 CVE-2024-50251 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it checks that the expected length to be included in the checksum calculation is fully consumed.

6.2
2024-11-10 CVE-2024-10265 10Web Cross-site Scripting vulnerability in 10Web Form Maker

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30.

6.1
2024-11-09 CVE-2024-10683 The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3.1.
6.1
2024-11-09 CVE-2024-10876 The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.8.3.
6.1
2024-11-09 CVE-2024-9226 The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.6.
6.1
2024-11-08 CVE-2024-9841 Microfocus Cross-site Scripting vulnerability in Microfocus Arcsight Management Center and Arcsight Platform

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform.

6.1
2024-11-07 CVE-2024-10922 The Featured Posts Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.25.
6.1
2024-11-06 CVE-2024-10927 Monocms Cross-site Scripting vulnerability in Monocms 1.0

A vulnerability was found in MonoCMS up to 20240528.

6.1
2024-11-06 CVE-2024-10928 Monocms Cross-site Scripting vulnerability in Monocms 1.0

A vulnerability was found in MonoCMS up to 20240528.

6.1
2024-11-06 CVE-2024-20525 Cisco Cross-site Scripting vulnerability in Cisco Identity Services Engine

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.

6.1
2024-11-06 CVE-2024-20530 Cisco Cross-site Scripting vulnerability in Cisco Identity Services Engine

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.

6.1
2024-11-06 CVE-2024-20538 Cisco Cross-site Scripting vulnerability in Cisco Identity Services Engine

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input.

6.1
2024-11-06 CVE-2024-10647 Westguardsolutions Cross-site Scripting vulnerability in Westguardsolutions WS Form

The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.244.

6.1
2024-11-05 CVE-2024-9667 Castos Cross-site Scripting vulnerability in Castos Seriously Simple Podcasting

The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.0.

6.1
2024-11-05 CVE-2023-34443 Combodo Cross-site Scripting vulnerability in Combodo Itop

Combodo iTop is a simple, web based IT Service Management tool.

6.1
2024-11-05 CVE-2023-34444 Combodo Cross-site Scripting vulnerability in Combodo Itop

Combodo iTop is a simple, web based IT Service Management tool.

6.1
2024-11-05 CVE-2023-34445 Combodo Cross-site Scripting vulnerability in Combodo Itop

Combodo iTop is a simple, web based IT Service Management tool.

6.1
2024-11-05 CVE-2024-31448 Combodo Cross-site Scripting vulnerability in Combodo Itop

Combodo iTop is a simple, web based IT Service Management tool.

6.1
2024-11-04 CVE-2024-9147 BNA Cross-site Scripting vulnerability in BNA Pospratik

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.This issue affects PosPratik: before v3.2.1.

6.1
2024-11-04 CVE-2024-10754 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Online Shopping Portal 2.0

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0.

6.1
2024-11-04 CVE-2024-10755 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Online Shopping Portal 2.0

A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0.

6.1
2024-11-04 CVE-2024-10756 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Online Shopping Portal 2.0

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0.

6.1
2024-11-04 CVE-2024-10757 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Online Shopping Portal 2.0

A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0.

6.1
2024-11-04 CVE-2024-10746 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Online Shopping Portal 2.0

A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0.

6.1
2024-11-04 CVE-2024-10747 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Online Shopping Portal 2.0

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0.

6.1
2024-11-05 CVE-2024-32870 Combodo Unspecified vulnerability in Combodo Itop

Combodo iTop is a simple, web based IT Service Management tool.

5.8
2024-11-10 CVE-2024-46955 Artifex
Debian
Suse
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0.

5.5
2024-11-09 CVE-2024-50213 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic() modprobe drm_hdmi_state_helper_test and then rmmod it, the following memory leak occurs. The `mode` allocated in drm_mode_duplicate() called by drm_display_mode_from_cea_vic() is not freed, which cause the memory leak: unreferenced object 0xffffff80ccd18100 (size 128): comm "kunit_try_catch", pid 1851, jiffies 4295059695 hex dump (first 32 bytes): 57 62 00 00 80 02 90 02 f0 02 20 03 00 00 e0 01 Wb........

5.5
2024-11-09 CVE-2024-50214 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic() modprobe drm_connector_test and then rmmod drm_connector_test, the following memory leak occurs. The `mode` allocated in drm_mode_duplicate() called by drm_display_mode_from_cea_vic() is not freed, which cause the memory leak: unreferenced object 0xffffff80cb0ee400 (size 128): comm "kunit_try_catch", pid 1948, jiffies 4294950339 hex dump (first 32 bytes): 14 44 02 00 80 07 d8 07 04 08 98 08 00 00 38 04 .D............8. 3c 04 41 04 65 04 00 00 05 00 00 00 00 00 00 00 <.A.e........... backtrace (crc 90e9585c): [<00000000ec42e3d7>] kmemleak_alloc+0x34/0x40 [<00000000d0ef055a>] __kmalloc_cache_noprof+0x26c/0x2f4 [<00000000c2062161>] drm_mode_duplicate+0x44/0x19c [<00000000f96c74aa>] drm_display_mode_from_cea_vic+0x88/0x98 [<00000000d8f2c8b4>] 0xffffffdc982a4868 [<000000005d164dbc>] kunit_try_run_case+0x13c/0x3ac [<000000006fb23398>] kunit_generic_run_threadfn_adapter+0x80/0xec [<000000006ea56ca0>] kthread+0x2e8/0x374 [<000000000676063f>] ret_from_fork+0x10/0x20 ...... Free `mode` by using drm_kunit_display_mode_from_cea_vic() to fix it.

5.5
2024-11-09 CVE-2024-50223 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: sched/numa: Fix the potential null pointer dereference in task_numa_work() When running stress-ng-vm-segv test, we found a null pointer dereference error in task_numa_work().

5.5
2024-11-09 CVE-2024-50224 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: Fix crash when not using GPIO chip select Add check for the return value of spi_get_csgpiod() to avoid passing a NULL pointer to gpiod_direction_output(), preventing a crash when GPIO chip select is not used. Fix below crash: [ 4.251960] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 4.260762] Mem abort info: [ 4.263556] ESR = 0x0000000096000004 [ 4.267308] EC = 0x25: DABT (current EL), IL = 32 bits [ 4.272624] SET = 0, FnV = 0 [ 4.275681] EA = 0, S1PTW = 0 [ 4.278822] FSC = 0x04: level 0 translation fault [ 4.283704] Data abort info: [ 4.286583] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 4.292074] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 4.297130] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 4.302445] [0000000000000000] user address but active_mm is swapper [ 4.308805] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 4.315072] Modules linked in: [ 4.318124] CPU: 2 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc4-next-20241023-00008-ga20ec42c5fc1 #359 [ 4.328130] Hardware name: LS1046A QDS Board (DT) [ 4.332832] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 4.339794] pc : gpiod_direction_output+0x34/0x5c [ 4.344505] lr : gpiod_direction_output+0x18/0x5c [ 4.349208] sp : ffff80008003b8f0 [ 4.352517] x29: ffff80008003b8f0 x28: 0000000000000000 x27: ffffc96bcc7e9068 [ 4.359659] x26: ffffc96bcc6e00b0 x25: ffffc96bcc598398 x24: ffff447400132810 [ 4.366800] x23: 0000000000000000 x22: 0000000011e1a300 x21: 0000000000020002 [ 4.373940] x20: 0000000000000000 x19: 0000000000000000 x18: ffffffffffffffff [ 4.381081] x17: ffff44740016e600 x16: 0000000500000003 x15: 0000000000000007 [ 4.388221] x14: 0000000000989680 x13: 0000000000020000 x12: 000000000000001e [ 4.395362] x11: 0044b82fa09b5a53 x10: 0000000000000019 x9 : 0000000000000008 [ 4.402502] x8 : 0000000000000002 x7 : 0000000000000007 x6 : 0000000000000000 [ 4.409641] x5 : 0000000000000200 x4 : 0000000002000000 x3 : 0000000000000000 [ 4.416781] x2 : 0000000000022202 x1 : 0000000000000000 x0 : 0000000000000000 [ 4.423921] Call trace: [ 4.426362] gpiod_direction_output+0x34/0x5c (P) [ 4.431067] gpiod_direction_output+0x18/0x5c (L) [ 4.435771] dspi_setup+0x220/0x334

5.5
2024-11-09 CVE-2024-50225 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix error propagation of split bios The purpose of btrfs_bbio_propagate_error() shall be propagating an error of split bio to its original btrfs_bio, and tell the error to the upper layer.

5.5
2024-11-09 CVE-2024-50229 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential deadlock with newly created symlinks Syzbot reported that page_symlink(), called by nilfs_symlink(), triggers memory reclamation involving the filesystem layer, which can result in circular lock dependencies among the reader/writer semaphore nilfs->ns_segctor_sem, s_writers percpu_rwsem (intwrite) and the fs_reclaim pseudo lock. This is because after commit 21fc61c73c39 ("don't put symlink bodies in pagecache into highmem"), the gfp flags of the page cache for symbolic links are overwritten to GFP_KERNEL via inode_nohighmem(). This is not a problem for symlinks read from the backing device, because the __GFP_FS flag is dropped after inode_nohighmem() is called.

5.5
2024-11-09 CVE-2024-50231 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() modprobe iio-test-gts and rmmod it, then the following memory leak occurs: unreferenced object 0xffffff80c810be00 (size 64): comm "kunit_try_catch", pid 1654, jiffies 4294913981 hex dump (first 32 bytes): 02 00 00 00 08 00 00 00 20 00 00 00 40 00 00 00 ........

5.5
2024-11-09 CVE-2024-50232 Linux Divide By Zero vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() In the ad7124_write_raw() function, parameter val can potentially be zero.

5.5
2024-11-09 CVE-2024-50233 Linux Divide By Zero vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() In the ad9832_write_frequency() function, clk_get_rate() might return 0. This can lead to a division by zero when calling ad9832_calc_freqreg(). The check if (fout > (clk_get_rate(st->mclk) / 2)) does not protect against the case when fout is 0.

5.5
2024-11-09 CVE-2024-50236 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: Fix memory leak in management tx In the current logic, memory is allocated for storing the MSDU context during management packet TX but this memory is not being freed during management TX completion.

5.5
2024-11-09 CVE-2024-50237 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Avoid potentially crashing in the driver because of uninitialized private data

5.5
2024-11-09 CVE-2024-50238 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation") removed most users of the platform device driver data from the qcom-qmp-usb driver, but mistakenly also removed the initialisation despite the data still being used in the runtime PM callbacks.

