Weekly Vulnerabilities Reports > December 2 to 8, 2024
Overview
315 new vulnerabilities reported during this period, including 47 critical vulnerabilities and 64 high severity vulnerabilities. This weekly summary report vulnerabilities in 499 products from 44 vendors including Google, Linux, Openrobotics, ABB, and IBM. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", "Out-of-bounds Read", and "Use After Free".
- 219 reported vulnerabilities are remotely exploitables.
- 119 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 134 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 39 reported vulnerabilities.
- Openrobotics has the most reported critical vulnerabilities, with 15 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
47 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-12-05 | CVE-2024-51551 | ABB | Use of Hard-coded Credentials vulnerability in ABB products Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 | 10.0 |
2024-12-06 | CVE-2024-46874 | Ruijienetworks | Unspecified vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. | 9.9 |
2024-12-08 | CVE-2024-12344 | TP Link | Out-of-bounds Write vulnerability in Tp-Link Vn020 F3V Firmware 6.2.1021 A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. | 9.8 |
2024-12-06 | CVE-2024-38921 | Openrobotics | Use After Free vulnerability in Openrobotics Robot Operating System 2 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. | 9.8 |
2024-12-06 | CVE-2024-38922 | Openrobotics | Out-of-bounds Write vulnerability in Openrobotics Robot Operating System 2 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. | 9.8 |
2024-12-06 | CVE-2024-38923 | Openrobotics | Use After Free vulnerability in Openrobotics Robot Operating System 2 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. | 9.8 |
2024-12-06 | CVE-2024-38924 | Openrobotics | Use After Free vulnerability in Openrobotics Robot Operating System 2 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. | 9.8 |
2024-12-06 | CVE-2024-38925 | Openrobotics | Use After Free vulnerability in Openrobotics Robot Operating System 2 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. | 9.8 |
2024-12-06 | CVE-2024-38926 | Openrobotics | Use After Free vulnerability in Openrobotics Robot Operating System 2 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. | 9.8 |
2024-12-06 | CVE-2024-38927 | Openrobotics | Use After Free vulnerability in Openrobotics Robot Operating System 2 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. | 9.8 |
2024-12-06 | CVE-2024-41644 | Openrobotics | Improper Preservation of Permissions vulnerability in Openrobotics Robot Operating System 2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. | 9.8 |
2024-12-06 | CVE-2024-41645 | Openrobotics | Improper Preservation of Permissions vulnerability in Openrobotics Robot Operating System 2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. | 9.8 |
2024-12-06 | CVE-2024-41646 | Openrobotics | Improper Preservation of Permissions vulnerability in Openrobotics Robot Operating System 2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. | 9.8 |
2024-12-06 | CVE-2024-41647 | Openrobotics | Unspecified vulnerability in Openrobotics Robot Operating System 2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. | 9.8 |
2024-12-06 | CVE-2024-41648 | Openrobotics | Improper Preservation of Permissions vulnerability in Openrobotics Robot Operating System 2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller. | 9.8 |
2024-12-06 | CVE-2024-41649 | Openrobotics | Improper Preservation of Permissions vulnerability in Openrobotics Robot Operating System 2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. | 9.8 |
2024-12-06 | CVE-2024-41650 | Openrobotics | Improper Preservation of Permissions vulnerability in Openrobotics Robot Operating System 2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. | 9.8 |
2024-12-06 | CVE-2024-44852 | Openrobotics | Release of Invalid Pointer or Reference vulnerability in Openrobotics Robot Operating System 2 Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). | 9.8 |
2024-12-06 | CVE-2024-48874 | Ruijienetworks | Unspecified vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. | 9.8 |
2024-12-06 | CVE-2024-52324 | Ruijienetworks | Unspecified vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands. | 9.8 |
2024-12-06 | CVE-2024-47547 | Ruijienetworks | Unspecified vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks. | 9.8 |
2024-12-06 | CVE-2024-53805 | Wpmailster | Unspecified vulnerability in Wpmailster WP Mailster Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. | 9.8 |
2024-12-06 | CVE-2024-53807 | Wpmailster | SQL Injection vulnerability in Wpmailster WP Mailster Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0. | 9.8 |
2024-12-05 | CVE-2018-9388 | Integer Underflow (Wrap or Wraparound) vulnerability in Google Android In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. | 9.8 | |
2024-12-05 | CVE-2024-12233 | Fabianros | Unrestricted Upload of File with Dangerous Type vulnerability in Fabianros Online Notice Board 1.0 A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. | 9.8 |
2024-12-05 | CVE-2024-12234 | 1000Projects | SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0 A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. | 9.8 |
2024-12-05 | CVE-2024-12231 | Codezips | SQL Injection vulnerability in Codezips Project Management System 1.0 A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. | 9.8 |
2024-12-05 | CVE-2024-12229 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Complaint Management System 1.0 A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. | 9.8 |
2024-12-05 | CVE-2024-12230 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Complaint Management System 1.0 A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 1.0. | 9.8 |
2024-12-05 | CVE-2024-12228 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Complaint Management System 1.0 A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. | 9.8 |
2024-12-05 | CVE-2024-48840 | ABB | Unspecified vulnerability in ABB products Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 9.8 |
2024-12-05 | CVE-2024-48845 | ABB | Unspecified vulnerability in ABB products Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 | 9.8 |
2024-12-05 | CVE-2024-51545 | ABB | Unspecified vulnerability in ABB products Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 9.8 |
2024-12-05 | CVE-2024-51550 | ABB | Unspecified vulnerability in ABB products Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 9.8 |
2024-12-05 | CVE-2024-51554 | ABB | Off-by-one Error vulnerability in ABB products Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 9.8 |
2024-12-05 | CVE-2024-12187 | 1000Projects | SQL Injection vulnerability in 1000Projects Library Management System 1.0 A vulnerability was found in 1000 Projects Library Management System 1.0. | 9.8 |
2024-12-05 | CVE-2024-12188 | 1000Projects | SQL Injection vulnerability in 1000Projects Library Management System 1.0 A vulnerability was found in 1000 Projects Library Management System 1.0. | 9.8 |