5.5
2024-11-09 CVE-2024-50239 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation") removed most users of the platform device driver data from the qcom-qmp-usb driver, but mistakenly also removed the initialisation despite the data still being used in the runtime PM callbacks.

5.5
2024-11-09 CVE-2024-50240 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: phy: qcom: qmp-usb: fix NULL-deref on runtime suspend Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation") removed most users of the platform device driver data, but mistakenly also removed the initialisation despite the data still being used in the runtime PM callbacks. Restore the driver data initialisation at probe to avoid a NULL-pointer dereference on runtime suspend. Apparently no one uses runtime PM, which currently needs to be enabled manually through sysfs, with this driver.

5.5
2024-11-09 CVE-2024-50241 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: NFSD: Initialize struct nfsd4_copy earlier Ensure the refcount and async_copies fields are initialized early. cleanup_async_copy() will reference these fields if an error occurs in nfsd4_copy().

5.5
2024-11-09 CVE-2024-50243 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix general protection fault in run_is_mapped_full Fixed deleating of a non-resident attribute in ntfs_create_inode() rollback.

5.5
2024-11-09 CVE-2024-50244 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional check in ni_clear() Checking of NTFS_FLAGS_LOG_REPLAYING added to prevent access to uninitialized bitmap during replay process.

5.5
2024-11-09 CVE-2024-50245 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix possible deadlock in mi_read Mutex lock with another subclass used in ni_lock_dir().

5.5
2024-11-09 CVE-2024-50248 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ntfs3: Add bounds checking to mi_enum_attr() Added bounds checking to make sure that every attr don't stray beyond valid memory region.

5.5
2024-11-09 CVE-2024-50249 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Make rmw_lock a raw_spin_lock The following BUG was triggered: ============================= [ BUG: Invalid wait context ] 6.12.0-rc2-XXX #406 Not tainted ----------------------------- kworker/1:1/62 is trying to lock: ffffff8801593030 (&cpc_ptr->rmw_lock){+.+.}-{3:3}, at: cpc_write+0xcc/0x370 other info that might help us debug this: context-{5:5} 2 locks held by kworker/1:1/62: #0: ffffff897ef5ec98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x50 #1: ffffff880154e238 (&sg_policy->update_lock){....}-{2:2}, at: sugov_update_shared+0x3c/0x280 stack backtrace: CPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 Not tainted 6.12.0-rc2-g9654bd3e8806 #406 Workqueue: 0x0 (events) Call trace: dump_backtrace+0xa4/0x130 show_stack+0x20/0x38 dump_stack_lvl+0x90/0xd0 dump_stack+0x18/0x28 __lock_acquire+0x480/0x1ad8 lock_acquire+0x114/0x310 _raw_spin_lock+0x50/0x70 cpc_write+0xcc/0x370 cppc_set_perf+0xa0/0x3a8 cppc_cpufreq_fast_switch+0x40/0xc0 cpufreq_driver_fast_switch+0x4c/0x218 sugov_update_shared+0x234/0x280 update_load_avg+0x6ec/0x7b8 dequeue_entities+0x108/0x830 dequeue_task_fair+0x58/0x408 __schedule+0x4f0/0x1070 schedule+0x54/0x130 worker_thread+0xc0/0x2e8 kthread+0x130/0x148 ret_from_fork+0x10/0x20 sugov_update_shared() locks a raw_spinlock while cpc_write() locks a spinlock. To have a correct wait-type order, update rmw_lock to a raw spinlock and ensure that interrupts will be disabled on the CPU holding it. [ rjw: Changelog edits ]

5.5
2024-11-09 CVE-2024-50252 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address The device stores IPv6 addresses that are used for encapsulation in linear memory that is managed by the driver. Changing the remote address of an ip6gre net device never worked properly, but since cited commit the following reproducer [1] would result in a warning [2] and a memory leak [3].

5.5
2024-11-09 CVE-2024-50253 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the validity of nr_words in bpf_iter_bits_new() Check the validity of nr_words in bpf_iter_bits_new().

5.5
2024-11-09 CVE-2024-50254 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Free dynamically allocated bits in bpf_iter_bits_destroy() bpf_iter_bits_destroy() uses "kit->nr_bits <= 64" to check whether the bits are dynamically allocated.

5.5
2024-11-09 CVE-2024-50255 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Fix __hci_cmd_sync_sk() to return not NULL for unknown opcodes. __hci_cmd_sync_sk() returns NULL if a command returns a status event. However, it also returns NULL where an opcode doesn't exist in the hci_cc table because hci_cmd_complete_evt() assumes status = skb->data[0] for unknown opcodes. This leads to null-ptr-deref in cmd_sync for HCI_OP_READ_LOCAL_CODECS as there is no hci_cc for HCI_OP_READ_LOCAL_CODECS, which always assumes status = skb->data[0]. KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] CPU: 1 PID: 2000 Comm: kworker/u9:5 Not tainted 6.9.0-ga6bcb805883c-dirty #10 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: hci7 hci_power_on RIP: 0010:hci_read_supported_codecs+0xb9/0x870 net/bluetooth/hci_codec.c:138 Code: 08 48 89 ef e8 b8 c1 8f fd 48 8b 75 00 e9 96 00 00 00 49 89 c6 48 ba 00 00 00 00 00 fc ff df 4c 8d 60 70 4c 89 e3 48 c1 eb 03 <0f> b6 04 13 84 c0 0f 85 82 06 00 00 41 83 3c 24 02 77 0a e8 bf 78 RSP: 0018:ffff888120bafac8 EFLAGS: 00010212 RAX: 0000000000000000 RBX: 000000000000000e RCX: ffff8881173f0040 RDX: dffffc0000000000 RSI: ffffffffa58496c0 RDI: ffff88810b9ad1e4 RBP: ffff88810b9ac000 R08: ffffffffa77882a7 R09: 1ffffffff4ef1054 R10: dffffc0000000000 R11: fffffbfff4ef1055 R12: 0000000000000070 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88810b9ac000 FS: 0000000000000000(0000) GS:ffff8881f6c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6ddaa3439e CR3: 0000000139764003 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> hci_read_local_codecs_sync net/bluetooth/hci_sync.c:4546 [inline] hci_init_stage_sync net/bluetooth/hci_sync.c:3441 [inline] hci_init4_sync net/bluetooth/hci_sync.c:4706 [inline] hci_init_sync net/bluetooth/hci_sync.c:4742 [inline] hci_dev_init_sync net/bluetooth/hci_sync.c:4912 [inline] hci_dev_open_sync+0x19a9/0x2d30 net/bluetooth/hci_sync.c:4994 hci_dev_do_open net/bluetooth/hci_core.c:483 [inline] hci_power_on+0x11e/0x560 net/bluetooth/hci_core.c:1015 process_one_work kernel/workqueue.c:3267 [inline] process_scheduled_works+0x8ef/0x14f0 kernel/workqueue.c:3348 worker_thread+0x91f/0xe50 kernel/workqueue.c:3429 kthread+0x2cb/0x360 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

5.5
2024-11-09 CVE-2024-50256 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() I got a syzbot report without a repro [1] crashing in nf_send_reset6() I think the issue is that dev->hard_header_len is zero, and we attempt later to push an Ethernet header. Use LL_MAX_HEADER, as other functions in net/ipv6/netfilter/nf_reject_ipv6.c. [1] skbuff: skb_under_panic: text:ffffffff89b1d008 len:74 put:14 head:ffff88803123aa00 data:ffff88803123a9f2 tail:0x3c end:0x140 dev:syz_tun kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 7373 Comm: syz.1.568 Not tainted 6.12.0-rc2-syzkaller-00631-g6d858708d465 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 Code: 0d 8d 48 c7 c6 60 a6 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 ba 30 38 02 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc900045269b0 EFLAGS: 00010282 RAX: 0000000000000088 RBX: dffffc0000000000 RCX: cd66dacdc5d8e800 RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000 RBP: ffff88802d39a3d0 R08: ffffffff8174afec R09: 1ffff920008a4ccc R10: dffffc0000000000 R11: fffff520008a4ccd R12: 0000000000000140 R13: ffff88803123aa00 R14: ffff88803123a9f2 R15: 000000000000003c FS: 00007fdbee5ff6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000005d322000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_push+0xe5/0x100 net/core/skbuff.c:2636 eth_header+0x38/0x1f0 net/ethernet/eth.c:83 dev_hard_header include/linux/netdevice.h:3208 [inline] nf_send_reset6+0xce6/0x1270 net/ipv6/netfilter/nf_reject_ipv6.c:358 nft_reject_inet_eval+0x3b9/0x690 net/netfilter/nft_reject_inet.c:48 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288 nft_do_chain_inet+0x418/0x6b0 net/netfilter/nft_chain_filter.c:161 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] br_nf_pre_routing_ipv6+0x63e/0x770 net/bridge/br_netfilter_ipv6.c:184 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_bridge_pre net/bridge/br_input.c:277 [inline] br_handle_frame+0x9fd/0x1530 net/bridge/br_input.c:424 __netif_receive_skb_core+0x13e8/0x4570 net/core/dev.c:5562 __netif_receive_skb_one_core net/core/dev.c:5666 [inline] __netif_receive_skb+0x12f/0x650 net/core/dev.c:5781 netif_receive_skb_internal net/core/dev.c:5867 [inline] netif_receive_skb+0x1e8/0x890 net/core/dev.c:5926 tun_rx_batched+0x1b7/0x8f0 drivers/net/tun.c:1550 tun_get_user+0x3056/0x47e0 drivers/net/tun.c:2007 tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2053 new_sync_write fs/read_write.c:590 [inline] vfs_write+0xa6d/0xc90 fs/read_write.c:683 ksys_write+0x183/0x2b0 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fdbeeb7d1ff Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 RSP: 002b:00007fdbee5ff000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007fdbeed36058 RCX: 00007fdbeeb7d1ff RDX: 000000000000008e RSI: 0000000020000040 RDI: 00000000000000c8 RBP: 00007fdbeebf12be R08: 0000000 ---truncated---

5.5
2024-11-09 CVE-2024-50258 Linux Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: fix crash when config small gso_max_size/gso_ipv4_max_size Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow in sk_dst_gso_max_size(), which may trigger a BUG_ON crash, because sk->sk_gso_max_size would be much bigger than device limits. Call Trace: tcp_write_xmit tso_segs = tcp_init_tso_segs(skb, mss_now); tcp_set_skb_tso_segs tcp_skb_pcount_set // skb->len = 524288, mss_now = 8 // u16 tso_segs = 524288/8 = 65535 -> 0 tso_segs = DIV_ROUND_UP(skb->len, mss_now) BUG_ON(!tso_segs) Add check for the minimum value of gso_max_size and gso_ipv4_max_size.

5.5
2024-11-09 CVE-2024-50259 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() This was found by a static analyzer. We should not forget the trailing zero after copy_from_user() if we will further do some string operations, sscanf() in this case.

5.5
2024-11-08 CVE-2024-50173 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() The group variable can't be used to retrieve ptdev in our second loop, because it points to the previously iterated list_head, not a valid group.

5.5
2024-11-08 CVE-2024-50175 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: Remove use_count guard in stop_streaming The use_count check was introduced so that multiple concurrent Raw Data Interfaces RDIs could be driven by different virtual channels VCs on the CSIPHY input driving the video pipeline. This is an invalid use of use_count though as use_count pertains to the number of times a video entity has been opened by user-space not the number of active streams. If use_count and stream-on count don't agree then stop_streaming() will break as is currently the case and has become apparent when using CAMSS with libcamera's released softisp 0.3. The use of use_count like this is a bit hacky and right now breaks regular usage of CAMSS for a single stream case.

5.5
2024-11-08 CVE-2024-50176 Linux Improper Handling of Exceptional Conditions vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: remoteproc: k3-r5: Fix error handling when power-up failed By simply bailing out, the driver was violating its rule and internal assumptions that either both or no rproc should be initialized.

5.5
2024-11-08 CVE-2024-50178 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request() Use raw_smp_processor_id() instead of plain smp_processor_id() in do_service_request(), otherwise we may get some errors with the driver enabled: BUG: using smp_processor_id() in preemptible [00000000] code: (udev-worker)/208 caller is loongson3_cpufreq_probe+0x5c/0x250 [loongson3_cpufreq]

5.5
2024-11-08 CVE-2024-50179 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ceph: remove the incorrect Fw reference check when dirtying pages When doing the direct-io reads it will also try to mark pages dirty, but for the read path it won't hold the Fw caps and there is case will it get the Fw reference.

5.5
2024-11-08 CVE-2024-50181 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D For i.MX7D DRAM related mux clock, the clock source change should ONLY be done done in low level asm code without accessing DRAM, and then calling clk API to sync the HW clock status with clk tree, it should never touch real clock source switch via clk API, so CLK_SET_PARENT_GATE flag should NOT be added, otherwise, DRAM's clock parent will be disabled when DRAM is active, and system will hang.

5.5
2024-11-08 CVE-2024-50182 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfd_secret() if arch cannot set direct map Return -ENOSYS from memfd_secret() syscall if !can_set_direct_map().

5.5
2024-11-08 CVE-2024-50187 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Stop the active perfmon before being destroyed Upon closing the file descriptor, the active performance monitor is not stopped.

5.5
2024-11-08 CVE-2024-50188 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83869: fix memory corruption when enabling fiber When configuring the fiber port, the DP83869 PHY driver incorrectly calls linkmode_set_bit() with a bit mask (1 << 10) rather than a bit number (10).

5.5
2024-11-08 CVE-2024-50189 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() Using the device-managed version allows to simplify clean-up in probe() error path. Additionally, this device-managed ensures proper cleanup, which helps to resolve memory errors, page faults, btrfs going read-only, and btrfs disk corruption.

5.5
2024-11-08 CVE-2024-50194 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Fix uprobes for big-endian kernels The arm64 uprobes code is broken for big-endian kernels as it doesn't convert the in-memory instruction encoding (which is always little-endian) into the kernel's native endianness before analyzing and simulating instructions.

5.5
2024-11-08 CVE-2024-50195 Linux Improper Check for Unusual or Exceptional Conditions vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pc_clock_settime() As Andrew pointed out, it will make sense that the PTP core checked timespec64 struct's tv_sec and tv_nsec range before calling ptp->info->settime64(). As the man manual of clock_settime() said, if tp.tv_sec is negative or tp.tv_nsec is outside the range [0..999,999,999], it should return EINVAL, which include dynamic clocks which handles PTP clock, and the condition is consistent with timespec64_valid().

5.5
2024-11-08 CVE-2024-50196 Linux Improper Check for Unusual or Exceptional Conditions vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: pinctrl: ocelot: fix system hang on level based interrupts The current implementation only calls chained_irq_enter() and chained_irq_exit() if it detects pending interrupts. ``` for (i = 0; i < info->stride; i++) { uregmap_read(info->map, id_reg + 4 * i, &reg); if (!reg) continue; chained_irq_enter(parent_chip, desc); ``` However, in case of GPIO pin configured in level mode and the parent controller configured in edge mode, GPIO interrupt might be lowered by the hardware.

5.5
2024-11-08 CVE-2024-50197 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: pinctrl: intel: platform: fix error path in device_for_each_child_node() The device_for_each_child_node() loop requires calls to fwnode_handle_put() upon early returns to decrement the refcount of the child node and avoid leaking memory if that error path is triggered. There is one early returns within that loop in intel_platform_pinctrl_prepare_community(), but fwnode_handle_put() is missing. Instead of adding the missing call, the scoped version of the loop can be used to simplify the code and avoid mistakes in the future if new early returns are added, as the child node is only used for parsing, and it is never assigned.

5.5
2024-11-08 CVE-2024-50198 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iio: light: veml6030: fix IIO device retrieval from embedded device The dev pointer that is received as an argument in the in_illuminance_period_available_show function references the device embedded in the IIO device, not in the i2c client. dev_to_iio_dev() must be used to accessthe right data.

5.5
2024-11-08 CVE-2024-50201 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix encoder->possible_clones Include the encoder itself in its possible_clones bitmask. In the past nothing validated that drivers were populating possible_clones correctly, but that changed in commit 74d2aacbe840 ("drm: Validate encoder->possible_clones"). Looks like radeon never got the memo and is still not following the rules 100% correctly. This results in some warnings during driver initialization: Bogus possible_clones: [ENCODER:46:TV-46] possible_clones=0x4 (full encoder mask=0x7) WARNING: CPU: 0 PID: 170 at drivers/gpu/drm/drm_mode_config.c:615 drm_mode_config_validate+0x113/0x39c ... (cherry picked from commit 3b6e7d40649c0d75572039aff9d0911864c689db)

5.5
2024-11-08 CVE-2024-50202 Linux Improper Handling of Exceptional Conditions vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails. If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check, for example when it is zero-filled, nilfs_check_folio() may continue to spit out error messages in bursts. Fix this issue by propagating the error to the callers when loading a page/folio fails in nilfs_find_entry(). The current interface of nilfs_find_entry() and its callers is outdated and cannot propagate error codes such as -EIO and -ENOMEM returned via nilfs_find_entry(), so fix it together.

5.5
2024-11-08 CVE-2024-50204 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fs: don't try and remove empty rbtree node When copying a namespace we won't have added the new copy into the namespace rbtree until after the copy succeeded.

5.5
2024-11-08 CVE-2024-50205 Linux Divide By Zero vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() The step variable is initialized to zero.

5.5
2024-11-08 CVE-2024-50206 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init The loop responsible for allocating up to MTK_FQ_DMA_LENGTH buffers must only touch as many descriptors, otherwise it ends up corrupting unrelated memory.

5.5
2024-11-08 CVE-2024-50207 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix reader locking when changing the sub buffer order The function ring_buffer_subbuf_order_set() updates each ring_buffer_per_cpu and installs new sub buffers that match the requested page order.

5.5
2024-11-08 CVE-2024-50208 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Avoid memory corruption while setting up Level-2 PBL pages for the non MR resources when num_pages > 256K. There will be a single PDE page address (contiguous pages in the case of > PAGE_SIZE), but, current logic assumes multiple pages, leading to invalid memory access after 256K PBL entries in the PDE.

5.5
2024-11-08 CVE-2024-50210 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error path should release the lock to make the lock balance and fput the clockid's fd to make the refcount balance and release the fd related resource. However the below commit left the error path locked behind resulting in unbalanced locking.

5.5
2024-11-07 CVE-2024-50139 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix shift-out-of-bounds bug Fix a shift-out-of-bounds bug reported by UBSAN when running VM with MTE enabled host kernel. UBSAN: shift-out-of-bounds in arch/arm64/kvm/sys_regs.c:1988:14 shift exponent 33 is too large for 32-bit type 'int' CPU: 26 UID: 0 PID: 7629 Comm: qemu-kvm Not tainted 6.12.0-rc2 #34 Hardware name: IEI NF5280R7/Mitchell MB, BIOS 00.00.

5.5
2024-11-07 CVE-2024-50140 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: sched/core: Disable page allocation in task_tick_mm_cid() With KASAN and PREEMPT_RT enabled, calling task_work_add() in task_tick_mm_cid() may cause the following splat. [ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe [ 63.696416] preempt_count: 10001, expected: 0 [ 63.696416] RCU nest depth: 1, expected: 1 This problem is caused by the following call trace. sched_tick() [ acquire rq->__lock ] -> task_tick_mm_cid() -> task_work_add() -> __kasan_record_aux_stack() -> kasan_save_stack() -> stack_depot_save_flags() -> alloc_pages_mpol_noprof() -> __alloc_pages_noprof() -> get_page_from_freelist() -> rmqueue() -> rmqueue_pcplist() -> __rmqueue_pcplist() -> rmqueue_bulk() -> rt_spin_lock() The rq lock is a raw_spinlock_t.

5.5
2024-11-07 CVE-2024-50141 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type EFI_CONVENTIONAL_MEMORY, which is not appropriate for runtime services as described in Section 2.2.2 (Runtime Services) of the UEFI Specification [1].

5.5
2024-11-07 CVE-2024-50142 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a ("xfrm: Validate address prefix lengths in the xfrm selector.") syzbot created an SA with usersa.sel.family = AF_UNSPEC usersa.sel.prefixlen_s = 128 usersa.family = AF_INET Because of the AF_UNSPEC selector, verify_newsa_info doesn't put limits on prefixlen_{s,d}.

5.5
2024-11-07 CVE-2024-50144 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/xe: fix unbalanced rpm put() with fence_fini() Currently we can call fence_fini() twice if something goes wrong when sending the GuC CT for the tlb request, since we signal the fence and return an error, leading to the caller also calling fini() on the error path in the case of stack version of the flow, which leads to an extra rpm put() which might later cause device to enter suspend when it shouldn't.

5.5
2024-11-07 CVE-2024-50145 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() build_skb() returns NULL in case of a memory allocation failure so handle it inside __octep_oq_process_rx() to avoid NULL pointer dereference. __octep_oq_process_rx() is called during NAPI polling by the driver.

5.5
2024-11-07 CVE-2024-50146 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't call cleanup on profile rollback failure When profile rollback fails in mlx5e_netdev_change_profile, the netdev profile var is left set to NULL.