2024-12-04 | CVE-2024-54154 | Jetbrains | Path Traversal vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox | 9.8 |
2024-12-03 | CVE-2024-25020 | IBM | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. | 9.8 |
2024-12-03 | CVE-2024-25019 | IBM | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. | 9.8 |
2024-12-03 | CVE-2024-40691 | IBM | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. | 9.8 |
2024-12-03 | CVE-2024-49415 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0 Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. | 9.8 |
2024-12-02 | CVE-2018-9418 | Out-of-bounds Write vulnerability in Google Android In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. | 9.8 | |
2024-12-02 | CVE-2018-9430 | Out-of-bounds Write vulnerability in Google Android In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds check. | 9.8 | |
2024-12-02 | CVE-2024-46909 | Progress | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | 9.8 |
2024-12-05 | CVE-2024-51549 | ABB | Path Traversal vulnerability in ABB products Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 9.4 |
2024-12-05 | CVE-2024-48847 | ABB | Use of a Broken or Risky Cryptographic Algorithm vulnerability in ABB products MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01 | 9.1 |
64 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-12-08 | CVE-2024-12343 | TP Link | Classic Buffer Overflow vulnerability in Tp-Link Vn020 F3V Firmware 6.2.1021 A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. | 8.8 |
2024-12-06 | CVE-2024-53803 | Wpmailster | Missing Authorization vulnerability in Wpmailster WP Mailster Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. | 8.8 |
2024-12-05 | CVE-2024-51548 | ABB | Unspecified vulnerability in ABB products Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 8.8 |
2024-12-04 | CVE-2024-51465 | IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 | |
2024-12-03 | CVE-2024-12053 | Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | 8.8 | |
2024-12-02 | CVE-2018-9413 | Out-of-bounds Write vulnerability in Google Android In handle_notification_response of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. | 8.8 | |
2024-12-02 | CVE-2018-9380 | Out-of-bounds Write vulnerability in Google Android In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input validation. | 8.8 | |
2024-12-02 | CVE-2024-46905 | Progress | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account. | 8.8 |
2024-12-02 | CVE-2024-46906 | Progress | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 8.8 |
2024-12-02 | CVE-2024-46907 | Progress | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 8.8 |
2024-12-02 | CVE-2024-46908 | Progress | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 8.8 |
2024-12-02 | CVE-2024-52479 | Astoundify | Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Jobify Cross-Site Request Forgery (CSRF) vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. | 8.8 |
2024-12-02 | CVE-2024-53751 | Buildapp | Cross-Site Request Forgery (CSRF) vulnerability in Buildapp Build APP Online Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22. | 8.8 |
2024-12-05 | CVE-2024-6515 | ABB | Unspecified vulnerability in ABB products Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 8.1 |
2024-12-07 | CVE-2024-47115 | IBM | OS Command Injection vulnerability in IBM AIX and Vios IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. | 7.8 |
2024-12-06 | CVE-2024-11220 | Openautomationsoftware | Incorrect Permission Assignment for Critical Resource vulnerability in Openautomationsoftware Open Automation Software A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. | 7.8 |
2024-12-06 | CVE-2024-53141 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. | 7.8 |
2024-12-06 | CVE-2024-53142 | Linux | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALGN(4) + data ... 55 ============= ================== ========================= 56 Field name Field size Meaning 57 ============= ================== ========================= ... 70 c_namesize 8 bytes Length of filename, including final \0 When extracting an initramfs cpio archive, the kernel's do_name() path handler assumes a zero-terminated path at @collected, passing it directly to filp_open() / init_mkdir() / init_mknod(). If a specially crafted cpio entry carries a non-zero-terminated filename and is followed by uninitialized memory, then a file may be created with trailing characters that represent the uninitialized memory. | 7.8 |
2024-12-05 | CVE-2024-30961 | Openrobotics | Unspecified vulnerability in Openrobotics Robot Operating System 2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. | 7.8 |
2024-12-05 | CVE-2024-30962 | Openrobotics | Classic Buffer Overflow vulnerability in Openrobotics Robot Operating System 2 Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process | 7.8 |
2024-12-05 | CVE-2024-11156 | Rockwellautomation | Out-of-bounds Write vulnerability in Rockwellautomation Arena An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. | 7.8 |
2024-12-05 | CVE-2024-12130 | Rockwellautomation | Out-of-bounds Read vulnerability in Rockwellautomation Arena An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. | 7.8 |
2024-12-05 | CVE-2018-9402 | Out-of-bounds Write vulnerability in Google Android In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. | 7.8 | |
2024-12-05 | CVE-2024-12185 | Code Projects | Out-of-bounds Write vulnerability in Code-Projects Hotel Management System 1.0 A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. | 7.8 |
2024-12-05 | CVE-2024-12186 | Code Projects | Out-of-bounds Write vulnerability in Code-Projects Hotel Management System 1.0 A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. | 7.8 |
2024-12-04 | CVE-2024-53126 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: vdpa: solidrun: Fix UB bug with devres In psnet_open_pf_bar() and snet_open_vf_bar() a string later passed to pcim_iomap_regions() is placed on the stack. | 7.8 |
2024-12-04 | CVE-2024-53133 | Linux | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle dml allocation failure to avoid crash [Why] In the case where a dml allocation fails for any reason, the current state's dml contexts would no longer be valid. | 7.8 |