5.5
2024-11-07 CVE-2024-50147 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGE_PAGES command, this bit isn't Initialize during command bitmask Initialization, only during MANAGE_PAGES. In addition, mlx5_cmd_trigger_completions() is trying to trigger completion for MANAGE_PAGES command as well. Hence, in case health error occurred before any MANAGE_PAGES command have been invoke (for example, during mlx5_enable_hca()), mlx5_cmd_trigger_completions() will try to trigger completion for MANAGE_PAGES command, which will result in null-ptr-deref error.[1] Fix it by Initialize command bitmask correctly. While at it, re-write the code for better understanding. [1] BUG: KASAN: null-ptr-deref in mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core] Write of size 4 at addr 0000000000000214 by task kworker/u96:2/12078 CPU: 10 PID: 12078 Comm: kworker/u96:2 Not tainted 6.9.0-rc2_for_upstream_debug_2024_04_07_19_01 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5_health0000:08:00.0 mlx5_fw_fatal_reporter_err_work [mlx5_core] Call Trace: <TASK> dump_stack_lvl+0x7e/0xc0 kasan_report+0xb9/0xf0 kasan_check_range+0xec/0x190 mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core] mlx5_cmd_flush+0x94/0x240 [mlx5_core] enter_error_state+0x6c/0xd0 [mlx5_core] mlx5_fw_fatal_reporter_err_work+0xf3/0x480 [mlx5_core] process_one_work+0x787/0x1490 ? lockdep_hardirqs_on_prepare+0x400/0x400 ? pwq_dec_nr_in_flight+0xda0/0xda0 ? assign_work+0x168/0x240 worker_thread+0x586/0xd30 ? rescuer_thread+0xae0/0xae0 kthread+0x2df/0x3b0 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x2d/0x70 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork_asm+0x11/0x20 </TASK>

5.5
2024-11-07 CVE-2024-50148 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in proto_unregister There's issue as follows: KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f] CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W RIP: 0010:proto_unregister+0xee/0x400 Call Trace: <TASK> __do_sys_delete_module+0x318/0x580 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f As bnep_init() ignore bnep_sock_init()'s return value, and bnep_sock_init() will cleanup all resource.

5.5
2024-11-07 CVE-2024-50149 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't free job in TDR Freeing job in TDR is not safe as TDR can pass the run_job thread resulting in UAF.

5.5
2024-11-07 CVE-2024-50152 Linux Double Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix possible double free in smb2_set_ea() Clang static checker(scan-build) warning: fs/smb/client/smb2ops.c:1304:2: Attempt to free released memory. 1304 | kfree(ea); | ^~~~~~~~~ There is a double free in such case: 'ea is initialized to NULL' -> 'first successful memory allocation for ea' -> 'something failed, goto sea_exit' -> 'first memory release for ea' -> 'goto replay_again' -> 'second goto sea_exit before allocate memory for ea' -> 'second memory release for ea resulted in double free'. Re-initialie 'ea' to NULL near to the replay_again label, it can fix this double free problem.

5.5
2024-11-07 CVE-2024-50153 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix null-ptr-deref in target_alloc_device() There is a null-ptr-deref issue reported by KASAN: BUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod] ... kasan_report+0xb9/0xf0 target_alloc_device+0xbc4/0xbe0 [target_core_mod] core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod] target_core_init_configfs+0x205/0x420 [target_core_mod] do_one_initcall+0xdd/0x4e0 ... entry_SYSCALL_64_after_hwframe+0x76/0x7e In target_alloc_device(), if allocing memory for dev queues fails, then dev will be freed by dev->transport->free_device(), but dev->transport is not initialized at that time, which will lead to a null pointer reference problem. Fixing this bug by freeing dev with hba->backend->ops->free_device().

5.5
2024-11-07 CVE-2024-50156 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() If the allocation in msm_disp_state_dump_regs() failed then `block->state` can be NULL.

5.5
2024-11-07 CVE-2024-50157 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop Driver waits indefinitely for the fifo occupancy to go below a threshold as soon as the pacing interrupt is received.

5.5
2024-11-07 CVE-2024-50160 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs8409: Fix possible NULL dereference If snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then NULL pointer dereference will occur in the next line. Since dolphin_fixups function is a hda_fixup function which is not supposed to return any errors, add simple check before dereference, ignore the fail. Found by Linux Verification Center (linuxtesting.org) with SVACE.

5.5
2024-11-07 CVE-2024-50161 Linux Improper Validation of Array Index vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the remaining info_cnt before repeating btf fields When trying to repeat the btf fields for array of nested struct, it doesn't check the remaining info_cnt.

5.5
2024-11-07 CVE-2024-50162 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: devmap: provide rxq after redirect rxq contains a pointer to the device from where the redirect happened.

5.5
2024-11-07 CVE-2024-50163 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Make sure internal and UAPI bpf_redirect flags don't overlap The bpf_redirect_info is shared between the SKB and XDP redirect paths, and the two paths use the same numeric flag values in the ri->flags field (specifically, BPF_F_BROADCAST == BPF_F_NEXTHOP).

5.5
2024-11-07 CVE-2024-50165 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve param->string when parsing mount options In bpf_parse_param(), keep the value of param->string intact so it can be freed later.

5.5
2024-11-07 CVE-2024-50166 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fsl/fman: Fix refcount handling of fman-related devices In mac_probe() there are multiple calls to of_find_device_by_node(), fman_bind() and fman_port_bind() which takes references to of_dev->dev. Not all references taken by these calls are released later on error path in mac_probe() and in mac_remove() which lead to reference leaks. Add references release.

5.5
2024-11-07 CVE-2024-50167 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: be2net: fix potential memory leak in be_xmit() The be_xmit() returns NETDEV_TX_OK without freeing skb in case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it.

5.5
2024-11-07 CVE-2024-50168 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() The sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skb in case of skb->len being too long, add dev_kfree_skb() to fix it.

5.5
2024-11-07 CVE-2024-50169 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: vsock: Update rx_bytes on read_skb() Make sure virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt() calls are balanced (i.e.

5.5
2024-11-07 CVE-2024-50170 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix potential memory leak in bcmasp_xmit() The bcmasp_xmit() returns NETDEV_TX_OK without freeing skb in case of mapping fails, add dev_kfree_skb() to fix it.

5.5
2024-11-07 CVE-2024-50171 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: systemport: fix potential memory leak in bcm_sysport_xmit() The bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb in case of dma_map_single() fails, add dev_kfree_skb() to fix it.

5.5
2024-11-07 CVE-2024-50172 Linux Memory Leak vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a possible memory leak In bnxt_re_setup_chip_ctx() when bnxt_qplib_map_db_bar() fails driver is not freeing the memory allocated for "rdev->chip_ctx".

5.5
2024-11-06 CVE-2024-34673 Samsung Unspecified vulnerability in Samsung Android 12.0/13.0/14.0

Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.

5.5
2024-11-06 CVE-2024-34680 Samsung Unspecified vulnerability in Samsung Android 12.0/13.0/14.0

Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.

5.5
2024-11-05 CVE-2024-50098 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down There is a history of deadlock if reboot is performed at the beginning of booting.

5.5
2024-11-05 CVE-2024-50099 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Remove broken LDR (literal) uprobe support The simulate_ldr_literal() and simulate_ldrsw_literal() functions are unsafe to use for uprobes.

5.5
2024-11-05 CVE-2024-50100 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: dummy-hcd: Fix "task hung" problem The syzbot fuzzer has been encountering "task hung" problems ever since the dummy-hcd driver was changed to use hrtimers instead of regular timers.

5.5
2024-11-05 CVE-2024-50101 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices Previously, the domain_context_clear() function incorrectly called pci_for_each_dma_alias() to set up context entries for non-PCI devices. This could lead to kernel hangs or other unexpected behavior. Add a check to only call pci_for_each_dma_alias() for PCI devices.

5.5
2024-11-05 CVE-2024-50102 Linux Information Exposure Through Discrepancy vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Lite(tm)" issue with non-canonical accesses in kernel space.

5.5
2024-11-05 CVE-2024-50103 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() A devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could possibly return NULL pointer.

5.5
2024-11-05 CVE-2024-50104 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: sdm845: add missing soundwire runtime stream alloc During the migration of Soundwire runtime stream allocation from the Qualcomm Soundwire controller to SoC's soundcard drivers the sdm845 soundcard was forgotten. At this point any playback attempt or audio daemon startup, for instance on sdm845-db845c (Qualcomm RB3 board), will result in stream pointer NULL dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101ecf000 [0000000000000020] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP Modules linked in: ... CPU: 5 UID: 0 PID: 1198 Comm: aplay Not tainted 6.12.0-rc2-qcomlt-arm64-00059-g9d78f315a362-dirty #18 Hardware name: Thundercomm Dragonboard 845c (DT) pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : sdw_stream_add_slave+0x44/0x380 [soundwire_bus] lr : sdw_stream_add_slave+0x44/0x380 [soundwire_bus] sp : ffff80008a2035c0 x29: ffff80008a2035c0 x28: ffff80008a203978 x27: 0000000000000000 x26: 00000000000000c0 x25: 0000000000000000 x24: ffff1676025f4800 x23: ffff167600ff1cb8 x22: ffff167600ff1c98 x21: 0000000000000003 x20: ffff167607316000 x19: ffff167604e64e80 x18: 0000000000000000 x17: 0000000000000000 x16: ffffcec265074160 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffff167600ff1cec x5 : ffffcec22cfa2010 x4 : 0000000000000000 x3 : 0000000000000003 x2 : ffff167613f836c0 x1 : 0000000000000000 x0 : ffff16761feb60b8 Call trace: sdw_stream_add_slave+0x44/0x380 [soundwire_bus] wsa881x_hw_params+0x68/0x80 [snd_soc_wsa881x] snd_soc_dai_hw_params+0x3c/0xa4 __soc_pcm_hw_params+0x230/0x660 dpcm_be_dai_hw_params+0x1d0/0x3f8 dpcm_fe_dai_hw_params+0x98/0x268 snd_pcm_hw_params+0x124/0x460 snd_pcm_common_ioctl+0x998/0x16e8 snd_pcm_ioctl+0x34/0x58 __arm64_sys_ioctl+0xac/0xf8 invoke_syscall+0x48/0x104 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xe0 el0t_64_sync_handler+0x120/0x12c el0t_64_sync+0x190/0x194 Code: aa0403fb f9418400 9100e000 9400102f (f8420f22) ---[ end trace 0000000000000000 ]--- 0000000000006108 <sdw_stream_add_slave>: 6108: d503233f paciasp 610c: a9b97bfd stp x29, x30, [sp, #-112]! 6110: 910003fd mov x29, sp 6114: a90153f3 stp x19, x20, [sp, #16] 6118: a9025bf5 stp x21, x22, [sp, #32] 611c: aa0103f6 mov x22, x1 6120: 2a0303f5 mov w21, w3 6124: a90363f7 stp x23, x24, [sp, #48] 6128: aa0003f8 mov x24, x0 612c: aa0203f7 mov x23, x2 6130: a9046bf9 stp x25, x26, [sp, #64] 6134: aa0403f9 mov x25, x4 <-- x4 copied to x25 6138: a90573fb stp x27, x28, [sp, #80] 613c: aa0403fb mov x27, x4 6140: f9418400 ldr x0, [x0, #776] 6144: 9100e000 add x0, x0, #0x38 6148: 94000000 bl 0 <mutex_lock> 614c: f8420f22 ldr x2, [x25, #32]! <-- offset 0x44 ^^^ This is 0x6108 + offset 0x44 from the beginning of sdw_stream_add_slave() where data abort happens. wsa881x_hw_params() is called with stream = NULL and passes it further in register x4 (5th argu ---truncated---

5.5
2024-11-05 CVE-2024-50105 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc Commit 15c7fab0e047 ("ASoC: qcom: Move Soundwire runtime stream alloc to soundcards") moved the allocation of Soundwire stream runtime from the Qualcomm Soundwire driver to each individual machine sound card driver, except that it forgot to update SC7280 card. Just like for other Qualcomm sound cards using Soundwire, the card driver should allocate and release the runtime.

5.5
2024-11-05 CVE-2024-50107 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses Commit 50c6dbdfd16e ("x86/ioremap: Improve iounmap() address range checks") introduces a WARN when adrress ranges of iounmap are invalid.

5.5
2024-11-05 CVE-2024-50108 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING [1] traces when calling dmub_psr_enable() with Parade 08-01 TCON. These symptoms all go away with PSR-SU disabled for this TCON, so disable it for now while DMUB traces [2] from the failure can be analyzed and the failure state properly root caused. (cherry picked from commit afb634a6823d8d9db23c5fb04f79c5549349628b)

5.5
2024-11-05 CVE-2024-50109 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null ptr dereference in raid10_size() In raid10_run() if raid10_set_queue_limits() succeed, the return value is set to zero, and if following procedures failed raid10_run() will return zero while mddev->private is still NULL, causing null ptr dereference in raid10_size(). Fix the problem by only overwrite the return value if raid10_set_queue_limits() failed.

5.5
2024-11-05 CVE-2024-50110 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram_iter+0x168/0x1060 skb_copy_datagram_iter+0x5b/0x220 netlink_recvmsg+0x362/0x1700 sock_recvmsg+0x2dc/0x390 __sys_recvfrom+0x381/0x6d0 __x64_sys_recvfrom+0x130/0x200 x64_sys_call+0x32c8/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Uninit was stored to memory at: copy_to_user_state_extra+0xcc1/0x1e00 dump_one_state+0x28c/0x5f0 xfrm_state_walk+0x548/0x11e0 xfrm_dump_sa+0x1e0/0x840 netlink_dump+0x943/0x1c40 __netlink_dump_start+0x746/0xdb0 xfrm_user_rcv_msg+0x429/0xc00 netlink_rcv_skb+0x613/0x780 xfrm_netlink_rcv+0x77/0xc0 netlink_unicast+0xe90/0x1280 netlink_sendmsg+0x126d/0x1490 __sock_sendmsg+0x332/0x3d0 ____sys_sendmsg+0x863/0xc30 ___sys_sendmsg+0x285/0x3e0 __x64_sys_sendmsg+0x2d6/0x560 x64_sys_call+0x1316/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Uninit was created at: __kmalloc+0x571/0xd30 attach_auth+0x106/0x3e0 xfrm_add_sa+0x2aa0/0x4230 xfrm_user_rcv_msg+0x832/0xc00 netlink_rcv_skb+0x613/0x780 xfrm_netlink_rcv+0x77/0xc0 netlink_unicast+0xe90/0x1280 netlink_sendmsg+0x126d/0x1490 __sock_sendmsg+0x332/0x3d0 ____sys_sendmsg+0x863/0xc30 ___sys_sendmsg+0x285/0x3e0 __x64_sys_sendmsg+0x2d6/0x560 x64_sys_call+0x1316/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Bytes 328-379 of 732 are uninitialized Memory access of size 732 starts at ffff88800e18e000 Data copied to user address 00007ff30f48aff0 CPU: 2 PID: 18167 Comm: syz-executor.0 Not tainted 6.8.11 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Fixes copying of xfrm algorithms where some random data of the structure fields can end up in userspace. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space. A similar issue was resolved in the commit 8222d5910dae ("xfrm: Zero padding when dumping algos and encap") Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

5.5
2024-11-05 CVE-2024-50111 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case do_ale() may call get_user() which may cause sleep.

5.5
2024-11-05 CVE-2024-50113 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix invalid port index for parent device In a commit 24b7f8e5cd65 ("firewire: core: use helper functions for self ID sequence"), the enumeration over self ID sequence was refactored with some helper functions with KUnit tests.

5.5
2024-11-05 CVE-2024-50116 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of buffer delay flag Syzbot reported that after nilfs2 reads a corrupted file system image and degrades to read-only, the BUG_ON check for the buffer delay flag in submit_bh_wbc() may fail, causing a kernel bug. This is because the buffer delay flag is not cleared when clearing the buffer state flags to discard a page/folio or a buffer head.

5.5
2024-11-05 CVE-2024-50117 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ``` ? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1)) ? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434) ? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2)) ? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1)) ? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642) ? exc_page_fault (arch/x86/mm/fault.c:1542) ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu ``` It has been encountered on at least one system, so guard for it. (cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)

5.5
2024-11-05 CVE-2024-50118 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: reject ro->rw reconfiguration if there are hard ro requirements [BUG] Syzbot reports the following crash: BTRFS info (device loop0 state MCS): disabling free space tree BTRFS info (device loop0 state MCS): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) BTRFS info (device loop0 state MCS): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:backup_super_roots fs/btrfs/disk-io.c:1691 [inline] RIP: 0010:write_all_supers+0x97a/0x40f0 fs/btrfs/disk-io.c:4041 Call Trace: <TASK> btrfs_commit_transaction+0x1eae/0x3740 fs/btrfs/transaction.c:2530 btrfs_delete_free_space_tree+0x383/0x730 fs/btrfs/free-space-tree.c:1312 btrfs_start_pre_rw_mount+0xf28/0x1300 fs/btrfs/disk-io.c:3012 btrfs_remount_rw fs/btrfs/super.c:1309 [inline] btrfs_reconfigure+0xae6/0x2d40 fs/btrfs/super.c:1534 btrfs_reconfigure_for_mount fs/btrfs/super.c:2020 [inline] btrfs_get_tree_subvol fs/btrfs/super.c:2079 [inline] btrfs_get_tree+0x918/0x1920 fs/btrfs/super.c:2115 vfs_get_tree+0x90/0x2b0 fs/super.c:1800 do_new_mount+0x2be/0xb40 fs/namespace.c:3472 do_mount fs/namespace.c:3812 [inline] __do_sys_mount fs/namespace.c:4020 [inline] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3997 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [CAUSE] To support mounting different subvolume with different RO/RW flags for the new mount APIs, btrfs introduced two workaround to support this feature: - Skip mount option/feature checks if we are mounting a different subvolume - Reconfigure the fs to RW if the initial mount is RO Combining these two, we can have the following sequence: - Mount the fs ro,rescue=all,clear_cache,space_cache=v1 rescue=all will mark the fs as hard read-only, so no v2 cache clearing will happen. - Mount a subvolume rw of the same fs. We go into btrfs_get_tree_subvol(), but fc_mount() returns EBUSY because our new fc is RW, different from the original fs. Now we enter btrfs_reconfigure_for_mount(), which switches the RO flag first so that we can grab the existing fs_info. Then we reconfigure the fs to RW. - During reconfiguration, option/features check is skipped This means we will restart the v2 cache clearing, and convert back to v1 cache. This will trigger fs writes, and since the original fs has "rescue=all" option, it skips the csum tree read. And eventually causing NULL pointer dereference in super block writeback. [FIX] For reconfiguration caused by different subvolume RO/RW flags, ensure we always run btrfs_check_options() to ensure we have proper hard RO requirements met. In fact the function btrfs_check_options() doesn't really do many complex checks, but hard RO requirement and some feature dependency checks, thus there is no special reason not to do the check for mount reconfiguration.

5.5
2024-11-05 CVE-2024-50119 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: cifs: fix warning when destroy 'cifs_io_request_pool' There's a issue as follows: WARNING: CPU: 1 PID: 27826 at mm/slub.c:4698 free_large_kmalloc+0xac/0xe0 RIP: 0010:free_large_kmalloc+0xac/0xe0 Call Trace: <TASK> ? __warn+0xea/0x330 mempool_destroy+0x13f/0x1d0 init_cifs+0xa50/0xff0 [cifs] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Obviously, 'cifs_io_request_pool' is not created by mempool_create(). So just use mempool_exit() to revert 'cifs_io_request_pool'.

5.5
2024-11-05 CVE-2024-50120 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3_reconfigure(), after duplicating ctx->password and ctx->password2 with kstrdup(), we need to check for allocation failures. If ses->password allocation fails, return -ENOMEM. If ses->password2 allocation fails, free ses->password, set it to NULL, and return -ENOMEM.

5.5
2024-11-05 CVE-2024-50122 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: PCI: Hold rescan lock while adding devices during host probe Since adding the PCI power control code, we may end up with a race between the pwrctl platform device rescanning the bus and host controller probe functions.

5.5
2024-11-05 CVE-2024-50132 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: Fix MAX_TRACE_ARGS limit handling When creating a trace_probe we would set nr_args prior to truncating the arguments to MAX_TRACE_ARGS.

5.5
2024-11-05 CVE-2024-50133 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Don't crash in stack_top() for tasks without vDSO Not all tasks have a vDSO mapped, for example kthreads never do.

5.5
2024-11-05 CVE-2024-50134 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Replace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a "memcpy: detected field-spanning write error" warning: [ 13.319813] memcpy: detected field-spanning write (size 16896) of single field "p->data" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4) [ 13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo] [ 13.320038] Call Trace: [ 13.320173] hgsmi_update_pointer_shape [vboxvideo] [ 13.320184] vbox_cursor_atomic_update [vboxvideo] Note as mentioned in the added comment it seems the original length calculation for the allocated and send hgsmi buffer is 4 bytes too large. Changing this is not the goal of this patch, so this behavior is kept.