2024-12-04 | CVE-2024-53139 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctp_v6_available() A lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints that sctp_v6_available() is calling dev_get_by_index_rcu() and ipv6_chk_addr() without holding rcu. [1] ============================= WARNING: suspicious RCU usage 6.12.0-rc5-virtme #1216 Tainted: G W ----------------------------- net/core/dev.c:876 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by sctp_hello/31495: #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp stack backtrace: CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216 Tainted: [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:123) lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822) dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7)) sctp_v6_available (net/sctp/ipv6.c:701) sctp sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp sctp_bind (net/sctp/socket.c:320) sctp inet6_bind_sk (net/ipv6/af_inet6.c:465) ? security_socket_bind (security/security.c:4581 (discriminator 1)) __sys_bind (net/socket.c:1848 net/socket.c:1869) ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13)) __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1)) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) RIP: 0033:0x7f59b934a1e7 Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48 All code ======== 0: 44 00 00 add %r8b,(%rax) 3: 48 8b 15 39 8c 0c 00 mov 0xc8c39(%rip),%rdx # 0xc8c43 a: f7 d8 neg %eax c: 64 89 02 mov %eax,%fs:(%rdx) f: b8 ff ff ff ff mov $0xffffffff,%eax 14: eb bd jmp 0xffffffffffffffd3 16: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 1d: 00 00 00 20: 0f 1f 00 nopl (%rax) 23: b8 31 00 00 00 mov $0x31,%eax 28: 0f 05 syscall 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 ret 33: 48 8b 0d 09 8c 0c 00 mov 0xc8c09(%rip),%rcx # 0xc8c43 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax 6: 73 01 jae 0x9 8: c3 ret 9: 48 8b 0d 09 8c 0c 00 mov 0xc8c09(%rip),%rcx # 0xc8c19 10: f7 d8 neg %eax 12: 64 89 01 mov %eax,%fs:(%rcx) 15: 48 rex.W RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7 RDX: 000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005 RBP: 0000000000000005 R08: 1999999999999999 R09: 0000000000000000 R10: 00007f59b9253298 R11: 000000000000 ---truncated--- | 7.8 |
2024-12-03 | CVE-2024-10074 | Openatom | Unspecified vulnerability in Openatom Openharmony in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free. | 7.8 |
2024-12-03 | CVE-2024-47476 | Dell | Unspecified vulnerability in Dell Networker Management Console 8.0.22 Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. | 7.8 |
2024-12-03 | CVE-2024-49410 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0 Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. | 7.8 |
2024-12-03 | CVE-2024-49413 | Samsung | Improper Verification of Cryptographic Signature vulnerability in Samsung Android 13.0/14.0 Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications. | 7.8 |
2024-12-02 | CVE-2018-9431 | Unspecified vulnerability in Google Android 8.0/8.1 In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due to improper input validation. | 7.8 | |
2024-12-02 | CVE-2018-9414 | Out-of-bounds Write vulnerability in Google Android In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. | 7.8 | |
2024-12-02 | CVE-2024-33044 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption while Configuring the SMR/S2CR register in Bypass mode. | 7.8 |
2024-12-02 | CVE-2024-33056 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Memory corruption when allocating and accessing an entry in an SMEM partition continuously. | 7.8 |
2024-12-02 | CVE-2024-43048 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption when invalid input is passed to invoke GPU Headroom API call. | 7.8 |
2024-12-02 | CVE-2024-43050 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver. | 7.8 |
2024-12-02 | CVE-2024-43052 | Qualcomm | Unspecified vulnerability in Qualcomm products Memory corruption while processing API calls to NPU with invalid input. | 7.8 |
2024-12-02 | CVE-2024-53103 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL. | 7.8 |
2024-12-02 | CVE-2024-53104 | Linux | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming. | 7.8 |
2024-12-06 | CVE-2024-44853 | Openrobotics | NULL Pointer Dereference vulnerability in Openrobotics Robot Operating System 2 Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl(). | 7.5 |
2024-12-06 | CVE-2024-44854 | Openrobotics | NULL Pointer Dereference vulnerability in Openrobotics Robot Operating System 2 Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan(). | 7.5 |
2024-12-06 | CVE-2024-44855 | Openrobotics | NULL Pointer Dereference vulnerability in Openrobotics Robot Operating System 2 Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner(). | 7.5 |
2024-12-06 | CVE-2024-44856 | Openrobotics | NULL Pointer Dereference vulnerability in Openrobotics Robot Operating System 2 Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner(). | 7.5 |
2024-12-06 | CVE-2024-45722 | Ruijienetworks | Unspecified vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials. | 7.5 |
2024-12-06 | CVE-2024-42494 | Ruijienetworks | Privacy Violation vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services | 7.5 |
2024-12-06 | CVE-2024-51727 | Ruijienetworks | Premature Release of Resource During Expected Lifetime vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account. | 7.5 |
2024-12-06 | CVE-2024-53804 | Wpmailster | Unspecified vulnerability in Wpmailster WP Mailster Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0. | 7.5 |
2024-12-06 | CVE-2024-11728 | Iqonic | Unspecified vulnerability in Iqonic Kivicare The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
2024-12-05 | CVE-2024-48843 | ABB | SQL Injection vulnerability in ABB products Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 7.5 |
2024-12-05 | CVE-2024-51541 | ABB | Unspecified vulnerability in ABB products Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 7.5 |
2024-12-05 | CVE-2024-51543 | ABB | Unspecified vulnerability in ABB products Information Disclosure vulnerabilities allow access to application configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 7.5 |
2024-12-03 | CVE-2024-41775 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2024-12-03 | CVE-2024-41777 | IBM | Use of Hard-coded Credentials vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
2024-12-03 | CVE-2024-42422 | Dell | Unspecified vulnerability in Dell Networker Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. | 7.5 |
2024-12-02 | CVE-2018-9426 | Insufficient Entropy vulnerability in Google Android In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. | 7.5 | |
2024-12-02 | CVE-2018-9381 | Use of Uninitialized Resource vulnerability in Google Android 8.1 In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. | 7.5 | |
2024-12-02 | CVE-2024-33063 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present. | 7.5 |
2024-12-02 | CVE-2024-20129 | Out-of-bounds Read vulnerability in Google Android 13.0/14.0/15.0 In Telephony, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2024-12-05 | CVE-2024-48846 | ABB | Unspecified vulnerability in ABB products Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 7.3 |
2024-12-06 | CVE-2024-53808 | Basixonline | SQL Injection vulnerability in Basixonline Nex-Forms Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8. | 7.2 |
2024-12-02 | CVE-2024-53108 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust VSDB parser for replay feature At some point, the IEEE ID identification for the replay check in the AMD EDID was added. | 7.1 |
2024-12-02 | CVE-2024-33040 | Qualcomm | Unspecified vulnerability in Qualcomm products Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access. | 7.0 |
202 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-12-07 | CVE-2024-8679 | The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.8 | |
2024-12-05 | CVE-2018-9386 | Out-of-bounds Write vulnerability in Google Android In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. | 6.7 | |