5.5
2024-11-05 CVE-2024-50136 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: [ 682.589148] ------------[ cut here ]------------ [ 682.590204] notifier callback eswitch_vport_event [mlx5_core] already registered [ 682.590256] WARNING: CPU: 13 PID: 2660 at kernel/notifier.c:31 notifier_chain_register+0x3e/0x90 [...snipped] [ 682.610052] Call Trace: [ 682.610369] <TASK> [ 682.610663] ? __warn+0x7c/0x110 [ 682.611050] ? notifier_chain_register+0x3e/0x90 [ 682.611556] ? report_bug+0x148/0x170 [ 682.611977] ? handle_bug+0x36/0x70 [ 682.612384] ? exc_invalid_op+0x13/0x60 [ 682.612817] ? asm_exc_invalid_op+0x16/0x20 [ 682.613284] ? notifier_chain_register+0x3e/0x90 [ 682.613789] atomic_notifier_chain_register+0x25/0x40 [ 682.614322] mlx5_eswitch_enable_locked+0x1d4/0x3b0 [mlx5_core] [ 682.614965] mlx5_eswitch_enable+0xc9/0x100 [mlx5_core] [ 682.615551] mlx5_device_enable_sriov+0x25/0x340 [mlx5_core] [ 682.616170] mlx5_core_sriov_configure+0x50/0x170 [mlx5_core] [ 682.616789] sriov_numvfs_store+0xb0/0x1b0 [ 682.617248] kernfs_fop_write_iter+0x117/0x1a0 [ 682.617734] vfs_write+0x231/0x3f0 [ 682.618138] ksys_write+0x63/0xe0 [ 682.618536] do_syscall_64+0x4c/0x100 [ 682.618958] entry_SYSCALL_64_after_hwframe+0x4b/0x53

5.5
2024-11-05 CVE-2024-50137 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC data->asserted will be NULL on JH7110 SoC since commit 82327b127d41 ("reset: starfive: Add StarFive JH7110 reset driver") was added.

5.5
2024-11-05 CVE-2024-50138 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Use raw_spinlock_t in ringbuf The function __bpf_ringbuf_reserve is invoked from a tracepoint, which disables preemption.

5.5
2024-11-05 CVE-2024-50089 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: unicode: Don't special case ignorable code points We don't need to handle them separately.

5.5
2024-11-05 CVE-2024-50090 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default xe_bb_create_job() appends a MI_BATCH_BUFFER_END to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at each call it appends a MI_BATCH_BUFFER_END, printing the warning below and then overflowing. [ 381.072016] ------------[ cut here ]------------ [ 381.072019] xe 0000:00:02.0: [drm] Assertion `bb->len * 4 + bb_prefetch(q->gt) <= size` failed! platform: LUNARLAKE subplatform: 1 graphics: Xe2_LPG / Xe2_HPG 20.04 step B0 media: Xe2_LPM / Xe2_HPM 20.00 step B0 tile: 0 VRAM 0 B GT: 0 type 1 So here checking if batch buffer already have MI_BATCH_BUFFER_END if not append it. v2: - simply fix, suggestion from Ashutosh (cherry picked from commit 9ba0e0f30ca42a98af3689460063edfb6315718a)

5.5
2024-11-05 CVE-2024-50091 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: dm vdo: don't refer to dedupe_context after releasing it Clear the dedupe_context pointer in a data_vio whenever ownership of the context is lost, so that vdo can't examine it accidentally.

5.5
2024-11-05 CVE-2024-50093 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: int340x: processor: Fix warning during module unload The processor_thermal driver uses pcim_device_enable() to enable a PCI device, which means the device will be automatically disabled on driver detach.

5.5
2024-11-05 CVE-2024-50094 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: sfc: Don't invoke xdp_do_flush() from netpoll. Yury reported a crash in the sfc driver originated from netpoll_send_udp().

5.5
2024-11-05 CVE-2024-50095 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: RDMA/mad: Improve handling of timed out WRs of mad agent Current timeout handler of mad agent acquires/releases mad_agent_priv lock for every timed out WRs.

5.5
2024-11-05 CVE-2024-50096 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error The `nouveau_dmem_copy_one` function ensures that the copy push command is sent to the device firmware but does not track whether it was executed successfully. In the case of a copy error (e.g., firmware or hardware failure), the copy push command will be sent via the firmware channel, and `nouveau_dmem_copy_one` will likely report success, leading to the `migrate_to_ram` function returning a dirty HIGH_USER page to the user. This can result in a security vulnerability, as a HIGH_USER page that may contain sensitive or corrupted data could be returned to the user. To prevent this vulnerability, we allocate a zero page.

5.5
2024-11-05 CVE-2024-50097 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: fec: don't save PTP state if PTP is unsupported Some platforms (such as i.MX25 and i.MX27) do not support PTP, so on these platforms fec_ptp_init() is not called and the related members in fep are not initialized.

5.5
2024-11-05 CVE-2024-51529 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Data verification vulnerability in the battery module Impact: Successful exploitation of this vulnerability may affect function stability.

5.5
2024-11-05 CVE-2024-51530 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-11-05 CVE-2024-51517 Huawei Improper Validation of Array Index vulnerability in Huawei Harmonyos 5.0.0

Vulnerability of improper memory access in the phone service module Impact: Successful exploitation of this vulnerability may affect availability.

5.5
2024-11-05 CVE-2024-51519 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability.

5.5
2024-11-05 CVE-2024-51520 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability.

5.5
2024-11-05 CVE-2024-51521 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Input parameter verification vulnerability in the background service module Impact: Successful exploitation of this vulnerability may affect availability.

5.5
2024-11-05 CVE-2024-51522 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Vulnerability of improper device information processing in the device management module Impact: Successful exploitation of this vulnerability may affect availability.

5.5
2024-11-05 CVE-2024-51524 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Permission control vulnerability in the Wi-Fi module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-11-05 CVE-2024-51525 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Permission control vulnerability in the clipboard module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-11-05 CVE-2024-51526 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Permission control vulnerability in the hidebug module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-11-05 CVE-2024-51527 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Permission control vulnerability in the Gallery app Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-11-05 CVE-2024-51528 Huawei Information Exposure Through Log Files vulnerability in Huawei Emui and Harmonyos

Vulnerability of improper log printing in the Super Home Screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-11-05 CVE-2023-52920 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction (jump) history to record instructions that performed register spill/fill to/from stack, regardless if this was done through read-only r10 register, or any other register after copying r10 into it *and* potentially adjusting offset. To make this work reliably, we push extra per-instruction flags into instruction history, encoding stack slot index (spi) and stack frame number in extra 10 bit flags we take away from prev_idx in instruction history.

5.5
2024-11-05 CVE-2024-51510 Huawei Out-of-bounds Write vulnerability in Huawei Emui and Harmonyos

Out-of-bounds access vulnerability in the logo module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-11-05 CVE-2024-51511 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability.

5.5
2024-11-05 CVE-2024-51512 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability.

5.5
2024-11-05 CVE-2024-51513 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Vulnerability of processes not being fully terminated in the VPN module Impact: Successful exploitation of this vulnerability will affect power consumption.

5.5
2024-11-05 CVE-2024-51514 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Vulnerability of pop-up windows belonging to no app in the VPN module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-11-05 CVE-2024-51516 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Permission control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to function abnormally.

5.5
2024-11-05 CVE-2024-47402 Openatom Out-of-bounds Read vulnerability in Openatom Openharmony

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read.

5.5
2024-11-04 CVE-2024-45086 IBM XXE vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.

5.5
2024-11-10 CVE-2024-51576 Wpza Cross-site Scripting vulnerability in Wpza AMP IMG Shortcode

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPZA AMP Img Shortcode allows Stored XSS.This issue affects AMP Img Shortcode: from n/a through 1.0.1.

5.4
2024-11-10 CVE-2024-51577 Camunda Cross-site Scripting vulnerability in Camunda Bpmn.Io 1.0

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Camunda Services GmbH bpmn.Io allows Stored XSS.This issue affects bpmn.Io: from n/a through 1.0.

5.4
2024-11-10 CVE-2024-51578 Lucapaggetti Cross-site Scripting vulnerability in Lucapaggetti 3D Presentation 1.0

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Luca Paggetti 3D Presentation allows Stored XSS.This issue affects 3D Presentation: from n/a through 1.0.

5.4
2024-11-10 CVE-2024-51580 Cleversoft Cross-site Scripting vulnerability in Cleversoft Clever Addons for Elementor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.1.

5.4
2024-11-10 CVE-2024-51581 Nicheaddons Cross-site Scripting vulnerability in Nicheaddons Restaurant & Cafe Addon for Elementor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.6.

5.4
2024-11-10 CVE-2024-51583 Pluginspoint Cross-site Scripting vulnerability in Pluginspoint Kento ADS Rotator

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KentoThemes Kento Ads Rotator allows Stored XSS.This issue affects Kento Ads Rotator: from n/a through 1.3.

5.4
2024-11-10 CVE-2024-51584 Anasedreesi Cross-site Scripting vulnerability in Anasedreesi Marquee Elementor With Posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Anas Edreesi Marquee Elementor with Posts allows DOM-Based XSS.This issue affects Marquee Elementor with Posts: from n/a through 1.2.0.

5.4
2024-11-10 CVE-2024-11050 Amttgroup Cross-site Scripting vulnerability in Amttgroup Hotel Broadband Operating System

A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic.

5.4
2024-11-09 CVE-2024-51585 Nicheaddons Cross-site Scripting vulnerability in Nicheaddons Sales Page Addon

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Sales Page Addon – Elementor & Beaver Builder allows Stored XSS.This issue affects Sales Page Addon – Elementor & Beaver Builder: from n/a through 1.4.2.

5.4
2024-11-09 CVE-2024-51586 Camilluskillus Cross-site Scripting vulnerability in Camilluskillus Elementary Addons

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BRAFT Elementary Addons allows Stored XSS.This issue affects Elementary Addons: from n/a through 2.0.4.

5.4
2024-11-09 CVE-2024-51587 Softfirm Cross-site Scripting vulnerability in Softfirm Definitive Addons for Elementor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Softfirm Definitive Addons for Elementor allows Stored XSS.This issue affects Definitive Addons for Elementor: from n/a through 1.5.16.

5.4
2024-11-09 CVE-2024-51588 Themehat Cross-site Scripting vulnerability in Themehat Super Addons for Elementor 1.0

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themehat Super Addons for Elementor allows DOM-Based XSS.This issue affects Super Addons for Elementor: from n/a through 1.0.

5.4
2024-11-09 CVE-2024-51589 Wpcirqle Cross-site Scripting vulnerability in Wpcirqle Bigmart Elements

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpcirqle Bigmart Elements allows DOM-Based XSS.This issue affects Bigmart Elements: from n/a through 1.0.3.

5.4
2024-11-09 CVE-2024-51590 Hoosoft Cross-site Scripting vulnerability in Hoosoft HOO Addons for Elementor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hoosoft Hoo Addons for Elementor allows DOM-Based XSS.This issue affects Hoo Addons for Elementor: from n/a through 1.0.6.

5.4
2024-11-09 CVE-2024-51591 Wpgrids Cross-site Scripting vulnerability in Wpgrids Slicko

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpgrids Slicko allows DOM-Based XSS.This issue affects Slicko: from n/a through 1.2.0.

5.4
2024-11-09 CVE-2024-51592 Mysticalthemes Cross-site Scripting vulnerability in Mysticalthemes Meta Store Elements

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bnayawpguy Meta Store Elements allows DOM-Based XSS.This issue affects Meta Store Elements: from n/a through 1.0.9.

5.4
2024-11-09 CVE-2024-51593 Glopium Unspecified vulnerability in Glopium Ukrainian-Currency

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Glopium Studio ???? ????? UAH allows Stored XSS.This issue affects ???? ????? UAH: from n/a through 2.0.

5.4
2024-11-09 CVE-2024-51594 Rafelsanso Cross-site Scripting vulnerability in Rafelsanso Gmap Point List

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rafel Sansó Gmap Point List allows Stored XSS.This issue affects Gmap Point List: from n/a through 1.1.2.

5.4
2024-11-09 CVE-2024-51595 Sksdev Cross-site Scripting vulnerability in Sksdev Toolkit 1.0.0

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sksdev SKSDEV Toolkit allows Stored XSS.This issue affects SKSDEV Toolkit: from n/a through 1.0.0.

5.4
2024-11-09 CVE-2024-51596 Snilesh Cross-site Scripting vulnerability in Snilesh Business

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nilesh Shiragave Business allows Stored XSS.This issue affects Business: from n/a through 1.3.

5.4
2024-11-09 CVE-2024-51597 Brandevolutionco Cross-site Scripting vulnerability in Brandevolutionco Themeshark Templates & Widgets for Elementor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeShark ThemeShark Templates & Widgets for Elementor allows Stored XSS.This issue affects ThemeShark Templates & Widgets for Elementor: from n/a through 1.1.7.

5.4
2024-11-09 CVE-2024-51598 Kendysond Cross-site Scripting vulnerability in Kendysond Selar.Co Widget

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kendysond Selar.Co Widget allows DOM-Based XSS.This issue affects Selar.Co Widget: from n/a through 1.2.

5.4
2024-11-09 CVE-2024-51599 Russellalbin Cross-site Scripting vulnerability in Russellalbin Simple Business Manager

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Russell Albin Simple Business Manager allows Stored XSS.This issue affects Simple Business Manager: from n/a through 4.6.7.4.

5.4
2024-11-09 CVE-2024-51603 Mirceatm Cross-site Scripting vulnerability in Mirceatm NMR Strava Activities

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mircea N.

5.4
2024-11-09 CVE-2024-51604 Jumpstartcreatives Cross-site Scripting vulnerability in Jumpstartcreatives Media Modal

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Carlo Andro Mabugay Media Modal allows DOM-Based XSS.This issue affects Media Modal: from n/a through 1.0.2.

5.4
2024-11-09 CVE-2024-51605 Genoo Cross-site Scripting vulnerability in Genoo

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Genoo, LLC Genoo allows DOM-Based XSS.This issue affects Genoo: from n/a through 6.0.10.

5.4
2024-11-09 CVE-2024-51609 Elsner Cross-site Scripting vulnerability in Elsner Emoji Shortcode

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elsner Technologies Pvt.

5.4
2024-11-09 CVE-2024-51610 Seothemes Cross-site Scripting vulnerability in Seothemes Display Terms Shortcode

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SEO Themes Display Terms Shortcode allows Stored XSS.This issue affects Display Terms Shortcode: from n/a through 1.0.4.

5.4
2024-11-09 CVE-2024-51662 Modernaweb Cross-site Scripting vulnerability in Modernaweb Black Widgets for Elementor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.6.

5.4
2024-11-08 CVE-2024-51031 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 CAB Management System 1.0

A Cross-site Scripting (XSS) vulnerability in manage_account.php in Sourcecodester Cab Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "First Name," "Middle Name," and "Last Name" fields.

5.4
2024-11-08 CVE-2024-51032 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Toll TAX Management System 1.0

A Cross-site Scripting (XSS) vulnerability in manage_recipient.php of Sourcecodester Toll Tax Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "owner" input field.

5.4
2024-11-08 CVE-2024-10325 Brainstormforce Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping.

5.4
2024-11-08 CVE-2024-10187 Mycred Cross-site Scripting vulnerability in Mycred

The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_link shortcode in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-11-08 CVE-2024-10269 Benjaminzekavica Cross-site Scripting vulnerability in Benjaminzekavica Easy SVG Support

The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping.

5.4
2024-11-07 CVE-2024-49523 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-11-07 CVE-2024-49524 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.

5.4
2024-11-06 CVE-2024-10318 F5 Session Fixation vulnerability in F5 products

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time.

5.4
2024-11-06 CVE-2024-35146 IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting.
5.4
2024-11-06 CVE-2020-11859 Microfocus Cross-site Scripting vulnerability in Microfocus Imanager

Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3

5.4
2024-11-06 CVE-2024-10186 Avecnous Cross-site Scripting vulnerability in Avecnous Event Post

The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-11-06 CVE-2024-10168 Pluginus Cross-site Scripting vulnerability in Pluginus Woot

The Active Products Tables for WooCommerce.

5.4
2024-11-06 CVE-2024-8323 Fatcatapps Cross-site Scripting vulnerability in Fatcatapps Easy Pricing Tables

The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fontFamily’ attribute in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping.

5.4
2024-11-06 CVE-2024-10715 Mappresspro Cross-site Scripting vulnerability in Mappresspro Mappress

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-11-05 CVE-2024-50335 Salesagility Cross-site Scripting vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application.

5.4
2024-11-05 CVE-2024-9657 Bdthemes Cross-site Scripting vulnerability in Bdthemes Element Pack

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip' parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output escaping.

5.4
2024-11-05 CVE-2024-9867 Bdthemes Cross-site Scripting vulnerability in Bdthemes Element Pack

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' marker_content parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output escaping.

5.4
2024-11-05 CVE-2024-9178 Xplodedthemes Cross-site Scripting vulnerability in Xplodedthemes XT Floating Cart for Woocommerce

The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping.

5.4
2024-11-05 CVE-2024-9443 Basticom Cross-site Scripting vulnerability in Basticom Framework

The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping.

5.4
2024-11-04 CVE-2024-10768 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Online Shopping Portal 2.0

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0.

5.4
2024-11-04 CVE-2024-51677 Webberzone Cross-site Scripting vulnerability in Webberzone Knowledge Base

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WebberZone Knowledge Base allows Stored XSS.This issue affects Knowledge Base: from n/a through 2.2.0.

5.4
2024-11-04 CVE-2024-51678 Timelord Cross-site Scripting vulnerability in Timelord ELO Rating Shortcode

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marcel Pol Elo Rating Shortcode allows Stored XSS.This issue affects Elo Rating Shortcode: from n/a through 1.0.3.

5.4
2024-11-04 CVE-2024-51680 Crestaproject Cross-site Scripting vulnerability in Crestaproject Cresta Addons for Elementor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CrestaProject – Rizzo Andrea Cresta Addons for Elementor allows Stored XSS.This issue affects Cresta Addons for Elementor: from n/a through 1.0.9.

5.4
2024-11-04 CVE-2024-51681 Coderevolution Cross-site Scripting vulnerability in Coderevolution WP Pocket Urls 1.0.0/1.0.2

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Stored XSS.This issue affects WP Pocket URLs: from n/a through 1.0.3.

5.4
2024-11-04 CVE-2024-51682 Hasthemes Cross-site Scripting vulnerability in Hasthemes HT Builder

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Builder – WordPress Theme Builder for Elementor allows Stored XSS.This issue affects HT Builder – WordPress Theme Builder for Elementor: from n/a through 1.3.0.

5.4
2024-11-04 CVE-2024-51683 Migaweb Cross-site Scripting vulnerability in Migaweb Custom Post Type Templates for Elementor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Gangolf Custom post type templates for Elementor allows Stored XSS.This issue affects Custom post type templates for Elementor: from n/a through 1.10.1.

5.4
2024-11-04 CVE-2024-10761 Umbraco Code Injection vulnerability in Umbraco CMS 12.3.6

A vulnerability was found in Umbraco CMS 12.3.6.

5.4
2024-11-04 CVE-2024-10753 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Online Shopping Portal 2.0

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0.

5.4
2024-11-09 CVE-2024-8756 The Quform - WordPress Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.20.0 via the 'saveUploadedFile' function.
5.3
2024-11-06 CVE-2024-10916 Dlink Unspecified vulnerability in Dlink products

A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028.

5.3
2024-11-06 CVE-2024-52043 Humhub Information Exposure Through an Error Message vulnerability in Humhub

Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co.

5.3
2024-11-06 CVE-2024-10535 Martinvalchev Missing Authorization vulnerability in Martinvalchev Video Gallery for Woocommerce

The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31.

5.3
2024-11-06 CVE-2024-6626 Theinnovs Missing Authorization vulnerability in Theinnovs Eleforms

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9.

5.3
2024-11-05 CVE-2024-51739 Combodo Information Exposure Through Discrepancy vulnerability in Combodo Itop

Combodo iTop is a simple, web based IT Service Management tool.

5.3
2024-11-09 CVE-2024-9874 The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
4.9
2024-11-04 CVE-2024-34882 Bitrix24 Insufficiently Protected Credentials vulnerability in Bitrix24 23.300.100

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request.

4.9
2024-11-04 CVE-2024-34883 Bitrix24 Insufficiently Protected Credentials vulnerability in Bitrix24 23.300.100

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.

4.9
2024-11-04 CVE-2024-34887 Bitrix24 Insufficiently Protected Credentials vulnerability in Bitrix24 23.300.100

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request.

4.9
2024-11-09 CVE-2024-36250 Mattermost Authentication Bypass by Capture-replay vulnerability in Mattermost Server

Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds

4.8
2024-11-09 CVE-2024-51663 Bricksable Cross-site Scripting vulnerability in Bricksable for Bricks Builder

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bricksable Bricksable for Bricks Builder allows Stored XSS.This issue affects Bricksable for Bricks Builder: from n/a through 1.6.59.