2024-12-05 | CVE-2018-9390 | Out-of-bounds Read vulnerability in Google Android In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. | 6.7 | |
2024-12-05 | CVE-2018-9391 | Out-of-bounds Write vulnerability in Google Android In update_gps_sv and output_vzw_debug of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor ker.c, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2024-12-05 | CVE-2017-13308 | Classic Buffer Overflow vulnerability in Google Android In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. | 6.7 | |
2024-12-05 | CVE-2018-9397 | Out-of-bounds Write vulnerability in Google Android In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB write due to a missing bounds check. | 6.7 | |
2024-12-05 | CVE-2018-9398 | Out-of-bounds Write vulnerability in Google Android In fm_set_stat of mediatek FM radio driver, there is a possible OOB write due to improper input validation. | 6.7 | |
2024-12-05 | CVE-2018-9399 | Out-of-bounds Write vulnerability in Google Android In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. | 6.7 | |
2024-12-05 | CVE-2018-9400 | Out-of-bounds Write vulnerability in Google Android In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touchscreen/mediatek/GT1151/gt1x_generic.c and gt1x_tools.c, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2024-12-05 | CVE-2018-9403 | Out-of-bounds Write vulnerability in Google Android In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possible stack buffer overflow due to a missing bounds check. | 6.7 | |
2024-12-05 | CVE-2018-9404 | Integer Overflow or Wraparound vulnerability in Google Android In oemCallback of ril.cpp, there is a possible out of bounds write due to an integer overflow. | 6.7 | |
2024-12-05 | CVE-2018-9416 | Out-of-bounds Write vulnerability in Google Android In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause. | 6.7 | |
2024-12-05 | CVE-2018-9439 | Use After Free vulnerability in Google Android In __unregister_prot_hook and packet_release of af_packet.c, there is a possible use-after-free due to improper locking. | 6.7 | |
2024-12-05 | CVE-2018-9462 | Out-of-bounds Write vulnerability in Google Android In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to an incorrect bounds check. | 6.7 | |
2024-12-05 | CVE-2018-9463 | Out-of-bounds Write vulnerability in Google Android In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible out of bounds write due to an incorrect bounds check. | 6.7 | |
2024-12-04 | CVE-2018-9396 | Out-of-bounds Write vulnerability in Google Android In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. | 6.7 | |
2024-12-04 | CVE-2018-9392 | Out-of-bounds Write vulnerability in Google Android In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2024-12-04 | CVE-2018-9393 | Out-of-bounds Write vulnerability in Google Android In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. | 6.7 | |
2024-12-04 | CVE-2018-9394 | Out-of-bounds Write vulnerability in Google Android In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. | 6.7 | |
2024-12-04 | CVE-2018-9395 | Out-of-bounds Write vulnerability in Google Android In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. | 6.7 | |
2024-12-02 | CVE-2018-9376 | Out-of-bounds Write vulnerability in Google Android In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. | 6.7 | |
2024-12-02 | CVE-2024-33036 | Qualcomm | Use of Out-of-range Pointer Offset vulnerability in Qualcomm products Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. | 6.7 |
2024-12-02 | CVE-2024-33039 | Qualcomm | Untrusted Pointer Dereference vulnerability in Qualcomm products Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service. | 6.7 |
2024-12-02 | CVE-2024-33053 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory corruption when multiple threads try to unregister the CVP buffer at the same time. | 6.7 |
2024-12-07 | CVE-2024-41762 | IBM | Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | 6.5 |
2024-12-06 | CVE-2024-47146 | Ruijienetworks | Resource Leak vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. | 6.5 |
2024-12-06 | CVE-2024-11729 | Iqonic | SQL Injection vulnerability in Iqonic Kivicare The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
2024-12-06 | CVE-2024-11730 | Iqonic | SQL Injection vulnerability in Iqonic Kivicare The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of the static_data_list AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
2024-12-05 | CVE-2024-48844 | ABB | Unspecified vulnerability in ABB products Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 6.5 |
2024-12-04 | CVE-2024-53135 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. | 6.5 |
2024-12-04 | CVE-2024-54153 | Jetbrains | Missing Authentication for Critical Function vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | 6.5 |
2024-12-04 | CVE-2024-54156 | Jetbrains | Unspecified vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack | 6.5 |
2024-12-04 | CVE-2024-54157 | Jetbrains | Unspecified vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector | 6.5 |
2024-12-03 | CVE-2024-41776 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2024-12-03 | CVE-2024-11732 | The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tab’ parameter in all versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 | |
2024-12-02 | CVE-2018-9423 | Out-of-bounds Read vulnerability in Google Android In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read due to missing bounds check. | 6.5 | |
2024-12-02 | CVE-2018-9429 | Use of Uninitialized Resource vulnerability in Google Android 8.1 In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. | 6.5 | |
2024-12-07 | CVE-2024-47107 | IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. | 6.4 | |
2024-12-07 | CVE-2024-11380 | The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-07 | CVE-2024-11451 | The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zooom' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-07 | CVE-2024-11904 | The ???? ??? plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msntt_add_plus_talk' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-06 | CVE-2024-4633 | The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-12-06 | CVE-2024-10320 | The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-06 | CVE-2024-10849 | The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-12-06 | CVE-2024-11339 | The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-06 | CVE-2024-11352 | The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twentytwenty' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-06 | CVE-2024-11450 | The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-06 | CVE-2024-11201 | The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_send shortcode in all versions up to, and including, 2.7.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-05 | CVE-2024-10056 | The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-05 | CVE-2024-10848 | The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-12-05 | CVE-2024-11779 | The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wip_woocarousel_products_carousel' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-05 | CVE-2024-10178 | The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-05 | CVE-2024-10881 | The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-04 | CVE-2024-11935 | The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-12-04 | CVE-2024-11854 | The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-12-04 | CVE-2024-11880 | The B Testimonial – testimonial plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'b_testimonial' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-04 | CVE-2024-5020 | Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-04 | CVE-2024-11769 | The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-04 | CVE-2024-11903 | The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ecard' shortcode in all versions up to, and including, 1.3.904 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-04 | CVE-2024-10885 | The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-04 | CVE-2024-11747 | The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'somryv' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-04 | CVE-2024-11897 | The Contact Form, Survey & Form Builder – MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mightyforms' shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-03 | CVE-2024-11866 | The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_tabbed_map' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-03 | CVE-2024-11453 | The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_pin_widget' shortcode in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-03 | CVE-2024-11853 | The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ar’ parameter in all versions up to, and including, 2.0.15 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-12-03 | CVE-2024-11898 | The Scratch & Win – Giveaways and Contests. | 6.4 | |
2024-12-03 | CVE-2024-9694 | The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-12-06 | CVE-2024-10681 | The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. | 6.3 | |
2024-12-06 | CVE-2024-10909 | The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. | 6.3 | |
2024-12-07 | CVE-2024-11457 | The Feedpress Generator – External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-07 | CVE-2024-11464 | The Easy Code Snippets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-07 | CVE-2024-11367 | The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. | 6.1 | |
2024-12-07 | CVE-2024-11374 | The TWChat – Send or receive messages from users plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.4. | 6.1 | |
2024-12-07 | CVE-2024-12128 | The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘monthly_sales_current_year’ parameter in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-07 | CVE-2024-10046 | The ?????? ????? ??????? Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.5. | 6.1 | |
2024-12-07 | CVE-2024-11329 | The Comfino Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.1. | 6.1 | |
2024-12-07 | CVE-2024-11436 | The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-07 | CVE-2024-11943 | The ????? ?? ???? – ???? ?? ???? plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.2.2. | 6.1 | |
2024-12-07 | CVE-2024-12165 | The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-07 | CVE-2024-12166 | The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-07 | CVE-2024-12167 | The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-07 | CVE-2024-12257 | The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-06 | CVE-2024-55268 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Covid 19 Testing Management System 1.0 A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter. | 6.1 |
2024-12-06 | CVE-2024-10879 | Ultimatemember | Cross-site Scripting vulnerability in Ultimatemember Forumwp The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. | 6.1 |
2024-12-06 | CVE-2024-11204 | Ultimatemember | Cross-site Scripting vulnerability in Ultimatemember Forumwp The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-06 | CVE-2024-11276 | The PDF Builder for WooCommerce. | 6.1 | |
2024-12-06 | CVE-2024-11336 | The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. | 6.1 | |
2024-12-06 | CVE-2024-11368 | The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.6. | 6.1 | |
2024-12-06 | CVE-2024-11687 | The Next-Cart Store to WooCommerce Migration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-06 | CVE-2024-11823 | The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.1 | |
2024-12-06 | CVE-2024-12003 | The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. | 6.1 | |
2024-12-06 | CVE-2024-12060 | The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpmowebp-css-resources’ and 'wpmowebp-js-resources' parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-06 | CVE-2024-11379 | The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'do_check' parameter in all versions up to, and including, 51.01 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-06 | CVE-2024-10836 | The Flixita theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.82 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-05 | CVE-2024-12232 | Code Projects | Cross-site Scripting vulnerability in Code-Projects Simple Crud Functionality 1.0 A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. | 6.1 |
2024-12-05 | CVE-2024-6516 | ABB | Unspecified vulnerability in ABB products Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 6.1 |
2024-12-05 | CVE-2024-11324 | The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.6. | 6.1 | |
2024-12-04 | CVE-2024-11814 | The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_fallback_status parameters in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-04 | CVE-2023-6978 | The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-04 | CVE-2024-11466 | The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-04 | CVE-2024-10832 | The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. | 6.1 | |
2024-12-04 | CVE-2024-11807 | The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-04 | CVE-2024-11813 | The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. | 6.1 | |
2024-12-03 | CVE-2024-11200 | The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘font-family’ parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-03 | CVE-2024-11326 | The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. | 6.1 | |
2024-12-03 | CVE-2024-11461 | The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-03 | CVE-2024-11707 | The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.6.17 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-03 | CVE-2024-11805 | The Quick License Manager – WooCommerce Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'submit_qlm_products' parameter in all versions up to, and including, 2.4.17 due to insufficient input sanitization and output escaping. | 6.1 | |
2024-12-02 | CVE-2024-33037 | Qualcomm | Buffer Over-read vulnerability in Qualcomm products Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. | 6.1 |