4.8
2024-11-09 CVE-2024-51664 Beds24 Cross-site Scripting vulnerability in Beds24 Online Booking

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.25.

4.8
2024-11-09 CVE-2024-51668 Target Info Cross-site Scripting vulnerability in Target-Info Mycurator Content Curation

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Tilly MyCurator Content Curation allows Stored XSS.This issue affects MyCurator Content Curation: from n/a through 3.78.

4.8
2024-11-09 CVE-2024-9775 Shtheme Cross-site Scripting vulnerability in Shtheme Anih

The Anih - Creative Agency WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2024 due to an incomplete blacklist, insufficient input sanitization, and output escaping.

4.8
2024-11-06 CVE-2024-20539 Cisco Cross-site Scripting vulnerability in Cisco Identity Services Engine

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input.

4.8
2024-11-05 CVE-2024-10842 Romadebrian Cross-site Scripting vulnerability in Romadebrian Web-Sekolah 1.0

A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0.

4.8
2024-11-05 CVE-2024-10840 Romadebrian Cross-site Scripting vulnerability in Romadebrian Web-Sekolah 1.0

A vulnerability classified as problematic has been found in romadebrian WEB-Sekolah 1.0.

4.8
2024-11-05 CVE-2024-9878 10Web Cross-site Scripting vulnerability in 10Web Photo Gallery

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping.

4.8
2024-11-05 CVE-2024-5578 Dublue Cross-site Scripting vulnerability in Dublue Table of Contents Plus

The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8
2024-11-05 CVE-2024-7876 Nsqua Cross-site Scripting vulnerability in Nsqua Simply Schedule Appointments

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8
2024-11-05 CVE-2024-7877 Nsqua Cross-site Scripting vulnerability in Nsqua Simply Schedule Appointments

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8
2024-11-05 CVE-2024-9883 Podsfoundation Cross-site Scripting vulnerability in Podsfoundation Pods

The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2024-11-05 CVE-2024-10807 Anujkumar Cross-site Scripting vulnerability in Anujkumar Hospital Management System 4.0

A vulnerability was found in PHPGurukul Hospital Management System 4.0.

4.8
2024-11-05 CVE-2024-10806 Anujkumar Cross-site Scripting vulnerability in Anujkumar Hospital Management System 4.0

A vulnerability was found in PHPGurukul Hospital Management System 4.0.

4.8
2024-11-04 CVE-2024-51685 Migaweb Cross-site Scripting vulnerability in Migaweb Accordion Title for Elementor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Gangolf Accordion title for Elementor allows Stored XSS.This issue affects Accordion title for Elementor: from n/a through 1.2.1.

4.8
2024-11-09 CVE-2024-50260 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: sock_map: fix a NULL pointer dereference in sock_map_link_update_prog() The following race condition could trigger a NULL pointer dereference: sock_map_link_detach(): sock_map_link_update_prog(): mutex_lock(&sockmap_mutex); ... sockmap_link->map = NULL; mutex_unlock(&sockmap_mutex); mutex_lock(&sockmap_mutex); ... sock_map_prog_link_lookup(sockmap_link->map); mutex_unlock(&sockmap_mutex); <continue> Fix it by adding a NULL pointer check.

4.7
2024-11-08 CVE-2024-50174 Linux Race Condition vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race when converting group handle to group object XArray provides it's own internal lock which protects the internal array when entries are being simultaneously added and removed.

4.7
2024-11-08 CVE-2024-50192 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE Kunkun Jiang reported that there is a small window of opportunity for userspace to force a change of affinity for a VPE while the VPE has already been unmapped, but the corresponding doorbell interrupt still visible in /proc/irq/. Plug the race by checking the value of vmapp_count, which tracks whether the VPE is mapped ot not, and returning an error in this case. This involves making vmapp_count common to both GICv4.1 and its v4.0 ancestor.

4.7
2024-11-05 CVE-2024-50135 Linux Race Condition vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix race condition between reset and nvme_dev_disable() nvme_dev_disable() modifies the dev->online_queues field, therefore nvme_pci_update_nr_queues() should avoid racing against it, otherwise we could end up passing invalid values to blk_mq_update_nr_hw_queues(). WARNING: CPU: 39 PID: 61303 at drivers/pci/msi/api.c:347 pci_irq_get_affinity+0x187/0x210 Workqueue: nvme-reset-wq nvme_reset_work [nvme] RIP: 0010:pci_irq_get_affinity+0x187/0x210 Call Trace: <TASK> ? blk_mq_pci_map_queues+0x87/0x3c0 ? pci_irq_get_affinity+0x187/0x210 blk_mq_pci_map_queues+0x87/0x3c0 nvme_pci_map_queues+0x189/0x460 [nvme] blk_mq_update_nr_hw_queues+0x2a/0x40 nvme_reset_work+0x1be/0x2a0 [nvme] Fix the bug by locking the shutdown_lock mutex before using dev->online_queues.

4.7
2024-11-05 CVE-2024-51515 Huawei Race Condition vulnerability in Huawei Harmonyos 5.0.0

Race condition vulnerability in the kernel network module Impact:Successful exploitation of this vulnerability may affect availability.

4.7
2024-11-04 CVE-2024-10748 Cosmote Use of Hard-coded Credentials vulnerability in Cosmote What'S UP 4.47.3

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android.

4.7
2024-11-06 CVE-2024-34674 Samsung Unspecified vulnerability in Samsung Android 12.0/13.0/14.0

Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.

4.6
2024-11-06 CVE-2024-34675 Samsung Unspecified vulnerability in Samsung Android 14.0

Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.

4.6
2024-11-06 CVE-2024-49402 Samsung Unspecified vulnerability in Samsung Android 14.0

Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.

4.6
2024-11-06 CVE-2024-49403 Samsung Unspecified vulnerability in Samsung Voice Recorder

Improper access control in Samsung Voice Recorder prior to version 21.5.40.37 allows physical attackers to access recording files on the lock screen.

4.6
2024-11-06 CVE-2024-49404 Samsung Unspecified vulnerability in Samsung Video Player 7.3.15.30

Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users.

4.6
2024-11-06 CVE-2024-49405 Samsung Unspecified vulnerability in Samsung Pass 4.0.05.1/4.2.03.1/4.3.00.17

Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario.

4.6
2024-11-06 CVE-2024-49407 Samsung Unspecified vulnerability in Samsung Flow

Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles.

4.6
2024-11-04 CVE-2024-10523 TP Link Cleartext Storage of Sensitive Information vulnerability in Tp-Link Tapo H100 Firmware

This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware.

4.6
2024-11-06 CVE-2024-49406 Samsung Improper Validation of Integrity Check Value vulnerability in Samsung Blockchain Keystore 1.3.13.5

Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction.

4.4
2024-11-09 CVE-2024-42000 Mattermost Incorrect Authorization vulnerability in Mattermost Server

Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to /api/v4/channels  which allows a User or System Manager, with "Read Groups" permission but with no access for channels to retrieve details about private channels that they were not a member of by sending a request to /api/v4/channels.

4.3
2024-11-09 CVE-2024-52032 Mattermost Unspecified vulnerability in Mattermost Server

Mattermost versions 10.0.x <= 10.0.0 and 9.11.x <= 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels names of channels that they are not a member of, when Elasticsearch v8 was enabled.

4.3
2024-11-09 CVE-2024-10352 The Magical Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the get_content_type function in includes/widgets/content-reveal.php.
4.3
2024-11-09 CVE-2024-10688 The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included.
4.3
2024-11-09 CVE-2024-10669 The Countdown Timer block – Display the event&#039;s date into a timer.
4.3
2024-11-09 CVE-2024-10770 The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
4.3
2024-11-09 CVE-2024-10693 The SKT Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.3 via the Unfold widget due to insufficient restrictions on which posts can be included.
4.3
2024-11-09 CVE-2024-10588 The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2.
4.3
2024-11-08 CVE-2024-46948 Northern Tech Unspecified vulnerability in Northern.Tech Mender 3.2.0/3.2.1/3.2.2

Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.

4.3
2024-11-06 CVE-2024-10543 Tumult Missing Authorization vulnerability in Tumult Hype Animations

The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14.

4.3
2024-11-05 CVE-2024-10084 The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode.
4.3
2024-11-05 CVE-2023-29116 Enelx Unspecified vulnerability in Enelx Waybox PRO Firmware

Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.

4.3
2024-11-05 CVE-2024-10329 G5Plus Unspecified vulnerability in G5Plus Ultimate Bootstrap Elements for Elementor

The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' function.

4.3
2024-11-05 CVE-2024-10319 Wpxpro Unspecified vulnerability in Wpxpro Xpro Addons for Elementor

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets/content-toggle/layout/frontend.php.

4.3
2024-11-05 CVE-2024-7429 Katieseaborn Missing Authorization vulnerability in Katieseaborn Zotpress

The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12.

4.3
2024-11-05 CVE-2024-9689 Shaon Cross-Site Request Forgery (CSRF) vulnerability in Shaon Post From Frontend

The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack

4.3
2024-11-04 CVE-2024-51665 Wpthemespace Server-Side Request Forgery (SSRF) vulnerability in Wpthemespace Magical Addons for Elementor

Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through 1.2.1.

4.3
2024-11-04 CVE-2024-51560 63Moons Information Exposure Through an Error Message vulnerability in 63Moons Aero and Wave 2.0

This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint.

4.3
2024-11-05 CVE-2024-0134 Nvidia Unspecified vulnerability in Nvidia Container Toolkit and Nvidia GPU Operator

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host.

4.1

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-11-10 CVE-2024-11049 Zkteco Forced Browsing vulnerability in Zkteco Zkbio Time 9.0.1

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1.

3.7
2024-11-06 CVE-2024-10920 Mariazevedo88 Use of Hard-coded Credentials vulnerability in Mariazevedo88 Travels-Java-Api

A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic.

3.7
2024-11-08 CVE-2024-50211 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap() to handle error Refactor inode_bmap() to handle error since udf_next_aext() can return error now.

3.3
2024-11-06 CVE-2024-34677 Samsung Insecure Storage of Sensitive Information vulnerability in Samsung Android 12.0/13.0/14.0

Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.

3.3
2024-11-05 CVE-2024-50092 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: netconsole: fix wrong warning A warning is triggered when there is insufficient space in the buffer for userdata.

3.3
2024-11-06 CVE-2024-34682 Samsung Unspecified vulnerability in Samsung Android 14.0

Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.

2.4