2024-12-03 | CVE-2021-29892 | IBM | Cleartext Transmission of Sensitive Information vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
2024-12-05 | CVE-2024-54001 | Kanboard | Cross-site Scripting vulnerability in Kanboard 1.2.40 Kanboard is project management software that focuses on the Kanban methodology. | 5.5 |
2024-12-05 | CVE-2018-9407 | Unspecified vulnerability in Google Android In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. | 5.5 | |
2024-12-04 | CVE-2024-53127 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf ("mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K") increased the max_req_size, even for 4K pages, causing various issues: - Panic booting the kernel/rootfs from an SD card on Rockchip RK3566 - Panic booting the kernel/rootfs from an SD card on StarFive JH7100 - "swiotlb buffer is full" and data corruption on StarFive JH7110 At this stage no fix have been found, so it's probably better to just revert the change. This reverts commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890. | 5.5 |
2024-12-04 | CVE-2024-53128 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers When CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, the object_is_on_stack() function may produce incorrect results due to the presence of tags in the obj pointer, while the stack pointer does not have tags. | 5.5 |
2024-12-04 | CVE-2024-53129 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The 'state' can't be NULL, we should check crtc_state. Fix warning: drivers/gpu/drm/rockchip/rockchip_drm_vop.c:1096 vop_plane_atomic_async_check() warn: variable dereferenced before check 'state' (see line 1077) | 5.5 |
2024-12-04 | CVE-2024-53130 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint When using the "block:block_dirty_buffer" tracepoint, mark_buffer_dirty() may cause a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because, since the tracepoint was added in mark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, nilfs_grab_buffer(), which grabs a buffer to read (or create) a block of metadata, including b-tree node blocks, does not set the block device, but instead does so only if the buffer is not in the "uptodate" state for each of its caller block reading functions. | 5.5 |
2024-12-04 | CVE-2024-53131 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints". This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints. This patch (of 2): It has been reported that when using "block:block_touch_buffer" tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because since the tracepoint was added in touch_buffer(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. | 5.5 |
2024-12-04 | CVE-2024-53132 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix "Missing outer runtime PM protection" warning Fix the following drm_WARN: [953.586396] xe 0000:00:02.0: [drm] Missing outer runtime PM protection ... <4> [953.587090] ? xe_pm_runtime_get_noresume+0x8d/0xa0 [xe] <4> [953.587208] guc_exec_queue_add_msg+0x28/0x130 [xe] <4> [953.587319] guc_exec_queue_fini+0x3a/0x40 [xe] <4> [953.587425] xe_exec_queue_destroy+0xb3/0xf0 [xe] <4> [953.587515] xe_oa_release+0x9c/0xc0 [xe] (cherry picked from commit b107c63d2953907908fd0cafb0e543b3c3167b75) | 5.5 |
2024-12-04 | CVE-2024-53134 | Linux | Always-Incorrect Control Flow Implementation vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx93-blk-ctrl: correct remove path The check condition should be 'i < bc->onecell_data.num_domains', not 'bc->onecell_data.num_domains' which will make the look never finish and cause kernel panic. Also disable runtime to address "imx93-blk-ctrl 4ac10000.system-controller: Unbalanced pm_runtime_enable!" | 5.5 |
2024-12-04 | CVE-2024-53137 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ARM: fix cacheflush with PAN It seems that the cacheflush syscall got broken when PAN for LPAE was implemented. | 5.5 |
2024-12-04 | CVE-2024-53138 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of get_page() and page_ref_inc() APIs to increment the page reference. | 5.5 |
2024-12-04 | CVE-2024-53140 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. | 5.5 |
2024-12-04 | CVE-2024-11093 | The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. | 5.5 | |
2024-12-03 | CVE-2024-12082 | Openatom | Insecure Storage of Sensitive Information vulnerability in Openatom Openharmony in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 5.5 |
2024-12-03 | CVE-2024-9978 | Openatom | Out-of-bounds Read vulnerability in Openatom Openharmony in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 5.5 |
2024-12-03 | CVE-2018-9441 | Out-of-bounds Read vulnerability in Google Android In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. | 5.5 | |
2024-12-03 | CVE-2018-9449 | Out-of-bounds Read vulnerability in Google Android In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. | 5.5 | |
2024-12-02 | CVE-2018-9435 | Out-of-bounds Read vulnerability in Google Android In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. | 5.5 | |
2024-12-02 | CVE-2024-53107 | Linux | Integer Overflow or Wraparound vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args() The "arg->vec_len" variable is a u64 that comes from the user at the start of the function. | 5.5 |
2024-12-02 | CVE-2024-53109 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nommu: pass NULL argument to vma_iter_prealloc() When deleting a vma entry from a maple tree, it has to pass NULL to vma_iter_prealloc() in order to calculate internal state of the tree, but it passed a wrong argument. | 5.5 |
2024-12-02 | CVE-2024-53110 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and visit undefined memory. | 5.5 |
2024-12-02 | CVE-2024-53111 | Linux | Integer Overflow or Wraparound vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix address wraparound in move_page_tables() On 32-bit platforms, it is possible for the expression `len + old_addr < old_end` to be false-positive if `len + old_addr` wraps around. | 5.5 |
2024-12-02 | CVE-2024-53112 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? __pfx_do_error_trap+0x10/0x10 ? handle_invalid_op+0x34/0x40 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160 ? ocfs2_set_new_buffer_uptodate+0x144/0x160 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ocfs2_group_add+0x39f/0x15a0 ? __pfx_ocfs2_group_add+0x10/0x10 ? __pfx_lock_acquire+0x10/0x10 ? mnt_get_write_access+0x68/0x2b0 ? __pfx_lock_release+0x10/0x10 ? rcu_read_lock_any_held+0xb7/0x160 ? __pfx_rcu_read_lock_any_held+0x10/0x10 ? smack_log+0x123/0x540 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x226/0x2b0 ocfs2_ioctl+0x65e/0x7d0 ? __pfx_ocfs2_ioctl+0x10/0x10 ? smack_file_ioctl+0x29e/0x3a0 ? __pfx_smack_file_ioctl+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? __pfx_ocfs2_ioctl+0x10/0x10 __se_sys_ioctl+0xfb/0x170 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK> When 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular inode in 'ocfs2_verify_group_and_input()', corresponding buffer head remains cached and subsequent call to the same 'ioctl()' for the same inode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying to cache the same buffer head of that inode). | 5.5 |
2024-12-02 | CVE-2024-53113 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is migrated between cpusets. When cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be ¤t->mems_allowed. | 5.5 |
2024-12-02 | CVE-2024-53114 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client A number of Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE, but using these instructions is reported to be a cause of a random host reboot. These instructions aren't intended to be advertised on Zen4 client so clear the capability. | 5.5 |
2024-12-02 | CVE-2024-53115 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle The 'vmw_user_object_buffer' function may return NULL with incorrect inputs. | 5.5 |
2024-12-02 | CVE-2024-53116 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnings. Panthor didn't correctly handle the case where the partial mapping spanned multiple scatterlists and the mapping offset didn't point to the 1st page of starting scatterlist. | 5.5 |
2024-12-02 | CVE-2024-53117 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Improve MSG_ZEROCOPY error handling Add a missing kfree_skb() to prevent memory leaks. | 5.5 |
2024-12-02 | CVE-2024-53118 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: vsock: Fix sk_error_queue memory leak Kernel queues MSG_ZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recv()ed. | 5.5 |
2024-12-02 | CVE-2024-53119 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix accept_queue memory leak As the final stages of socket destruction may be delayed, it is possible that virtio_transport_recv_listen() will be called after the accept_queue has been flushed, but before the SOCK_DONE flag has been set. | 5.5 |
2024-12-02 | CVE-2024-53120 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninitiated. | 5.5 |
2024-12-02 | CVE-2024-53121 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and unlock the FTE. - Lock the parent flow group, delete the software copy of the FTE, and remove it from the xarray. However, this approach encounters a race condition if a rule with the same match value is added simultaneously. | 5.5 |
2024-12-02 | CVE-2024-53122 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. | 5.5 |
2024-12-02 | CVE-2024-53123 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero splat in the MPTCP protocol: Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted 6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163 Code: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8 0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 <f7> 7c 24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89 RSP: 0018:ffffc900041f7930 EFLAGS: 00010293 RAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b RDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004 RBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67 R10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80 R13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000 FS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493 mptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline] mptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289 inet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885 sock_recvmsg_nosec net/socket.c:1051 [inline] sock_recvmsg+0x1b2/0x250 net/socket.c:1073 __sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265 __do_sys_recvfrom net/socket.c:2283 [inline] __se_sys_recvfrom net/socket.c:2279 [inline] __x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7feb5d857559 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d RAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559 RDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000 R10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c R13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef and provided a nice reproducer. The root cause is the current bad handling of racing disconnect. After the blamed commit below, sk_wait_data() can return (with error) with the underlying socket disconnected and a zero rcv_mss. Catch the error and return without performing any additional operations on the current socket. | 5.5 |
2024-12-07 | CVE-2024-12253 | The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. | 5.4 | |
2024-12-06 | CVE-2024-11321 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS.This issue affects Learning Management System (LMS): before 06.12.2024. | 5.4 | |
2024-12-06 | CVE-2024-53796 | Themesflat | Cross-site Scripting vulnerability in Themesflat Addons for Elementor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.2. | 5.4 |
2024-12-06 | CVE-2024-53797 | Fastlinemedia | Cross-site Scripting vulnerability in Fastlinemedia Beaver Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.4.3. | 5.4 |
2024-12-06 | CVE-2024-53801 | Bold Themes | Cross-site Scripting vulnerability in Bold-Themes Bold Page Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.2.1. | 5.4 |
2024-12-06 | CVE-2024-53802 | Futuriowp | Cross-site Scripting vulnerability in Futuriowp Futurio Extra Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.14. | 5.4 |
2024-12-06 | CVE-2024-53823 | Posimyth | Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.14. | 5.4 |
2024-12-06 | CVE-2024-54212 | Wpthemespace | Cross-site Scripting vulnerability in Wpthemespace Magical Addons for Elementor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.2.6. | 5.4 |
2024-12-06 | CVE-2024-9866 | The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorization on the functionality to manage tickets. | 5.4 | |
2024-12-06 | CVE-2024-9872 | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_user_data_callback() function in all versions up to, and including, 4.5.1. | 5.4 | |
2024-12-05 | CVE-2024-11420 | Creativethemes | Cross-site Scripting vulnerability in Creativethemes Blocksy The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. | 5.4 |
2024-12-04 | CVE-2024-12182 | Dedecms | Cross-site Scripting vulnerability in Dedecms A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. | 5.4 |
2024-12-04 | CVE-2024-12183 | Dedecms | Cross-site Scripting vulnerability in Dedecms A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. | 5.4 |
2024-12-04 | CVE-2024-12180 | Dedecms | Cross-site Scripting vulnerability in Dedecms A vulnerability classified as problematic has been found in DedeCMS 5.7.116. | 5.4 |
2024-12-04 | CVE-2024-12181 | Dedecms | Cross-site Scripting vulnerability in Dedecms A vulnerability classified as problematic was found in DedeCMS 5.7.116. | 5.4 |
2024-12-04 | CVE-2024-8962 | Wpbits | Cross-site Scripting vulnerability in Wpbits Addons for Elementor Page Builder The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. | 5.4 |
2024-12-03 | CVE-2024-11782 | Wpmailster | Cross-site Scripting vulnerability in Wpmailster WP Mailster The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-12-03 | CVE-2024-9058 | Bdthemes | Cross-site Scripting vulnerability in Bdthemes Element Pack The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping. | 5.4 |
2024-12-03 | CVE-2024-10484 | Brainstormforce | Cross-site Scripting vulnerability in Brainstormforce Spectra The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-12-02 | CVE-2024-52478 | Astoundify | Cross-site Scripting vulnerability in Astoundify Jobify Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Stored XSS.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. | 5.4 |
2024-12-07 | CVE-2024-37071 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. | 5.3 | |
2024-12-06 | CVE-2024-47791 | Ruijienetworks | Unspecified vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices. | 5.3 |
2024-12-06 | CVE-2024-47043 | Ruijienetworks | Unspecified vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address. | 5.3 |
2024-12-06 | CVE-2024-11738 | A flaw was found in Rustls 0.23.13 and related APIs. | 5.3 | |
2024-12-04 | CVE-2024-54155 | Jetbrains | Missing Authentication for Critical Function vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | 5.3 |
2024-12-04 | CVE-2024-54158 | Jetbrains | Authentication Bypass by Spoofing vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding | 5.3 |
2024-12-03 | CVE-2024-25035 | IBM | Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks. | 5.3 |
2024-12-02 | CVE-2024-8785 | Progress | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. | 5.3 |
2024-12-03 | CVE-2024-11325 | The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. | 5.2 | |
2024-12-03 | CVE-2024-9197 | Zyxel | Classic Buffer Overflow vulnerability in Zyxel products A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled. | 4.9 |
2024-12-06 | CVE-2024-48703 | Anujk305 | Cross-site Scripting vulnerability in Anujk305 Medical Card Generation System 1.0 PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter. | 4.8 |
2024-12-05 | CVE-2024-10716 | Pega | Cross-site Scripting vulnerability in Pega Infinity Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. | 4.8 |
2024-12-04 | CVE-2024-45717 | Solarwinds | Cross-site Scripting vulnerability in Solarwinds Platform The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. | 4.8 |
2024-12-04 | CVE-2024-53136 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mm: revert "mm: shmem: fix data-race in shmem_getattr()" Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as suggested by Chuck [1]. | 4.7 |
2024-12-02 | CVE-2024-53124 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:inet_sock_destruct+0x1c5/0x1e0 Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 <0f> 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00 RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206 RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007 RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00 RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007 R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00 R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __warn+0x88/0x130 ? inet_sock_destruct+0x1c5/0x1e0 ? report_bug+0x18e/0x1a0 ? handle_bug+0x53/0x90 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? inet_sock_destruct+0x1c5/0x1e0 __sk_destruct+0x2a/0x200 rcu_do_batch+0x1aa/0x530 ? rcu_do_batch+0x13b/0x530 rcu_core+0x159/0x2f0 handle_softirqs+0xd3/0x2b0 ? __pfx_smpboot_thread_fn+0x10/0x10 run_ksoftirqd+0x25/0x30 smpboot_thread_fn+0xdd/0x1d0 kthread+0xd3/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> ---[ end trace 0000000000000000 ]--- Its possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add() concurrently when sk->sk_state == TCP_LISTEN with sk->sk_lock unlocked, which triggers a data-race around sk->sk_forward_alloc: tcp_v6_rcv tcp_v6_do_rcv skb_clone_and_charge_r sk_rmem_schedule __sk_mem_schedule sk_forward_alloc_add() skb_set_owner_r sk_mem_charge sk_forward_alloc_add() __kfree_skb skb_release_all skb_release_head_state sock_rfree sk_mem_uncharge sk_forward_alloc_add() sk_mem_reclaim // set local var reclaimable __sk_mem_reclaim sk_forward_alloc_add() In this syzkaller testcase, two threads call tcp_v6_do_rcv() with skb->truesize=768, the sk_forward_alloc changes like this: (cpu 1) | (cpu 2) | sk_forward_alloc ... | 4.7 |
2024-12-03 | CVE-2024-49411 | Samsung | Path Traversal vulnerability in Samsung Android 12.0/13.0 Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. | 4.6 |
2024-12-06 | CVE-2024-9769 | The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. | 4.4 | |
2024-12-05 | CVE-2018-9408 | Out-of-bounds Read vulnerability in Google Android In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of Bounds Read due to a missing bounds check. | 4.4 | |
2024-12-07 | CVE-2024-11353 | The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. | 4.3 | |
2024-12-07 | CVE-2024-12026 | The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. | 4.3 | |
2024-12-07 | CVE-2024-12115 | The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. | 4.3 | |
2024-12-06 | CVE-2024-10689 | The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the 'XLTAB_INSERT_TPL' shortcode due to insufficient restrictions on which posts can be included. | 4.3 | |
2024-12-06 | CVE-2024-10692 | The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. | 4.3 | |
2024-12-06 | CVE-2024-11444 | The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. | 4.3 | |
2024-12-06 | CVE-2024-12027 | The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. | 4.3 | |
2024-12-06 | CVE-2024-12110 | The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. | 4.3 | |
2024-12-06 | CVE-2024-9705 | The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsm_update_template_name_lite' function in all versions up to, and including, 1.0.9. | 4.3 | |
2024-12-05 | CVE-2024-10777 | The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. | 4.3 | |
2024-12-05 | CVE-2024-11341 | The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. | 4.3 | |
2024-12-04 | CVE-2024-10787 | The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 | |
2024-12-04 | CVE-2024-10664 | The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.16.3.3. | 4.3 | |
2024-12-04 | CVE-2023-52943 | Synology | Incorrect Authorization vulnerability in Synology Surveillance Station Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors. | 4.3 |
2024-12-04 | CVE-2023-52944 | Synology | Incorrect Authorization vulnerability in Synology Surveillance Station Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors. | 4.3 |
2024-12-04 | CVE-2024-12099 | The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 | |
2024-12-04 | CVE-2024-10663 | The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. | 4.3 | |
2024-12-03 | CVE-2024-45676 | IBM | Insufficient Type Distinction vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction. | 4.3 |
2024-12-03 | CVE-2024-12062 | Nicheaddons | Authorization Bypass Through User-Controlled Key vulnerability in Nicheaddons Charity Addon for Elementor The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
2024-12-03 | CVE-2024-11844 | The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-12-03 | CVE-2024-25036 | IBM | Authentication Bypass Using an Alternate Path or Channel vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields. | 3.3 |
2024-12-03 | CVE-2024-49414 | Samsung | Unspecified vulnerability in Samsung Android 12.0/13.0 Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. | 2.4 |